Solved

active directory 2003 organizational units

Posted on 2011-03-15
6
331 Views
Last Modified: 2012-05-11
i have an active directory domain - with windows 2003 servers. i have a few organizational units with different group policies. now i need to have everyone go through my squid proxy server. i want the laptop users to use the proxy in the domain, but not when they are traveling. is there a way to do this?
0
Comment
Question by:JeffBeall
  • 3
  • 2
6 Comments
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
Not really.  You can set a top level GPO to set your proxy server for all your OUs easily enough.  What you CAN do is have your laptops in a different OU and not enforce it there, that way they can change the setting manually.  When the come back to the office, it will revert (GPO Allies again), but when they leave, they can change it to none.  That is how we accomplish it at my current location.

DrUltima
0
 
LVL 1

Author Comment

by:JeffBeall
Comment Utility
i'm not concerned with getting the policy out to everyone - i'm more concerned with laptop users not going through the proxy outside the domain.
0
 
LVL 1

Author Comment

by:JeffBeall
Comment Utility
i just had a thought - i could have an OU for laptops that doesn't have the proxy policy - then through their login script - make it so they use the proxy.
only problem is i don't know how to script. the current login "script" is a simple batch file that sets up the network shares.
would this be possible?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 31

Accepted Solution

by:
DrUltima earned 250 total points
Comment Utility
Yes, but to make it transparent to the end user, you would also need a log off script to turn the proxy back off.  Batch itself cannot do it, but it can import registry settings which can:

http://www.experts-exchange.com/Programming/System/Windows__Programming/Q_21069499.html

This Question details how to accomplish through Batch registry manipulation.
0
 
LVL 5

Assisted Solution

by:xylog
xylog earned 250 total points
Comment Utility
You can set your browsers to autodetect and use WPAD -> http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol Either using a DNS entry called wpad or a DHCP option. When off the network they will not resolve the DNS entry or have the DHCP setting so they will autodetect the lack of a proxy and directly access the net. WPAD is supported in Firefox also.
0
 
LVL 1

Author Closing Comment

by:JeffBeall
Comment Utility
thank you
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now