Go Premium for a chance to win a PS4. Enter to Win


active directory 2003 organizational units

Posted on 2011-03-15
Medium Priority
Last Modified: 2012-05-11
i have an active directory domain - with windows 2003 servers. i have a few organizational units with different group policies. now i need to have everyone go through my squid proxy server. i want the laptop users to use the proxy in the domain, but not when they are traveling. is there a way to do this?
Question by:JeffBeall
  • 3
  • 2
LVL 31

Expert Comment

by:Justin Owens
ID: 35139119
Not really.  You can set a top level GPO to set your proxy server for all your OUs easily enough.  What you CAN do is have your laptops in a different OU and not enforce it there, that way they can change the setting manually.  When the come back to the office, it will revert (GPO Allies again), but when they leave, they can change it to none.  That is how we accomplish it at my current location.


Author Comment

ID: 35139194
i'm not concerned with getting the policy out to everyone - i'm more concerned with laptop users not going through the proxy outside the domain.

Author Comment

ID: 35139222
i just had a thought - i could have an OU for laptops that doesn't have the proxy policy - then through their login script - make it so they use the proxy.
only problem is i don't know how to script. the current login "script" is a simple batch file that sets up the network shares.
would this be possible?
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

LVL 31

Accepted Solution

Justin Owens earned 1000 total points
ID: 35139349
Yes, but to make it transparent to the end user, you would also need a log off script to turn the proxy back off.  Batch itself cannot do it, but it can import registry settings which can:


This Question details how to accomplish through Batch registry manipulation.

Assisted Solution

xylog earned 1000 total points
ID: 35143812
You can set your browsers to autodetect and use WPAD -> http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol Either using a DNS entry called wpad or a DHCP option. When off the network they will not resolve the DNS entry or have the DHCP setting so they will autodetect the lack of a proxy and directly access the net. WPAD is supported in Firefox also.

Author Closing Comment

ID: 35180617
thank you

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question