none
Proxy settings for IE/all other browsers on GPO

    Question

  • Hi

    We have an EBS2008 domain and now a shed load of laptops with wireless capability (naturally). On the domain we have a proxy server which all the domain computers have to run through but when the folks with the laptops take them home they are faced with not being able to browse the internet (bit of an issue as they cant even get emails) because it is looking for a server that is not on the network they currently are on.

    what i am looking for is a way through GPO to set the proxy settings based on the connection type they are using, if they are on OUR wireless they dont connect to the proxy anyway so can i set the policy to say "use proxy for wired connections" and "use no proxy for wireless connections"?

    a number of these users are not particularly computer minded and i dont want to upset the exec by showing them something which they are probably going to forget and then get annoyed at me for their internet not working from home.

    suggestions please?...


    Nothing in unfixable - with a suitable sized hammer!

    Thursday, February 23, 2012 3:54 PM

Answers

  • Hi,

    I am afraid the Group Policy cannot identify if the target is using a Wired connection or a Wireless one. Also the browser application such as IE is not easy to determine if it is necessary to use proxy based on its current connection.

    If the network connectivity (bypass the proxy) is required, we can use the following workarounds:

    A. Use the local accounts instead of the domain accounts, so that the local accounts will not be influenced via GP.

    B. Use the DHCP option 252 instead of the GP to apply the proxy settings.

    To create an option 252 entry in DHCP
    1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.

    2. In the console tree, right-click the applicable DHCP server, click Set Predefined Options, and then click Add.

    3. In Name, type WPAD.

    4. In Code, type 252.

    5. In Data type, select String, and then click OK.

    6. In String, type http://Computer_Name:Port/wpad.dat where:

      • Computer_Name is the fully qualified domain name of the ISA Server computer.
      • Port is the port number on which automatic discovery information is published. You can specify any port number. By default, ISA Server publishes automatic discovery information on port 8080.
    7. Right-click Server options, and then click Configure options.

    8. Confirm that Option 252 is selected.

    http://technet.microsoft.com/en-us/library/bb794881.aspx

    Best regards,

    Steven Xiao


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, February 24, 2012 9:51 AM

All replies

  • Hi,

    I'm trying to involve someone familiar with topic to further look at this issue, there might be some time delay. Appreciate your patience.

    Thanks for your understanding and cooperation!

    Regards,

    Miya

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Miya Yao

    TechNet Community Support

    Friday, February 24, 2012 8:24 AM
  • Hi,

    I am afraid the Group Policy cannot identify if the target is using a Wired connection or a Wireless one. Also the browser application such as IE is not easy to determine if it is necessary to use proxy based on its current connection.

    If the network connectivity (bypass the proxy) is required, we can use the following workarounds:

    A. Use the local accounts instead of the domain accounts, so that the local accounts will not be influenced via GP.

    B. Use the DHCP option 252 instead of the GP to apply the proxy settings.

    To create an option 252 entry in DHCP
    1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.

    2. In the console tree, right-click the applicable DHCP server, click Set Predefined Options, and then click Add.

    3. In Name, type WPAD.

    4. In Code, type 252.

    5. In Data type, select String, and then click OK.

    6. In String, type http://Computer_Name:Port/wpad.dat where:

      • Computer_Name is the fully qualified domain name of the ISA Server computer.
      • Port is the port number on which automatic discovery information is published. You can specify any port number. By default, ISA Server publishes automatic discovery information on port 8080.
    7. Right-click Server options, and then click Configure options.

    8. Confirm that Option 252 is selected.

    http://technet.microsoft.com/en-us/library/bb794881.aspx

    Best regards,

    Steven Xiao


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, February 24, 2012 9:51 AM
  • Hi,

    Hope you are doing fine? I would like to see if there is any update regarding my suggestions?

    Best regards,

    Steven Xiao


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, February 28, 2012 4:28 AM
  • Hi,

    most proxy servers provide a self generated wpad.dat for auto configuration. In corporate networks set DHCP like Steven proposed.

    In addition to that set a GPO:

    User Configuration\Policies\Windows Settings\Internet Explorer Maintenance

    Automatically detect configuration settings -> enabled

    do not enter a Automatic Browser Configuration setting

    this will set "Automatically detect settings" in IE.

    If the user is connected via VPN you have to check this setting for each VPN connection in IE, otherwise you have no connection to the internet.

    Also create a Host(A) "wpad" in your domain pointing to your wpad.dat file.

    When entering http://wpad:80/wpad.dat you should receive the requested auto config. Other browsers like Firefox or Chrome will check this URL automatically (if configured to auto detect).

    Tuesday, February 28, 2012 2:27 PM