none
loopback policy not applying

    Question

  • Hi Folks,

    I have a GPO (GPO-Configure Proxy URL) which applies to Users OU.  The GPO uses User Configuration > Preferences > Windows Settings > Registry to create a registry key under HKEY CURRENT USER to enable proxy configuration under internet explorer.

    I have terminal servers (RDS OU) and I don't want the Proxy URL to be configured when user logon to the RDS servers.

    I have created a loopback GPO (GPO-Delete Proxy URL) which is set to delete the HKEY CURRENT USER Proxy registry key created above. I have tested with both replace and merge mode and set the key under both users and computer configuration however i don't see the proxy configuration getting removed.

    What can be done to make loopback gpo work and remove the proxy setting on ie when users logon on to RDS servers.


    Regards, Navdeep

    Tuesday, April 18, 2017 9:50 AM

Answers

  • > What can be done to make loopback gpo work and remove the proxy setting on ie when users logon on to RDS servers.
     
    Create a group and make all Terminal Servers a member of that group. Then in your registry key, navigate to "common" - "item level targeting". Target for "Security Group", "Computer is a member of", "Not".
    Create a second registry item that deletes the value in question. Same targeting, but without "Not".
     
    • Marked as answer by singh83 Wednesday, April 19, 2017 1:35 AM
    Tuesday, April 18, 2017 2:38 PM

All replies

  • > What can be done to make loopback gpo work and remove the proxy setting on ie when users logon on to RDS servers.
     
    Create a group and make all Terminal Servers a member of that group. Then in your registry key, navigate to "common" - "item level targeting". Target for "Security Group", "Computer is a member of", "Not".
    Create a second registry item that deletes the value in question. Same targeting, but without "Not".
     
    • Marked as answer by singh83 Wednesday, April 19, 2017 1:35 AM
    Tuesday, April 18, 2017 2:38 PM
  • Thanks Martin for your assistance. I have used your idea but instead of using loop back, i made the changes in original GPO and set it to not apply if computer "is not" RDS Server name. That seems to have produced the desired effect.

    Thanks a lot for your assistance.


    Regards, Navdeep

    Wednesday, April 19, 2017 1:48 AM