locked
Deploying Proxy Settings Through DHCP RRS feed

  • Question

  • I have been trying to figure a way to deploy our proxy settings through DHCP.  I created the scope option 252 and in the string value i put the location of the .pac file. The problem is that the clients are not recieving the the option.

     

    Is there a way to go about issueing proxy settings through dhcp or is there a better way to go about doing this?

    Friday, August 5, 2011 11:10 PM

Answers

  • بسم الله الرحمن الرحيم

    hi centur 1963

    you can deploying the proxy server with group policy or DHCP

    1- you say I understand now how to setup the scope option. I am unsure how to publish the .pac instead of the wpad.dat

     if you want publish it with ISA or TMG see this link  http://phillipwindell.wordpress.com/tech-pages/isatmg/wpad-setup/

     

    2- you can do it with group policy from

     Group Policty -> User Configuration -> Windows Settings ->Internet Explorer Maintenance -> Connection -> Proxy Settings

    policy will take some time to apply or u run command GPUPDATE /FORCE on clients


    Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.
    Saturday, August 6, 2011 9:40 PM
  • That is correct.  The only other suggestion I can provide if you go wtih the GPO option is to place a shortcut on the user's desktop to disable the proxy setting via a change in the registry. 

    Enable and Disable Proxy Settings via Shortcut
    http://www.anitkb.com/2011/07/enable-and-disable-proxy-settings.html

     

    I havent really used option 252 in DHCP for configuring proxy settings.  however, here are some articles that may be of use:

    "Automatically Detect Settings" Does Not Work if You Configure DHCP Option 252
    http://support.microsoft.com/kb/307502

    Automatic Discovery for Firewall and Web Proxy Clients
    http://technet.microsoft.com/en-us/library/cc713344.aspx

    Create an option 252 entry in DHCP
    http://technet.microsoft.com/en-us/library/bb794881.aspx

     


    anITKB Visit anITKB.com, an IT Knowledge Base.
    facebook Follow me on Facebook.
    Saturday, August 6, 2011 12:35 AM
  • Hi Centaur1963,

     

    Thanks for posting here.

     

    Are you using Windows Server 2003 or 2008/2008R2 as DHCP server ? Try to disable the global query block list on your server and see if this issue will persist :

     

    Managing the Global Query Block List

    http://technet.microsoft.com/en-us/library/cc794902(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, August 9, 2011 7:55 AM

All replies

  • I typically use Group Policy or the IEAK.  See the following TechNet article for more detail (the URL is for IE 8):

    Using Automatic Configuration, Automatic Proxy, and Automatic Detection

    http://technet.microsoft.com/en-us/library/cc985352.aspx

     

    Brian

     

    Friday, August 5, 2011 11:28 PM
  • I find that configuring your IE client's proxy settings via GPO works best...

    How to Configure Proxy Settings in Internet Explorer
    http://www.anitkb.com/2011/07/how-to-configure-proxy-settings-in.html


    anITKB Visit anITKB.com, an IT Knowledge Base.
    facebook Follow me on Facebook.
    Friday, August 5, 2011 11:50 PM
  • I thought about that. But for those users white laptops would have a problem.  They wouldnt be able to connect to internet once they get home and off our network.
    Saturday, August 6, 2011 12:16 AM
  • That is correct.  The only other suggestion I can provide if you go wtih the GPO option is to place a shortcut on the user's desktop to disable the proxy setting via a change in the registry. 

    Enable and Disable Proxy Settings via Shortcut
    http://www.anitkb.com/2011/07/enable-and-disable-proxy-settings.html

     

    I havent really used option 252 in DHCP for configuring proxy settings.  however, here are some articles that may be of use:

    "Automatically Detect Settings" Does Not Work if You Configure DHCP Option 252
    http://support.microsoft.com/kb/307502

    Automatic Discovery for Firewall and Web Proxy Clients
    http://technet.microsoft.com/en-us/library/cc713344.aspx

    Create an option 252 entry in DHCP
    http://technet.microsoft.com/en-us/library/bb794881.aspx

     


    anITKB Visit anITKB.com, an IT Knowledge Base.
    facebook Follow me on Facebook.
    Saturday, August 6, 2011 12:35 AM
  • I understand now how to setup the scope option. I am unsure how to publish the .pac instead of the wpad.dat

    Saturday, August 6, 2011 12:36 AM
  • I thought about that. But for those users white laptops would have a problem.  They wouldnt be able to connect to internet once they get home and off our network.


    Actually, you have the option of pushing the proxy settings via Group Policy Preferences.  If you use GPP, users would have the ability to change the setting.  My suggestion is to use Group Policy settings (non-GPP) for desktop computers/users while using GPP for the portable computers/laptop users.  You can set up a WMI filter to target the portable computers/laptop users.  See the following TechNet articles.

    WMI filtering

    http://technet.microsoft.com/en-us/library/cc781936(WS.10).aspx

     

    Group Policy Preferences: Getting Started

    http://technet.microsoft.com/en-us/library/cc731892(WS.10).aspx

     

    Brian


    Saturday, August 6, 2011 3:44 AM
  • بسم الله الرحمن الرحيم

    hi centur 1963

    you can deploying the proxy server with group policy or DHCP

    1- you say I understand now how to setup the scope option. I am unsure how to publish the .pac instead of the wpad.dat

     if you want publish it with ISA or TMG see this link  http://phillipwindell.wordpress.com/tech-pages/isatmg/wpad-setup/

     

    2- you can do it with group policy from

     Group Policty -> User Configuration -> Windows Settings ->Internet Explorer Maintenance -> Connection -> Proxy Settings

    policy will take some time to apply or u run command GPUPDATE /FORCE on clients


    Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.
    Saturday, August 6, 2011 9:40 PM
  • Thanks.  Question:

     

    For WPAD I set the string value to be file:////SVR-DC3\proxy\instantproxy.pac  for DNS CNAME should it be the proxy server or should it be the DHCP Server info?

     

     

    Monday, August 8, 2011 11:12 AM
  • بسم الله الرحمن الرحيم

    why you don't set the string value Http://Server Name Or IP:PortNo/wpad.dat this work with me very good


    Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.
    Monday, August 8, 2011 11:57 AM
  • Thank you for the quick response.  I appologize because i am really new at this.   The Proxy.Pac had all the exemptions and proxy settings inside of it. 

     

    I used the file path cause i thought that would be the easiest to setup. I wasn't sure if i would have to setup IIS on the DHCP for that wpad.dat.

     

    I will do more reading to see if i can actully do the http setup.

    Monday, August 8, 2011 1:05 PM
  • بسم الله الرحمن الرحيم

    what is your proxy TMG or ISA or third party?

    if TMG or IS no problem Check this link

    http://technet.microsoft.com/en-us/library/cc995261.aspx

     


    Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.
    Monday, August 8, 2011 8:23 PM
  • Third party.  Our Proxy is at our parent companies site.
    Monday, August 8, 2011 8:50 PM
  • بسم الله الرحمن الرحيم

    some third party not support this option i had asraro gatway security not support this option

    why aren't you used this solution by Group policy ? i used it in our network it worked very good

     you can do it with group policy from

    Group Policty -> User Configuration -> Windows Settings ->Internet Explorer Maintenance -> Connection -> Proxy Settings

    policy will take some time to apply or u run command GPUPDATE /FORCE on clients


    Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.
    Monday, August 8, 2011 9:20 PM
  • i was concerened with the laptop users.  How did you resolve the issues with laptop users taking their laptops home?
    Monday, August 8, 2011 9:29 PM
  • بسم الله الرحمن الرحيم

     

    laptop users can manual remove check box from IE when go to home

    IE - Tools - Internet Option - Connection tab - LAn Setting - proxy server uncheck box Use Proxy server for LAN(this setting will not  not apply to dil-up or VPN connections)


    Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.
    Monday, August 8, 2011 9:44 PM
  • Hi Centaur1963,

     

    Thanks for posting here.

     

    Are you using Windows Server 2003 or 2008/2008R2 as DHCP server ? Try to disable the global query block list on your server and see if this issue will persist :

     

    Managing the Global Query Block List

    http://technet.microsoft.com/en-us/library/cc794902(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, August 9, 2011 7:55 AM
  • set up proxy setting via DHCP option 252

    make sure clients are set to "automatically detect proxy settings"

    create a wpad entry in DNS

    once all this is in place, ANY client that has windows or osx and is set to automatically detect proxy settings will get out on the internet.

    i manage over 1000 devices this way at 2 sites...

    Thursday, February 27, 2020 10:26 PM