Group policy proxy settings being applied and then overwritten during first login


  • I work in a primary school and our new Windows 8.1 machines have an issue where users (everyone has roaming profiles) that are logging onto the machine for the first time won't end up with the correct 'group policy applied' proxy settings.

    The (group policy / registry preferences) proxy settings I want the different groups of users to have *are* being applied (verified using process monitor) but I can then see something else (still in the same svchost process) is then taking the ones configured for the local system account (in HKEY_USERS\.Default) and overwriting them. Different user groups use different proxy ports for filtering reasons, so it's crucial the right groups of users get the right settings.

    Whatever is overwriting them, when the user has no cached roaming profile on the machine, does not do it again if they log off and then on again. The problem being, users don't have a set machine and the cached roaming profiles are removed when the machine shuts down using an updated version of delprof... so when the machine boots up again, it's like the users are all logging on for the first time - except they have roaming profiles so they aren't really!

    Having spent far too long looking into the issue, I'm as positive as I can be that it's nothing I'm doing and we do not have any issue with the same settings / policies being applied on our Windows 7 or old XP machines. Group policy configures the user's proxy settings and nothing else touches them.

    So what is it in Windows 8.1 (up-to-date with Windows Updates) that's overwriting the user's proxy settings with those from 'hkey_users\.default\software\Microsoft\windows\currentversion\internet settings\' after gp has finished being applied? (A mere 4 seconds later according to my last process monitor capture / logs)

    Sunday, July 19, 2015 9:25 AM

All replies

  • Hi,

    You meant some pre-configured policies were overwrote after applied, isn't it? Since you have multiple user groups, is this problem occurs on all of them?

    Under this situation, how about delaying the group policy apply time for test.

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact

    Monday, July 20, 2015 3:32 AM
  • Hi,

    Yes, the proxy settings configured in one of the policies are being overwritten later on in the login process by something else that appears to be non policy related.

    We're configured to wait for the network before processing policies, use synchronous scripts and the new delay option for logon scripts in Windows 8.1 has been disabled - not that startup/logon scripts are being used for anything proxy related.

    I don't know of any setting to delay the processing of policies. I'll certainly try it if you can tell me how to?!

    I have captured logon activity for users in various security groups (and now even one just in 'Authenticated users', both with and without a roaming profile - such a user has very little applied to them) and there's still something that's taking the proxy settings configured in hkey_users\.default and applying them to the current user when no cached/local profile exists. Again, this is not something that appears to ever happen in Windows 7 or XP.

    Monday, July 20, 2015 10:16 AM
  • Did you ever find a solution to this or find out what the setting was to delay the processing of policies. I'm having the same issue in Windows 7 SP1. I can run remote registry to the computer I'm testing and see our proxy settings get added as the first login is occurring and then when I refresh after the desktop is available, the proxy settings are gone. When I logoff and back on with the same domain account (2nd login), the proxy settings get added as they should.

    I get the same result whether I drop the settings via our GP login script (our default) or whether I drop the settings via GP Registry Key settings.

    I have computers that get the same exact group policies, have the same updates installed, and were even imaged on the same day that do not exhibit this behavior. They have their proxy configured upon first login and can browse without issue.


    Friday, October 14, 2016 4:23 PM