+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
How do you do....it? Thread, Staff Laptops on school and home internet in Technical; Ever since I started here way back in 2004 as an apprentice, I've known that staff have wanted to use ...
  1. #1
    DAZZD88's Avatar
    Join Date
    Apr 2009
    Location
    Sunderland, Tyne and Wear
    Posts
    788
    Thank Post
    163
    Thanked 77 Times in 66 Posts
    Rep Power
    48

    Staff Laptops on school and home internet

    Ever since I started here way back in 2004 as an apprentice, I've known that staff have wanted to use school laptops at home on their wireless broadband whilst also being able to come into school, log onto the network and use the internet in school without hassle.

    My problem is that we don't want them fiddling with proxy settings and changing between our proxy and no proxy. Is there a way in GPO that we can change their internet settings to switch between the two configurations?

    Some of our staff are more technically minded and change the settings themselves but as stated we'd rather they not do this. I wanted to maybe get this sorted seeing as at the moment I actually have some free-ish time.


    Any help appreciated,
    Darren

  2. #2
    marekbrad's Avatar
    Join Date
    May 2006
    Location
    Bradford
    Posts
    139
    Thank Post
    25
    Thanked 38 Times in 31 Posts
    Rep Power
    24

  3. Thanks to marekbrad from:

    DAZZD88 (13th January 2010)

  4. #3
    DAZZD88's Avatar
    Join Date
    Apr 2009
    Location
    Sunderland, Tyne and Wear
    Posts
    788
    Thank Post
    163
    Thanked 77 Times in 66 Posts
    Rep Power
    48
    That's greatly appreciated but unfortunately that would involve staff having to do something for themselves. Unfortunately I would like this to be a seamless switch where the user is required to do nothing. If that makes sense?

  5. #4
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    40
    The thing to do is set up an auto proxy using WPAD How to configure Microsoft DNS and WINS to reserve WPAD registration
    within school. Then you just configure the laptops via GPO to auto discovery.

  6. Thanks to jsnetman from:

    DAZZD88 (13th January 2010)

  7. #5
    tommccann's Avatar
    Join Date
    Jun 2009
    Posts
    252
    Thank Post
    46
    Thanked 39 Times in 31 Posts
    Rep Power
    0
    We just have the user log in locally when at home (with the proxy not configured), and use their network accounts when in school (GPO configures the proxy)

  8. Thanks to tommccann from:

    DAZZD88 (13th January 2010)

  9. #6
    richardp's Avatar
    Join Date
    May 2007
    Location
    North Yorkshire
    Posts
    131
    Thank Post
    3
    Thanked 25 Times in 25 Posts
    Rep Power
    20
    Surely what you need to be using is a pac file for this ?

    Proxy auto-config - Wikipedia, the free encyclopedia

  10. Thanks to richardp from:

    DAZZD88 (13th January 2010)

  11. #7

    LeMarchand's Avatar
    Join Date
    Jan 2008
    Location
    The deepest pits of hell
    Posts
    2,573
    Thank Post
    327
    Thanked 417 Times in 291 Posts
    Rep Power
    221
    You can definitely use GPO to change the proxies at school, but the proxies are retained. I did try using a local GPO to "unset" the proxies on the grounds that the domain GPO would overwrite if necessary, but didn't have any luck. (May not have done it correctly).

    In the end, I used a domain GPO + a proxy.pac and it all seems to work as planned. This may seem like duplication, but the GPO changes the proxies at log on and thus ensures that the AV - set to update 10 mins after log on - updates properly at school while the proxy.pac only changes the proxies when IE is launched.

  12. Thanks to LeMarchand from:

    DAZZD88 (13th January 2010)

  13. #8
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    40
    Surely what you need to be using is a pac file for this ?
    On a windows server you setup a wpad.dat file and host it on an intranet server.

  14. #9
    DAZZD88's Avatar
    Join Date
    Apr 2009
    Location
    Sunderland, Tyne and Wear
    Posts
    788
    Thank Post
    163
    Thanked 77 Times in 66 Posts
    Rep Power
    48
    Quote Originally Posted by tommccann View Post
    We just have the user log in locally when at home (with the proxy not configured), and use their network accounts when in school (GPO configures the proxy)
    I think we have done this on a few staff laptops with varying success (mainly due to staff not knowing passwords etc...).

    Using a .PAC file seems like it would be a viable solution. Reading up for now, I can't seem to get my head round it but that is no doubt just a bit rust after having so long off work and having a headache.

    LeMarchand, how did you set this up? Do you have any links or helpful info to guide me?

    Thanks,
    Darren.

  15. #10
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,655
    Thank Post
    383
    Thanked 273 Times in 225 Posts
    Rep Power
    103
    After trying a few things i found one of these two ways was the easiest:

    Install firefox on there laptops by default, Rename firefox to home internet and internet explorer to work internet, they have seperate proxy configurations so you can leave IE setup for the school proxy and leave firefox empty

    That is my prefered method but alternativly there is a script, i can't remember where i got this now but it does what you want though not 100% fool proof (if the laptops dead slow sometimes it doesn't run until after someone opened IE if they are impatient)

    Code:
    'Triggers a 5 second pause in order for logon scripts & printer batch files to run.
    WSCript.Sleep 5000
    On Error Resume Next
    Dim refWMI,sIPAddress,colNetworkAdapters,oNetworkAdapter,sIPSubnet,WshShell,sProxyPort
    'Runs script on local computer.
    strComputer = "."
    'Specifies the beginning ip for schools network.
    sIPSubnet = "172."
    'Change values for proxy settings
    sProxyURL = "staffproxy.swgfl.org.uk"
    sProxyPort = "8080"
    'Finds IP addresses of all network adapters on machine and stores in sIPAddress
    Set refWMI = GetObject("WinMgmts:\\.\root\cimv2")
    Set colNetworkAdapters = refWMI.ExecQuery("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled=True")
    Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
    Set WshShell = CreateObject("Wscript.Shell")
    
    For Each oNetworkAdapter in colNetworkAdapters
         If oNetworkAdapter.IPAddress(0) <> "0.0.0.0" Then
               sIPAddress = oNetworkAdapter.IPAddress(0)
               Exit For
         End If
    Next
    'Checks to see if the IP address begins with 172.
    If InStr(sIPAddress,sIPSubnet) Then
         'If true then sets proxy settings specified above.
         WshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer",sProxyURL & ":" & sProxyPort,"REG_SZ"
         WshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable",1,"REG_DWORD"
         'If true then sets internet explorer home page to intranet site. 
    strKeyPath = "SOFTWARE\Microsoft\Internet Explorer\Main"
    ValueName = "Start Page"
    strValue = "http://intranet"
    objReg.SetStringValue HKEY_CURRENT_USER, strKeyPath, ValueName, strValue
    Else
         'If false then clears proxy settings flag to none.
         WshShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer"
         WshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable",0,"REG_DWORD"
         'If false then sets internet explorer home page to external site.
    strKeyPath = "SOFTWARE\Microsoft\Internet Explorer\Main"
    ValueName = "Start Page"
    strValue = "http://google.co.uk"
    objReg.SetStringValue HKEY_CURRENT_USER, strKeyPath, ValueName, strValue
    MsgBox"Internet Explorer Setting Change Completed", vbInformation, "Complete"
    End If
    'Cleanup
    Set refWMI = Nothing
    Set colNetworkAdapters = Nothing
    Set WshShell = Nothing
    Const HKEY_CURRENT_USER = &H80000001
    You'll have to change things like the homepage, proxy server and network address start string but it's pretty much self explanatory, put that in a vbs file and stick it in all users > startup on a laptop and it'll run on logon.

  16. Thanks to mrbios from:

    DAZZD88 (13th January 2010)

  17. #11

    LeMarchand's Avatar
    Join Date
    Jan 2008
    Location
    The deepest pits of hell
    Posts
    2,573
    Thank Post
    327
    Thanked 417 Times in 291 Posts
    Rep Power
    221
    Quote Originally Posted by DAZZD88 View Post
    LeMarchand, how did you set this up? Do you have any links or helpful info to guide me?
    For the pac, I cribbed from this guy. Just alter the below to match your school's details:

    Code:
        function FindProxyForURL(url, host)
        {
        if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0"))
        return "PROXY 192.168.1.1:8080";
        else
        return "DIRECT";
        }
    N.B. Whilst the above is obviously for a single proxy, there are supposed to be ways to do it if you have different proxies for each protocol; I never got that to work - fortunately we only need a single proxy now!

    I used a local file rather than setting the pac up on the network, just go into LAN settings and "Use automatic configuration script" with the following syntax:

    Code:
    file://c:\whereveryourpacis\proxy.pac
    I think I used the local technique because the proxy settings seem to be retained (so don't revert to direct at home).

    The above will change the proxies when IE is used; but I wanted them changed at logon in school to enable AV updates so I set up a GPO to do so (User Config/IE Maintenance/Connection). As I said above, I did try to set a local GPO to save using a proxy.pac but without any luck. I was on a tight deadline at the time, so gave up - maybe it's possible to get it working that way.

  18. Thanks to LeMarchand from:

    DAZZD88 (13th January 2010)

  19. #12
    DAZZD88's Avatar
    Join Date
    Apr 2009
    Location
    Sunderland, Tyne and Wear
    Posts
    788
    Thank Post
    163
    Thanked 77 Times in 66 Posts
    Rep Power
    48
    Quote Originally Posted by LeMarchand View Post
    For the pac, I cribbed from this guy. Just alter the below to match your school's details:

    Code:
        function FindProxyForURL(url, host)
        {
        if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0"))
        return "PROXY 192.168.1.1:8080";
        else
        return "DIRECT";
        }
    N.B. Whilst the above is obviously for a single proxy, there are supposed to be ways to do it if you have different proxies for each protocol; I never got that to work - fortunately we only need a single proxy now!

    I used a local file rather than setting the pac up on the network, just go into LAN settings and "Use automatic configuration script" with the following syntax:

    Code:
    file://c:\whereveryourpacis\proxy.pac
    I think I used the local technique because the proxy settings seem to be retained (so don't revert to direct at home).

    The above will change the proxies when IE is used; but I wanted them changed at logon in school to enable AV updates so I set up a GPO to do so (User Config/IE Maintenance/Connection). As I said above, I did try to set a local GPO to save using a proxy.pac but without any luck. I was on a tight deadline at the time, so gave up - maybe it's possible to get it working that way.
    Thanks mate, might be a while until I can test it but that looks spot on. I've created/change the necessary files and now I just want to try it on a test OU but unfortunately my test OU has laptops in that I never put there. Anyway, I'll post back with results.

    Thanks again,
    Darren

  20. #13

    Join Date
    Jan 2009
    Location
    Tavistock
    Posts
    326
    Thank Post
    69
    Thanked 135 Times in 62 Posts
    Rep Power
    49
    The way I go about allowing staff to view the internet at home and also at school without them fiddling with the proxy is....

    Install Firefox on the laptop without importing anything from IE (exept favorites) and set it to use no proxy, add a shortcut to firefox on the desktop called 'Firefox (Home Internet Only)'. This means that the whole laptop is geared to use the school proxy apart from firefox which they can still reach their webmail, ebay etc (not able to use outlook coz of the proxy). If I realy doubt their ability to see coman sense then I sometimes also rename to IE shortcut to say 'Internet Explorer (School internet only).

    I have found that the laptops that I do this on (compared to staff that just turn the proxy off) have ALOT less troubles and come to me with malware/virus panic attacks on a monday morning.


    On another note, its funny how many teachers partners (aparently they are gods with IT, so they say, lol) that try and install google chrome and find that they can still not access the internet at home and blame the laptop or myself for the issue makes me giggle!. Chrome gets its setting direct from IE and I have not found a way to independenly set a proxy different to chrome from IE (I have not looked deeply into it at all plus I dont really want to anyway).

    It would be good to hear what route you are going to take with your issue?

    P.S I have done this also because I do not add teacher laptops to the domain. they are all local admins

  21. Thanks to JAB1a from:

    DAZZD88 (13th January 2010)

  22. #14
    chrbb's Avatar
    Join Date
    Oct 2005
    Location
    Midlands
    Posts
    1,509
    Thank Post
    141
    Thanked 67 Times in 62 Posts
    Rep Power
    47
    I use a proxy button made with autoit, found the details on here somewhere

  23. Thanks to chrbb from:

    DAZZD88 (13th January 2010)

  24. #15

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    116
    I accidently did something once that puzzled me for hours, but it was worth it for the trick I saw in it:

    If it's on a domain and you have a logon script called say "logon.cmd" then add a line in to enable to proxy in the registry, IIRC it's a value somewhere called ProxyEnable so set that to 1 via reg.exe or similar. Make another file called "logon.cmd" turning the proxy off i.e. in this one set ProxyEnable to 0, and throw that in %windir%.

    When you're connected to the domain it runs the logon.cmd from sysvol.
    When you're not connected e.g. at home, it runs the logon.cmd in %windir%.

    This just works for me and you can do other "if connected to the domain do X, otherwise do Y" tricks with it.

  25. Thanks to PiqueABoo from:

    DAZZD88 (13th January 2010)



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Laptops at school and home (GPO folder redirection)
    By dsk in forum How do you do....it?
    Replies: 8
    Last Post: 26th November 2009, 10:16 AM
  2. Teacher laptops / Internet at home
    By itwasntme in forum Wireless Networks
    Replies: 22
    Last Post: 27th June 2008, 06:38 PM
  3. Staff laptops at home
    By button_ripple in forum Hardware
    Replies: 15
    Last Post: 3rd January 2008, 11:55 PM
  4. Replies: 14
    Last Post: 2nd December 2007, 03:57 PM
  5. Staff home internet access
    By starscream in forum Windows
    Replies: 12
    Last Post: 22nd June 2007, 11:28 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •