Internet Related/Filtering/Firewall Thread, GPO not deploying on 'Automatic Configuration Script' in Technical; Hello people,
I'm having an issue with one of my GPO that I'm trying to deploy across all sites. We ...
GPO not deploying on 'Automatic Configuration Script'
I'm having an issue with one of my GPO that I'm trying to deploy across all sites. We use Websense for our Internet filtering, and we have setup different PAC files for different sites so I can monitor sites visited etc based on the PAC files.
I've setup a GPO for different sites and I have deployed one site successfully. However, there are a couple of sites that are not deploying successfully. I went to the site and tried the following: -
- Checked the logs on the machine to see if there is reasons why it fails - no logs of this failed GPO.
- Forced the update from the client machine and restarted to no avail - tried a couple of times of this to no avail.
- Deleted the GPO and copy and pasted the working GPO, renamed it and applied it again to the relevant OU - didn't work also with no error logs.
Weird thing is that when I log in with a test user - half of the GPO works where the user can't see the connection tab in IE, but doesn't apply the configuration script. Just to confirm I've made sure that on the GPO itself 'Automatically detect settings' is UNCHECKED for all the GPO for all the sites.
The site where it works - clients are running Win XP SP3 and IE8, and the other sites that aren't working are running Win 7 Pro SP1 and are on IE9.
My thinking is that is something to do with IE9 maybe? I was going to test rolling back to IE8 and testing this? But if this doesn't work - does anyone else have any other suggestions I can perhaps try?
I'm not aware of any GPO/proxy settings problems with 7 & IE9, but you never know... is there maybe a "group policy preferences" style setting in there that's overruling a "group policy normal" setting? Maybe try a RSOP?
Little bit OT, but do you know you can write one PAC that delivers different proxy settings based on the machine's subnet? This sort of thing...
if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0"))
return "PROXY 192.168.1.1:8080";
if (isInNet(myIpAddress(), "192.168.2.0", "255.255.255.0"))
return "PROXY 192.168.2.1:8080";
I tested with IE8 and does the same thing, but as I've started within the last month - I see on the DC's, the DNS are pointing to a public address and not the internal private address. I don't know why this is setup in this way as I thought all DNS requests internally would need the internal address so it can resolve name issues appropriately.
I think this is why it's not deploying it correctly as it cannot find the correct details if this makes sense. Been told to leave it for now as the previous IT guy who is due to leave at the end of this month going to test. Will wait for his go ahead but it's got to do with something like this surely?