+ Post New Thread
Results 1 to 14 of 14
Windows Thread, Help to sort out AD push of ie proxy settings in Technical; Hi, Just been looking at how proxy settings are set to clients in the AD policies. Screenshot attached shows this. ...
  1. #1
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,301
    Thank Post
    80
    Thanked 46 Times in 32 Posts
    Rep Power
    31

    Help to sort out AD push of ie proxy settings

    Hi,

    Just been looking at how proxy settings are set to clients in the AD policies.

    Screenshot attached shows this.

    Questions is - do I really need it set in so many places -- seems to me I could just set it in the DEFAULT DOMAIN POLICY and it would all be good....

    comments? opinions? thanks
    Attached Images Attached Images
    Last edited by kennysarmy; 30th September 2008 at 11:14 AM.

  2. #2

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,600
    Thank Post
    109
    Thanked 769 Times in 598 Posts
    Rep Power
    181
    I wouldn't suggest adding it into the default domain policy... it's just bad practice.

    You could just set it in a GPO at your IT Management OU level and at a GPO at your Users OU level.

  3. Thanks to Ric_ from:

    kennysarmy (30th September 2008)

  4. #3

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    I like the way you block out part of the proxy address on all of them and then leave two at the bottom unblocked

  5. #4

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740
    Ric has already mentioned not editing the default domain policy, i second that and no doubt many others will agree - don't do it !!!

  6. #5
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,301
    Thank Post
    80
    Thanked 46 Times in 32 Posts
    Rep Power
    31
    Quote Originally Posted by RabbieBurns View Post
    I like the way you block out part of the proxy address on all of them and then leave two at the bottom unblocked
    no doubt i got distracted by another kid forgetting his password lol

  7. #6
    cromertech's Avatar
    Join Date
    Dec 2007
    Location
    Cromer by the coast
    Posts
    731
    Thank Post
    177
    Thanked 109 Times in 97 Posts
    Rep Power
    54
    Does this have to apply to the whole domain?

    If so you can use an enforced policy at the top and it will propagate down all ou's.

    If not then you can do use a non enforced at top and block inheritance on the ou's that do not apply.

    See example screen shot
    Attached Images Attached Images

  8. #7
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,301
    Thank Post
    80
    Thanked 46 Times in 32 Posts
    Rep Power
    31
    wish I'd not even gone here....broken internet now for all users except my staff....

    I unticked the apply proxy policy for those shown on attachment with lines through and only left those in place with boxes around....

    If I now do a group policy result on a test pupil account and a workstation it tells me the correct GPO is being applied BUT the details shown for the proxy are from how the policy was 3 months ago
    if I then go to that policy to edit it - it shows the correct information...

    see attachments called wrong and right

    not sure how to trouble shoot this now
    Attached Images Attached Images

  9. #8
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,301
    Thank Post
    80
    Thanked 46 Times in 32 Posts
    Rep Power
    31
    I've had to resort to setting proxy setting via logon script and *.reg file.

    Some machines are picking up the correct proxy settings via AD, however most are still picking up proxy values that are not even referred to in AD.

    I've also noticed a policy that should block students and teachers from running applications from anything other than the shared app directory (program folders etc excepted) is also not being applied so at the moment any student can run software from cd-rom and removal media....

    arggghhhh

  10. #9

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,807
    Thank Post
    3,320
    Thanked 1,056 Times in 977 Posts
    Rep Power
    365
    We have 2 OU's one for staff and one for students and apply those sorts of settings on those OU's and then have any sub categorys under each of those OU's ie 05, 06, 07, 08 for students as there intake years and then under the staff OU its sub divided in to teaching assistants, teaching staff and whatever else and the gpo settings obviously filter down unless any of the OU's have block inheritance enabled.

  11. #10


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    I would set this GP to point to a proxy autoconfig pac file because:

    a) you only need to set it in one place then change the script if you need to update exception rather than finding the GPO policy each time
    b) it works on other browsers such as opera, firefox
    c) it is much more flexible if you want users to access internet at home and not go through your proxy - just set a different IP range to return proxy = no

    Proxy auto-config - Wikipedia, the free encyclopedia

  12. #11
    krisd32's Avatar
    Join Date
    Feb 2006
    Location
    Longridge, Preston
    Posts
    545
    Thank Post
    85
    Thanked 68 Times in 47 Posts
    Rep Power
    43
    gpsettings.JPG

    These are my settings as you can see i have narrowed the it down to use per ou rather than telling the user settings 4 or 5 times to do the same thing.

    I'd try to remove all the proxy settings from all your policies and create a seperate policy for internet settings and apply it to the seperate ou's that require internet access. then a good gpupdate /force always does the trick!

    Kris

  13. #12
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,301
    Thank Post
    80
    Thanked 46 Times in 32 Posts
    Rep Power
    31
    I know the theory.

    Imagine trying to solve an issue though where the proxy setting being set at
    the client by AD is not the settings in the GPO (?)

    I run the group policy results wizard and it tells me the winning GPO is X and the proxy setting are Y. Y being the wrong settings - I look in the GPO X and find the settings are Z - the correct settings.

    I have two DC's - so a sync issue I hear you say - HOWEVER the settings Y were taken out of both DC's back in the summer when these two NEW DC's were installed and the two old DC's were taken out....

    How would you go about solving it?

  14. #13
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,301
    Thank Post
    80
    Thanked 46 Times in 32 Posts
    Rep Power
    31
    OK
    Progress (sort of)

    I know see why the software restriction policy was not working.

    It was being applied to the users OU NOT the computers OU and the software restriction policy is a computer restriction.

    What I fail to see now is why when I log in I can still run software from a memory stick - surely if it is applied at the computer top level OU and the pc I log in to is in that OU that even I should nt be able to run software from a memory stick...

  15. #14
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,301
    Thank Post
    80
    Thanked 46 Times in 32 Posts
    Rep Power
    31
    OK another think sorted.
    There is an option hidden in the policy that states the software restiction policy can apply to all users OR all users except local admins.


    OK.

    But still no luck troubleshooting why a policy is being applied giving certain proxy settings - but when I check that policy it actually has the correct settings.

    any ideas?
    (i can provide screenshots if you don't believe me lol)

SHARE:
+ Post New Thread

Similar Threads

  1. Proxy settings per machine
    By MattCowen in forum Windows
    Replies: 7
    Last Post: 1st October 2008, 09:29 AM
  2. Configured Proxy Settings
    By OutLawTorn in forum How do you do....it?
    Replies: 8
    Last Post: 27th May 2008, 11:46 PM
  3. Proxy settings not there on second logon.
    By robinhood in forum Learning Network Manager
    Replies: 7
    Last Post: 6th October 2007, 11:14 AM
  4. Proxy Settings
    By Jonny_sims in forum Windows
    Replies: 19
    Last Post: 25th May 2007, 07:12 AM
  5. Proxy Settings Not Applied
    By dezt in forum Wireless Networks
    Replies: 16
    Last Post: 3rd October 2006, 08:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •