apply Proxy setting to IE by machine?

  • Thread starter Thread starter richard
  • Start date Start date
R

richard

I have created two OUs:

myOU_noProxy,
myOU_useProxy

and intend to move the computers in my AD into one or other of these.

The computers in myOU_useProxy should have IE set to use a proxy
server, no matter who is using them. In fact, they have no other way
to reach the outside world, as their addresses all fall within a range
which the firewall won't allow out.

The computers n myOU_noProxy on the other hand, can reach the outside
world directly and should not be configured to use a proxy.

To acheive this, I linked a group policy to myOU_useProxy, in which

user configuration/internet explorer maintenance/connection/proxy
settings

is set to use the proxy.

Trouble is, this approach doesn't work.

Is what I want to do possible, and if so, whats the easiest way of
doing it?

tia
Richard
 
I have not tried that myself but here is my two cents.

There is a setting in computer configuration/administrative
templates/Windows components/Internet Explorer - make proxy settings per
machine that you may want to try. There is another setting computer
configuration/administrative templates/system/Group Policy - Internet
Explorer maintenance processing. You may want to enable that setting and
configure it to be "process even if Group Policy objects have not changed".
The link below explains more. Note that secedit /refreshpolicy can be used
to speed up policy propagation for user and computer configuration and the
gpresult support tool can help determine what Group Policies are being
applied to user and computer. The /v switch will give much more detailed
information.. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;316702
http://support.microsoft.com/default.aspx?scid=kb;en-us;227302
 
Hi Steven.

There is a setting in computer configuration/administrative
templates/Windows components/Internet Explorer - make proxy settings per
machine that you may want to try. There is another setting computer
configuration/administrative templates/system/Group Policy - Internet
Explorer maintenance processing. You may want to enable that setting and
configure it to be "process even if Group Policy objects have not changed".
Click to expand...

I've tried adjusting these settings as you suggest, but it still fails
to produce the desired result.

the gpresult support tool can help determine what Group Policies are being
applied to user and computer. The /v switch will give much more detailed
information..
Click to expand...

As far as I can understand the output from this tool, the machine is
processing the linked policy. Maybe there is something trivial that
always works that I could put in the policy, such as change desktop
colour, to confirm that the policy really is being processed.

regards
Richard
 
Hi, Richard:

Have you considered using Loopback processing on that OU? Loopback is
great to get user policies to apply to users whose objects aren't in an
OU that the machine is. We use a similar configuration in my
environment. We have users that should only have policies applied to
them when they are on computers in a specific OU.

You can find loopback settings in Computer Config>Admin
Templates>System>Group Policy as User Group Policy loopback processing
mode in 2003 or Loopback Policy in 2000.

You'll probably want to use the "Merge" option, as you don't want to
obliterate all other policies the users have from THEIR OUs when they
use a computer in this OU.

For more information, check out this KB article:
"Loopback Processing of Group Policy"
http://support.microsoft.com/default.aspx/kb/231287

HTH
__________________
Steve Athanas
MCSE:Security (2003)
 
Hi Steve,

You can find loopback settings in Computer Config>Admin
Templates>System>Group Policy as User Group Policy loopback processing
mode in 2003 or Loopback Policy in 2000.

You'll probably want to use the "Merge" option, as you don't want to
obliterate all other policies the users have from THEIR OUs when they
use a computer in this OU.
Click to expand...

I'm going to have to experiment a bit with the Merge option, but this
certainly seems to do what I want.

Thanks for your help.

Richard
 
You're very welcome. I hope that resolves your issue. Let me know if you
have any other questions!
___________________
Steve Athanas
MCSE: Security (2003)
 
Back
Top