Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Un-do proxy settings though Group Policy 1

Status
Not open for further replies.
mmendes

mmendes

IS-IT--Management
Jun 20, 2002
149
US
Hello,
I have been successfully using a new Group Policy to specify a non-existant proxy server. I have applied this Policy to a single security group. All I have to do is add a user account to this group, the policy applies and their PC is no longer able to access the Internet. Works great.

The problem is when I remove the user from this security group, their proxy settings are not automatically changed back. I can not find a way to have null settings (ie. no checkmark on the "Use proxy settings" box) to be forced out through group policy. How can this be handled?

Thank you in advance.
 
Sort by date Sort by votes
set the real proxy settings in a domain wide GPO...
that way if the false proxy gpo no longer appies, the correct settings will not be overridden

Aftertaf
________
Regain control of your PC, at If you break your hard drive, it'll be DPlank's fault
 
Upvote 0 Downvote
aftertaf,
Thanks for the reply. The problem is that I have done that already, or at least I have attempted to. First off, I do not actually have any proxy server on my network. In my Default Domain Policy, the "Use proxy server" checkbox is not checked. However, even after my user has been removed from the proxy group and the Default Domain Policy is the only one that applies, the setting is not changed in their Internet Connection Properties. It is not changed even when I do a GPUPDATE command. If I instead specify a different proxy server address in my default domain policy, that new setting is applied. It just will not apply when the checkbox is uncheked. I figure it is because unchecking the box makes it a null value, therefore, it is ignored.

Any other thoughts anybody?

Thank you.
 
Upvote 0 Downvote
argh!

there are free proxies you can use and install, like proximitron, but it's not really the answer to your question!

unless you change/enforce it with a .reg file that is called in a script.

eg:
Code: 
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 6.0; Win32)"
"IE5_UA_Backup_Flag"="5.0"
"NoNetAutodial"=dword:00000000
"MigrateProxy"=dword:00000001
"ProxyEnable"=dword:00000001
"ProxyOverride"="<local>"
"EmailName"="IEUser@"
"AutoConfigProxy"="wininet.dll"
"MimeExclusionListForCache"="multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "
"WarnOnPost"=hex:01,00,00,00
"UseSchannelDirectly"=hex:01,00,00,00
"EnableHttp1_1"=dword:00000001
"PrivacyAdvanced"=dword:00000000
"PrivDiscUiShown"=dword:00000001
"WarnOnZoneCrossing"=dword:00000000
"EnableAutodial"=dword:00000000
"UrlEncoding"=dword:00000000
"ProxyHttp1.1"=dword:00000000
"EnableNegotiate"=dword:00000001
"WarnonBadCertRecving"=dword:00000001
"WarnOnPostRedirect"=dword:00000001
"DisableCachingOfSSLPages"=dword:00000000
"SecureProtocols"=dword:00000028
"CertificateRevocation"=dword:00000000
"GlobalUserOffline"=dword:00000000
"ProxyServer"="10.130.8.254:8090"
"SyncMode5"=dword:00000004


Aftertaf
________
Regain control of your PC, at If you break your hard drive, it'll be DPlank's fault
 
Upvote 0 Downvote
note the "proxyserver"="ip address:port" bit

Aftertaf
________
Regain control of your PC, at If you break your hard drive, it'll be DPlank's fault
 
Upvote 0 Downvote
er...
not fully awake yet, actually!!!

i meant:
"ProxyEnable"=dword:00000001
put it to 0

Aftertaf
________
Regain control of your PC, at If you break your hard drive, it'll be DPlank's fault
 
Upvote 0 Downvote
Aftertaf,
Thank you for the registry edit. I think this is the solution I was looking for.

I have also come up with a work around I thought I would share as well. If I set the Default Domain Policy to use a proxy server (therefore checking the "Use Proxy Server box") but then enter a * in the "Ignore proxy for these sites" area, then proxy is effectively ignored for all sites. A bit cumbersome I know, but it works. By setting the default domain policy this way, then creating a second GPO without the * in the ignore area, I now have two GPO's I can move users in or out of to enable or disable Internet access at will.

Thank you.
 
Upvote 0 Downvote
no sweat, and good idea about the * ;-)

Aftertaf
________
Regain control of your PC, at If you break your hard drive, it'll be DPlank's fault
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
397
technome
technome
DeepuM
  • Locked
  • Question
Web Response returned Web Exception : The underlying connection was closed error | Simphony &amp; QS
Replies
0
Views
458
DeepuM
DeepuM
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
990
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
HyperV trying to do extended replica to external HDD
Replies
0
Views
217
DrB0b
DrB0b
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
336
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top