# Proxy Server Setting in Group Policy



## kazak

Hi,

We have a proxy server in our office that we use when surfing to prohibit certain websites in the office. The problem is our users go to connections tab in IE and uncheck the proxy server to access the prohibited sites. Is there a way I can force the users to use the proxy server and not let them be able to remove the proxy settings?

Thanks.


----------



## TacticalSniper

This thread says it's in: _User Configuration > Windows Settings >
Internet Explorer Maintenance > Connection > Proxy Settings_


----------



## TheOutcaste

You'll also want to go to:
*Computer* or *User Configuration | Administrative Templates | Windows Components | Internet Explorer*
You can Enable the *Disable changing proxy settings* option in the right pane
Or go one level father to *Internet Control Panel* and you can enable the *Disable the Connections page* option so it won't appear, then they can't get to that setting to even try to change it.

Of course, if they have Admin accounts, they can easily get around any policy you set.


----------



## kazak

Thanks for all the help. I have successfully set the proxy server settings in the group policy and also set the group policy to hide the connections tab in IE. Now for desktop users they have no problems.

However for laptop users when they bring their laptops home, they are not able to surf net as their home network is not able to see the proxy server.
Is there a way I can set the proxy settings to be applied only when connected to domain and the proxy settings to be disabled only connected to other networks?

Thanks.


----------



## TacticalSniper

Well, this is far from the best way, but where I work I set up a separate OU for laptop users, blocked GPO inheritance and set up a separate policy for those.


----------



## LinuxHacker

shanna777 said:


> You can make that change in your default domain policy
> under the user configuration.
> It should work withou applying it to workstations.
> Since you are making the change apply to users....no workstations
> are needed to be specified.


you should never use the default domain policy for changes that are not already set. always use another GPO.


----------



## kazak

TacticalSniper said:


> Well, this is far from the best way, but where I work I set up a separate OU for laptop users, blocked GPO inheritance and set up a separate policy for those.


Hi I dun get what you mean by that? I can move the laptop users to a serperate OU, but what by blocked GPO inheritance?


----------



## kazak

If I create a new OU and put my laptop users there, and I disable GPO inheritance. It just means that the group policies that were applied to the main OU will not be inherited to the sub OUs rite? How would this help? I want the users to use the proxy server when in Domain only. When not in domain they should not use the proxy settings.


----------



## TacticalSniper

kazak said:


> I want the users to use the proxy server when in Domain only. When not in domain they should not use the proxy settings.


Right. I understand what you mean now. IMO you would not be able to do this though GPO. You would need something like Microsoft's ISA Server (or an open-source project such as Untangle).


----------



## LinuxHacker

I have a VBScript you can use that will set it at login and remove it at logoff. You can use it as a domain startup script so it will only happen onsite. It only works for IE tho (as do GPOs).


----------



## decz

LinuxHacker said:


> It only works for IE tho (as do GPOs).


So if you go the domain login script route you might want to block them from browsing out to websites of chrome, firefox, etc.  That can be set in Internet Options > Content Adviser.


----------



## LinuxHacker

What do you use for web filtering? You can setup a nice filter by using Squid/squidGuard. It's free under GNU. You can make it inline so any device accessing the internet will be filtered. No GPO's or scripts.


----------



## ramesh_itguy

kazak said:


> Hi,
> 
> We have a proxy server in our office that we use when surfing to prohibit certain websites in the office. The problem is our users go to connections tab in IE and uncheck the proxy server to access the prohibited sites. Is there a way I can force the users to use the proxy server and not let them be able to remove the proxy settings?
> 
> Thanks.


Hi kazak this is ramesh i need ur help.I planned to install proxyserver in my office may i know how to do this .Please help me ya.


----------

