| Line 1: | Line 1: | ||
You can set the Internet Explorer Proxy settings via Group Policy. | You can set the Internet Explorer Proxy settings via Group Policy. | ||
| − | There are two methods in which you may want | + | There are two methods in which you may want implement proxy settings, on a per user basis or on a per device/computer basis. |
== Create a Group == | == Create a Group == | ||
| + | Create a group for the users/computers you want to apply this proxy setting to. | ||
| + | Go to Active Directory Users and Computers, select the OU you want to create the g | ||
| − | == | + | == Per Computer == |
| + | Applying proxy settings on a per computer basis forces all users regardless of their access rights to use the proxy settings specified in the GPO. | ||
| + | Depending on what version of Windows Server you run will determine how you implement the proxy settings. | ||
| − | == | + | === Server 2008 and above == |
| + | One of the new Group Policy features in Windows Server 2008 allows you to apply Custom registry settings. | ||
| + | We will be using this new feature to set the global machine proxy settings. | ||
| + | |||
| + | 1. First go to "Group Policy Management" then navigate to the OU that you want to apply proxy settings to. | ||
| + | In this case it should be an OU that contains computer objects, in this example we'll call this OU "Domain Workstations". | ||
| + | Right click the OU and click "Create a GPO in this domain, and Link it here...". | ||
| + | Give the GPO a name like "Proxy Settings" and for Source Starter GPO choose none. | ||
| + | |||
| + | 2.Select the "Proxy Settings GPO" and under the Security Filtering pane select "Authenticated Users" and click Remove. | ||
| + | Now click Add and enter the group you created above "Proxied". | ||
| + | This makes the GPO only apply to computers that are a member of that group. | ||
| + | ''' ''NOTE:'' '''If you want to apply proxy settings to all computers within the "Domain Workstations" OU then skip this step.<br> | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ==== Group Policy Extensions (KB943729) for XP clients on a 2008 domain ==== | ||
| + | When XP clients are joined to a 2008 domain you need to apply the "Group Policy Extensions" update to XP. | ||
| + | http://support.microsoft.com/kb/943729 | ||
| + | |||
| + | |||
| + | === Server 2003 and below === | ||
| + | With Server 2003 you can't apply custom registry settings through Group Policy so we need to apply them to the computers via a StartUp script. | ||
| + | |||
== Per User == | == Per User == | ||
| + | Applying proxy settings on a per user basis means that the proxy settings follow the user regardless of what computer they use. | ||
| Line 20: | Line 51: | ||
== Warnings == | == Warnings == | ||
| − | The process outlined above does not prevent users from accessing websites via IP address. | + | 1. The methods described here do not apply to local user accounts. Local accounts do not apply Group Policy and thus the proxy settings set by Group Policy have no effect. |
| + | |||
| + | 2. The process outlined above does not prevent users from accessing websites via IP address. | ||
If you require this sort of thing a dedicated proxy server such as [[:Category:Squid|Squid]] would be more appropriate. | If you require this sort of thing a dedicated proxy server such as [[:Category:Squid|Squid]] would be more appropriate. | ||
Revision as of 21:19, 13 October 2010
You can set the Internet Explorer Proxy settings via Group Policy. There are two methods in which you may want implement proxy settings, on a per user basis or on a per device/computer basis.
Contents
Create a Group
Create a group for the users/computers you want to apply this proxy setting to. Go to Active Directory Users and Computers, select the OU you want to create the g
Per Computer
Applying proxy settings on a per computer basis forces all users regardless of their access rights to use the proxy settings specified in the GPO. Depending on what version of Windows Server you run will determine how you implement the proxy settings.
= Server 2008 and above
One of the new Group Policy features in Windows Server 2008 allows you to apply Custom registry settings. We will be using this new feature to set the global machine proxy settings.
1. First go to "Group Policy Management" then navigate to the OU that you want to apply proxy settings to. In this case it should be an OU that contains computer objects, in this example we'll call this OU "Domain Workstations". Right click the OU and click "Create a GPO in this domain, and Link it here...". Give the GPO a name like "Proxy Settings" and for Source Starter GPO choose none.
2.Select the "Proxy Settings GPO" and under the Security Filtering pane select "Authenticated Users" and click Remove.
Now click Add and enter the group you created above "Proxied".
This makes the GPO only apply to computers that are a member of that group.
NOTE: If you want to apply proxy settings to all computers within the "Domain Workstations" OU then skip this step.
Group Policy Extensions (KB943729) for XP clients on a 2008 domain
When XP clients are joined to a 2008 domain you need to apply the "Group Policy Extensions" update to XP. http://support.microsoft.com/kb/943729
Server 2003 and below
With Server 2003 you can't apply custom registry settings through Group Policy so we need to apply them to the computers via a StartUp script.
Per User
Applying proxy settings on a per user basis means that the proxy settings follow the user regardless of what computer they use.
Disabling Internet Access
Using the techniques described above you can effectively disable internet access for a targeted group of users and/or computers. All you have to do is set the proxy server to 127.0.0.1 which sets the local device as the proxy server and thus prevents URL's from resolving correctly.
Warnings
1. The methods described here do not apply to local user accounts. Local accounts do not apply Group Policy and thus the proxy settings set by Group Policy have no effect.
2. The process outlined above does not prevent users from accessing websites via IP address. If you require this sort of thing a dedicated proxy server such as Squid would be more appropriate.
Reference
http://www.smart-x.com/?categoryid=171&articleid=149 http://www.tomshardware.com/forum/221139-46-make-proxy-settings-machine-rather-user http://community.spiceworks.com/topic/33803