a customer I work for needed to restrict the company internet access as granular as possible. Therefore we evaluated the two or three ways how to remote configure clients.
Besides the way to configure it within the proxy config you can:
- Part 1 | Configure proxy through Group Policy
- Part 2 | Configure proxy through Web Proxy Auto Detect (wpad.dat)
- Part 3 | Configure proxy throug Auto-Proxy Configuration Script (proxy.pac)
- Part 4 | Configure proxy through wpad.dat and proxy.pac
The easy peasy way how you can configure IE11 proxy settings is via GPO. Before Internet Explorer 10 there was a configuration node called “Internet Explorer Maintenance” where one could configure all settings for IE.
This node has disappeared and the configuration can be done through policy. As this is a User Configuration (GPP) hit on
Preferences > Control Panel > Internet Settings > New > Internet Explorer 10
Maybe you are as confused as I was why there is no Internet Explorer 11 setting? After a bit of research for an official statement I found this article
…with the keypoint: “You need to select the option of Internet Explorer 10 in Group Policy Preference (GPP) to apply the settings for Internet Explorer 11 as the same settings apply to Internet Explorer 11.”
Then click on Connections > LAN settings
Here you will find the same configuration options as in a local Internet Explorer context menu:
- Automatically detect settings (which we will use for wpad.dat)
- Use automatic configuration script (which we will use for proxy.pac)
- Proxy Server (which we will use for the GPO way)
Mark the “Use a proxy server for your LAN” and enter the IP adress or the FQDN
Take care for the underlined settings:
Settings which are underlined in red are not configured at the target machine, while settings underlined in green are configured at the target machine.
In order to change the underlining, use the following function keys:
F5 – Enable all settings on the current tab
F6 – Enable the currently selected setting
F7 – Disable the currently selected setting
F8 – Disable all settings on the current tab
Then ther is the “Bypass Proxy Server for Local Addresses” option which enables you to circumvent an active proxy when accessing local resources. In general, Windows recognizes addresses like “http://intranet” as a local address and bypasses the proxy. However, if you add periods or use an IP address, such as http://intranet.network.work” or “http://192.168.1.100,” Windows fails to recognize the address as local. Therefore, if you need to bypass these local addresses, add manual exceptions for them.
By the way you can configure all these settings via Registry as well. If you want to do have a look at this article.
The good and the bad
- with this solution you can garantee that the settings reach the clients and get applied
- it works for user and client context
- it’s not a good way if you do not want them to find out the adress of the proxy