gpo internet explorer proxy settings not applying in windows 7

Thanks to: http://thommck.wordpress.com/

Internet Explorer 10 was released for Windows 7 and Windows Server 2008 R2 machines back in February 2013. Nine months later and we are going through it again with Internet Explorer 11. For SysAdmins and IT Pros managing software updates, these new versions led to quite a significant change in how we use Group Policy to manage them.
I only recently discovered that when Windows 8 (and along with it IE10) was released they finally got rid of the “Internet Explorer Maintenance” Section of the Group Policy Editor. This section always struck me as an odd place to configure IE settings and I’m still not sure why they couldn’t just use the normal Administrative Template section.
Internet Explorer Maintenance in Server 2003 Group Policy Editor
Internet Explorer Maintenance in Server 2003 Group Policy Editor
Below is an excerpt from the technet article Replacements for Internet Explorer Maintenance from the IE10 Deployment Guide
In earlier versions of the Windows operating system, Internet Explorer Maintenance (IEM) could be used to configure a subset of Internet Explorer settings in an environment using Group Policy. In Windows 8, the IEM settings have been deprecated in favor of Group Policy Preferences, Administrative Templates (.admx), and the Internet Explorer Administration Kit 10 (IEAK 10).
Important – Any settings that you previously configured with IEM will no longer work on computers where Internet Explorer 10 or newer is installed, regardless of the Windows version it’s been installed on.
The page above also has a very useful table of what settings are deprecated or what alternative tool to use. You can also search all the most up to date group policy settings on Microsoft’s GPSearch web app
As with all group policy settings, you should always make changes from the newest OS available. For example, if you wanted to configure a Windows 8 PC you should use the RSAT tools to run the Group Policy Management Console (GPMC) from a Windows 8 host. That way, you can see all of the newest settings as well as backwards compatible ones.
Unfortunately, as IE 10/11 are part of Windows 8/8.1 Server 2008 R2 and below don’t understand they exist. So if you haven’t got any Win8 or Server 2012 machines around, how are you supposed to configure it?

Administrative Templates

You can import the latest settings to your existing template store on Server 2003 or above. The links below are for IE10 but it doesn’t seem like the IE11 ones are freely downloadable yet. However, you can copy the templates from a 2012 R2 member server onto your older template store.

Group Policy Preferences

Group Policy Preferences (GPPs) came out with Server 2008/Windows Vista to remove the need to use logon scripts. They contain all the settings necessary to map drives, add printers, change the registry and so on. They are now the official way to configure the Internet Settings of a machine (including Favorites). If you have never used the Internet Settings feature of GPP then I highly recommend you look at the following article on the Group Policy Blog, Red / Green: GP Preferences doesn’t work even though the policy applied. I don’t really need to lockdown are machines too much but the one critical thing I need to do is specify the proxy server and and exceptions. If you go to do this on an older GPMC client then you will notice the following problem
What about IE 9, 10 & 11!?
What about IE 9, 10 & 11!?
Back when IE9 came out, people started noticing that GPPs were not applying, even though the same settings should work from what was specified in IE8. You can read a technet blog article about whyhere http://blogs.technet.com/b/asiasupp/archive/2011/03/30/internet-explorer-9-ie9-group-policy-preferences-gpp.aspx or download the hotfix to address it here Internet Explorer Group Policy Preferences do not apply to Internet Explorer 9 in a Windows Server 2008 R2 domain environment.
I tried that fix and it didn’t work on my Windows 7 Machines with IE11. Why you would even want different settings for different versions I’m not entirely sure. In fact, I find the whole GPP interface really ugly and clunky. I’m still not sure why these settings can’t be done via normal templates. Fortunately, there is another way to specify the proxy settings, and that is with registry keys. I’ve set that up and it’s working fine in our mixed environment. I used the Registry Wizard within GPP to capture the settings on a correctly configured PC and they are now there ready to be modified as needs be.
The following keys I added are as follows
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    • "ProxyEnable"=dword:00000001
    • "ProxyServer"="10.1.1.12:8080"
    • "ProxyOverride"="http://*.internal.lan;https://*.internal.com;<local
Registry Settings in the Group Policy Editor
Registry Settings in the Group Policy Editor

The Bottom Line

If possible, use the most up-to-date OS to configure your group policy settings from, if not, deploy registry keys through group policy preferences

Comentarios

Publicar un comentario

Dime si la información de este blog te sirvio.

Entradas populares de este blog

Guía de herramientas básicas para estudiantes: 31 apps y webs imprescindibles para ayudarte con los estudios

Imagen
  Te traemos una guía con   31 aplicaciones y herramientas web para ayudarte como estudiante , una colección muy variada para sacar provecho en diferentes ámbitos en los que puedas necesitarlo. Nos hemos dejado fuera el ámbito educativo para los más jóvenes, recursos que tenemos en   esta otra guía , y nos hemos centrado en estudiantes más adultos. Hemos decidido centrarnos en herramientas prácticas, dejando fuera las plataformas para cursos online, tanto  las más conocidas  como  otras menos conocidas . Lo que hemos preferido buscar son recursos que puedas usar en tu día a día, como gestores de fuentes y citaciones, herramientas para diagramas, para intercambiar apuntes o para crear diferentes contenidos. Y lo que decimos siempre en Xataka Basics hoy cobra más sentido que nunca. Nosotros te traemos 31 herramientas, pero te invitamos a  compartir tus propuestas en la sección de comentarios  para que el resto de usuarios también pueda beneficiarse de los conocimientos de nuestros xatake
Leer más

Comando FOR para archivos BAT

Gracias a: http://profesoremiliobarco.blogspot.com/ El comando FOR sirve para ejecutar bucles de instrucciones, y es una instrucción que se encuentra disponible en todos los lenguajes de programación. Un bucle son varias repeticiones de algunas instrucciones. Este comando suele ser el más complicado de entender para las personas que empiezan a escribir archivos BAT complejos. Aqui intentaré explicar todas las opciones y usos del comando FOR, así como intentar resolver las dudas que los usuarios de Internet me puedan plantear. La sintaxis normal del comando FOR es: FOR %var IN (lista) DO (      comando     comando      ... )  Pero si lo vamos a usar dentro de un archivo BAT será así: FOR %%var IN (lista) DO (      comando     comando      ... ) Observa que la variable "var" ahora va precedida por dos simbolos de "%". Además, si este for está dentro de un archivo BAT, el nombre de la variable debe ser UNA SOLA LETRA (p.ej: %%n, %%i,  %%j , etc
Leer más

Policy Based Routing example: route one subnet via ISP A and another via ISP B

Imagen
thanks to: http://glennmatthys.wordpress.com/ Goal Setup a network with a Cisco router that routes one local subnet via internet connection A and another local subnet via internet connection B. In this example we’ll use one LAN side, which has two subnets: 192.168.1.0/24 192.168.2.0/24 We want traffic destined for the internet, originating from the 192.168.1.0/24 network, to be sent to ISP A, which is connected to FastEthernet0 We want traffic destined for the internet, originating from the 192.168.2.0/24 network, to be sent to ISP B, which is connected to FastEthernet1 Both internet connections get their IP address via DHCP. Prerequisites For this  configuration you’ll need: One dual WAN router, such as a 1811 Two internet connections (or simulated ones) 2 nodes, one for the 192.168.1.0/24 subnet and one for the 192.168.2.0/24 subnet. These can be two different computers, or two virtual machines, etc… ClientA, Windows 7, will connect to 192.168.1.0/24 and sur
Leer más