Most popular browsers and applications use the proxy settings set in Windows to access the Internet.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Windows queries.
In this context, we shall look into how to centrally configure proxy settings on Windows in a domain using Group Policy.
In order to configure the proxy settings, we suggest the following methods.
1. Set Proxy Settings on Windows via GPO
Originally, to centrally configure Internet Explorer settings via GPO, the Internet Explorer Maintenance (IEM) policy was used.
We can find it under, User configuration –> Policies –> Windows Settings –> Internet Explorer Maintenance.
However, since Windows Server 2012/Windows 8, this section is missing in modern versions.
On the latest Windows versions, we must use Group Policy Preferences (GPP) to configure IE and proxy settings in the GPO Editor.
To do so, we open the domain GPO Editor console, select the OU with the users to which we want to apply proxy settings. Then we create a new policy Create a GPO in this domain and Link it.
We go to User Configuration -> Preferences -> Control Panel Settings -> Internet Settings. In the context menu, select New -> Internet Explorer 10.
On the other hand, on Windows 10/Windows Server 2016, we need to use the Internet Explorer 10 item.
Although there is no separate option for Internet Explorer 11, the Internet Explorer 10 policy should apply to all versions of IE above 10:
<FilterFile lte=”0″ max=”99.0.0.0″ min=”10.0.0.0″ gte=”1″ type=”VERSION” path=”%ProgramFilesDir%\Internet Explorer\iexplore.exe” bool=”AND” not=”0″ hidden=”1″/>
We will get Group Policy Preferences IE forms, almost completely identical to the Internet Options settings in the Windows Control Panel.
For example, we can specify a home page (General tab -> Home page field).
To save and apply a specific setting, ensure to press F5. A green underline of a parameter means that this IE parameter will apply via GPP.
Similarly, we can specify proxy settings in the Connections tab and click the Lan Settings button.
We configure the proxy server in one of the following ways:
Check the option Use a proxy server for our LAN. Then we specify the IP/FQDN name of the proxy server and the connection port in the corresponding Address and Port fields.
If we enable the Bypass proxy server for local addresses option, we prevent applications from using a proxy server when accessing local resources.
Addresses of other resources, for access to which we do not need to use a proxy, must be specified manually. Press the Advanced button and add these addresses to the field Do not use proxy servers for addresses beginning with in the following format: 10.1.*;192.168.*;*.linuxapt.com.com;*.local.net.
We can also set proxy settings in Google Chrome through the GPO using special administrative templates.
After we save the policy, we can view the InternetSettings.xml file with the specified browser settings in the policy folder on the domain controller:
\\UKDC1\SYSVOL\linuxapt.com.com\Policies\{PolicyGuiID}\User\Preferences\InternetSettings\InternetSettings.xml
GPP allows to more finely target policy to users/computers. For this, GPP Item Level Targeting is used. Go to the Common tab, enable the option Item-level targeting -> Targeting.
In the form that opens, we specify the conditions for applying the policy. We can use our own logic to assign proxy parameters.
It remains to link the proxy policy to the AD container with the users and update policy settings on them.
After applying policies on the user's computers, we use the new IE settings.
We can check the current proxy settings on Windows 10 in the Settings -> Network and Internet -> Proxy.
2. Configure Proxy Setting via Registry and GPO
In addition, we can configure IE settings through the registry using GPP policies.
For example,
To enable a proxy server, we configure the following registry parameter in the registry key HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings.
In the GPO editor, under User Configuration -> Preferences -> Windows Settings -> Registry and create three registry parameters under the specified reg key:
We create proxy policies not per-user, but for the entire computer. To do so, we use the GPP settings from the GPO section Computer Configuration -> Preferences -> Windows Settings -> Registry.
Set the same registry parameters under the registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings.
3. Change WinHTTP Proxy Settings via GPO
Some system services or applications do not use the user’s proxy settings by default. For such applications to work, we configure the WinHTTP proxy settings in Windows.
To check if WinHTTP proxy is configured on our computer, we run:
netsh winhttp show proxy
The "Direct Access (no proxy server)" output means no proxy is set.
We can manually set a proxy for WinHTTP on our computer. To do so, we run:
netsh winhttp set proxy proxy.linuxapt.com:3128 "localhost;10.1.*;192.168.*;*.linuxapt.com"
Or we import proxy settings from the user's Internet Explorer settings:
netsh winhttp import proxy source=ie
However, this will not configure WinHTTP through the GPO.
The only way is to configure WinHTTP proxy on the reference computer.
Then we export the value of the WinHttpSettings parameter from the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections.
Finally, we deploy this parameter to domain computers through the GPP registry extension.
This article covers how to configure Proxy Settings on Windows using Group Policy. In earlier versions of Microsoft Windows, Internet Explorer Maintenance (IEM) could be used to configure a subset of Internet Explorer settings in an environment using Group Policy. In Windows 8, the IEM settings were deprecated in favor of Group Policy Preferences, Administrative Templates (.admx), and the Internet Explorer Administration Kit 10 (IEAK 10).
To Configure proxy settings using Group Policy Management (To Create an Internet Explorer item):