Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Active Directory not pushing down group policy for proxies to browsers


  • Please log in to reply
19 replies to this topic

#1 DnDer

DnDer

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 14 May 2010 - 09:56 AM

Our group policy is supposed to push down proxies to users, with a complete list of IPs.

The users are showing up with both boxes checked under "proxy server" but the address and port are not populating in the LAN settings window. Additionally, the exceptions are not populating for our group policies for these people.

(NOTE: I am part of a different group policy, but this was to serve for showing exactly where our settings are not being populated, as I couldn't get a screen capture from them at the moment.)

We've checked the group policies and everything looks to be set up correctly. What other places should we check, or what settings should we verify?

IE Settings, and where they should be pushed down.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 AM

Posted 14 May 2010 - 11:59 AM

Are you using the right registry entries, and what browsers are you using?

#3 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 14 May 2010 - 12:20 PM

We're using IE7 and 8.

What do you mean, right registry entries? I'm still a scrub to active directory. Let me walk you through what we do, since I don't know if I'll be using the right terms.

On the PDC:
start > run > gpmc.msc

Group Policy Management > Policy (right click) > Edit -- (the policy has 2 groups in it)
User Configurations > Windows Settings > Internet Explorer Maintenance > Connection > Proxy Settings > (check) enable proxy settings

Proxy settings are filled out completely and appropriately. The box for exceptions is checked, and we have all the sites listed that the policy users should NOT use the proxy for. (This is how we discovered the problem - the sites they should be allowed on are not working because they're being blocked. And we saw that the proxy information, and exceptions to the proxy, were not being passed down.)

To my knowledge, we don't have any registry edits in place beyond what we set here.

Did that make sense to you?

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 AM

Posted 14 May 2010 - 12:30 PM

Posted Image

What boxes are checked?

#5 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 14 May 2010 - 01:22 PM

Posted Image

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 AM

Posted 14 May 2010 - 01:28 PM

You need to specify the proxy address and port.

#7 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 14 May 2010 - 01:40 PM

Replied to you via PM, because I took a screen shot out of our active directory. We set the proxy address and port there, in the policy.

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 AM

Posted 14 May 2010 - 01:42 PM

You may want have to a look here: http://community.spiceworks.com/topic/95382 and look at the last post dated 15 APRIL 2010.

#9 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 14 May 2010 - 03:01 PM

Based on your link, I looked. And his problem doesn't seem to apply, unfortunately. Our policy applies to two global security groups - nothing else - that are full of users, and located in the "USERS" OU that's part of AD's default tree.

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 AM

Posted 14 May 2010 - 03:03 PM

I dont know if I am being redundant with what all you have tried, just tell me so and I will try to get help from elsewhere.

Does this pertain to you:

http://www.stbernard.com/ip4kb/iPrism/Netw...sers/IP0346.htm

#11 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 14 May 2010 - 03:37 PM

The values are being written to the computers. I verified that on the same computer with the same login as the capture from the LAN settings above.

You have another screen cap in your inbox showing the registry values matching up.

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 AM

Posted 14 May 2010 - 03:41 PM

You see the box containing the Proxy Address and port up in my post? That should be populated.

#13 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 14 May 2010 - 03:47 PM

It should. My question is, "Why is it NOT doing that?" Policy says proxies should be enforced. The registry is being written to with the correct IP and port values, and is pointed to user groups, which are inside an OU with no computers.

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 AM

Posted 14 May 2010 - 03:54 PM

Try just having one proxy set up address in there since you are using the same address and the same port.

#15 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 14 May 2010 - 04:00 PM

Can I leave the FTP port, since that doesn't use an IP? Or should I clear everything except the top line in that list of proxy settings?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users