First of all, we need to understand the sequence of GPO settings being applied: computer settings in the GPO are applied when the computer boot and before user login. User settings in the GPO are applied when user logon the computer.
So if any settings exist in computer settings and User settings, the user settings will win out.
Proxy settings are one of these settings, and unfortunately they only exist in the user settings in the GPO if you don’t want to touch Registry settings. We will do the settings for two scenarios which cover most of our needs:
Scenario 1, use user proxy settings per user:
This case probably will meet 90% of people’s requirement. Follow below steps to configure this:
IE 5-10:
- Open Group Policy Management Console (GPMC.MSC) on a Windows 8.1 or a Windows Server 2012 R2 computer.
- Create a new Group Policy Object (GPO) or select an existing Group Policy Object (GPO) to modify.
- Right-click the selected Group Policy Object (GPO) and click Edit and browse to:
- User Configuration\Preferences\Control Panel Settings\Internet Settings
- Select Internet Settings and then right-click to select New and choose the option which suits your case.
- Configure the desired Internet Explorer Preference settings and click Apply and then OK
- Run the following command at a command prompt on clients where you want the settings to apply or wait for the group policy background refresh:
gpupdate.exe /force
IE 11:
- Open Group Policy Management Console (GPMC.MSC) on a Windows 8.1 or a Windows Server 2012 R2 computer.
- Create a new Group Policy Object (GPO) or select an existing Group Policy Object (GPO) to modify.
- Right-click the selected Group Policy Object (GPO) and click Edit and browse to:
- User Configuration\Preferences\Control Panel Settings\Internet Settings
- Select Internet Settings and then right-click to select New and choose the option of “Internet Explorer 10”
- Configure the desired Internet Explorer Preference settings and click Apply and then OK
- Run the following command at a command prompt on clients where you want the settings to apply or wait for the group policy background refresh:
gpupdate.exe /force
https://support.microsoft.com/en-us/kb/2898604
Scenario 2, use proxy settings per machine:
Some software may need different proxy settings, such as fusion360, which only support transparent proxy settings. You may apply different proxy settings for a bunch of computers only and these settings will override the user proxy settings.
The thinking behind this solution:
There are two potential solutions for this:
- Make proxy settings per-machine (rather than per-user): Computer Configuration/Administrative Templates/Windows Components/Internet Explorer. Which only apply to proxy settings.
- Configure user Group Policy loopback processing mode: Computer Configuration/Administrative Templates/System/Group Policy. Which will apply to all the conflict settings.
I will use the first one in this tutorial.
There is an old way of change the below registry value, which does not exist any more for windows 10.
REGISTRY AND SETTING CONFIGURATIONS |
“Automatically detect settings”
Action: Replace Hive: HKEY_LOCAL_MACHINE Key Path: Software\Microsoft\Windows\CurrentVersion\Internet Settings Value Name: “AutoDetect” Value Type: “REG_DWORD” Value Data: “0” or “1” 0 = Disable 1 = Enable |
Now I will modify the registry key manually:
The reference client should be either a server where you can access Group Policy Management Console ( ideally a Domain controller) or a domain joined windows client machine with “remote server administration tools” installed.
- Open GPMC.MSC, edit the GPO you would like to define the new IE Setting Policy, I will name it as “untick Proxy Autodetect Per machine”
- Navigate to Computer Configuration / Policies / Administrative Templates / Windows Components/Internet Explorer
- Enable ‘Make proxy settings per-machine (rather than per-user)‘. Link this one to a reference client.
- Reboot the reference client on which this policy object is applied or use ‘gpupdate /force’
- Open regedit.exe, go to:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- Double click DefaultConnectionSettings(see reference part for all options): double click the 9th byte, which default value is 09, now type 01, click OK.
- Open GPMC.MSC, edit the GPO you would like to define the new IE Setting Policy.
- Navigate to Computer configuration / Preferences / Windows Settings / Registry
- Right click on Registry and select New > Collection Item
- Name the Collection Item IE_Proxy_AutoDetect (or something you like)
- Right crick on the new Collection Folder and Select New > Registry Wizard
- Select Local computer, where you want to import the keys from the reference client machine that you have already prepared with the Automatically Detect Settings option unchecked. For this example, I have selected the host machine [Local Computer] which already have the option deselected!
- Click on the Next> button to continue
- You will see the Registry Browser Dialog. Navigate to the following registry location:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
And select the following 2 options:
DefaultConnectionsSettings
SavedLegacySettingsClick on the Finish Button
- Now link this GPO to the target computers to which you want to apply this setting.
- You can test the GPO on the client one your Policy has refresh or use gpupdate /force command to force the GPO Settings. But all machine will get this settings either in the GPO refresh interval or next reboot.
- Log on one of the target computers, login with a user who has auto detect ticked GPO applied on. Make sure the computer proxy setting win out.
Reference
DefaultConnectionSettings and SavedLegacySettings value:
- If nothing is checked – 9th byte value is “01“
- If “Automatically detect settings” is checked – 9th byte value is “09“
- If “Automatic configuration script” is checked – 9th byte value is “05“
- If “Manual proxy” is checked – 9th byte value is “03“
- If all the options are checked – 9th byte value is “0f“
- If “Automatically detect settings” and “Automatic configuration script” is checked – 9th byte value is “0d“
- If “Automatically detect settings” and “Manual Proxy” is checked – 9th byte value is “0b“
- If “Automatic configuration script” and “Manual proxy” is checked – 9th byte value is “07“
How to configure Proxy Settings for IE10 and IE11 as IEM is not available