Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Configuring an explicit proxy via GPO

            Modified on Wed, 20 Jan 2021 at 09:45 AM

            Problem:

            When you want to deploy an explicit proxy configuration via the GPO, the new Windows 10/Server 2016 & 2019 settings for internet explorer most of the times won't work and won't apply the required proxy settings.

            Solution: 
            The best solution here is to configure a GPO using registry keys that will enforce the explicit proxy configuration.

            Please note that by default all proxy configuration is done "per user", which means that the registry setting should be applied on the User Configuration.


            Create a new GPO and go to the following location:

            User Configuration > Preferences > Windows Settings > Registry

            Then, on any blank space on the right pane, right click and select New > Registry Item


            Create the following 3 registry keys:

            Action: Update

            Hive: HKEY_LOCAL_MACHINE (yes HKLM, not user)

            Key path: Software\Microsoft\Windows\CurrentVersion\Internet Settings

            Value name: ProxyEnable

            Value type: REG_DWORD

            Value data: 00000001

            Base: Hexadecimal


            Action: Update

            Hive: HKEY_LOCAL_MACHINE (yes HKLM, not user)

            Key path: Software\Microsoft\Windows\CurrentVersion\Internet Settings

            Value name: ProxyServer

            Value type: REG_SZ

            Value data: [Proxy server IP]:[Proxy server port] (192.168.25.185:8080 or frp-websec-wcg.bulwarx.local:8080)

            The later result of this registry on client will look like this:


            Action: Update

            Hive: HKEY_LOCAL_MACHINE (yes HKLM, not user)

            Key path: Software\Microsoft\Windows\CurrentVersion\Internet Settings

            Value name: ProxyOverride

            Value type: REG_SZ

            Value data: [Exception site list]

            Replace the [Exception site list] with the name of every sites that needs to be accessed directly, separated with semicolon. The usage of wildcard mask is permitted here. Optionally, add <local> at the end of the list to make sure the “Bypass proxy server for local addresses” option is ticked in the result. In this example, the list of sites that must be bypassed are *.mustbegeek.com and any IP address in the 192.168.* subnet, therefore the configuration will look as follows:

            The later result on client’s Internet Explorer setting and in the Advanced menu will look like in these figures below:

            Note: the “Bypass proxy server for local addresses” option will not be ticked if <local> is not added at the end of the list on registry.



            This will still allow the user to change the proxy setting until the next GPO refresh

            To enforce a setting to prevent the user from changing this setting update the following GPO setting:

            User Configuration > Windows Components > Administrative Templates > Internet Explorer

            Find the setting named "Disable Changing Proxy Settings" and set it to enable

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select atleast one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0