I want to apply windows proxy settings on a computer/location/OU basis using group policy (IE version for the moment is 8, but will be upgrading sooner or later). Presently, I have user objects and computer objects separated out in different OU's in my Active directory tree, and these OU's are subdivided further by category (e.g. computers/PhysicalLocation1, computers/PhysicalLocation2, users/BusinessUnit1, users/BusinessUnit2, etc.).
I think that the typical solution for the above problem is to use group policy loopback processing with the GPO security filter. However, the catch is that I want to have it so that ONLY when users access the network from a specific computer/location, regardless of user, everyone goes through the proxy. When the same users access the network from a different location/OU they do not go through the proxy.
If I use the GPO security filter to pin point where the group policy loopback processing is to be applied it seems that I need to specify user objects (i.e. the object associated with the person logging into the PC with the proxy settings) along with computer objects (i.e. the computer where the proxy settings are applied). The problem with this is that when the user uses a different PC in a location where I do NOT want proxy settings to be applied, because the user is in the GPO security filter the proxy settings end up being applied.
Is there any easy way to pinpoint proxy settings per computer?
Best Answer
You seem to be on the right lines.
Loopback processing is what you need to use. Loopback processing will, very simply, allow you to link your User Configuration GPO to an OU containing computers and have the user config apply to users on these computers.
I don't know why you are using group policy security filtering. It implies that you've linked the GPO at a level that is higher than the level you want to apply it.
SO, to make this work:
In the target computer OU, create a GPO called 'Enable Loopback Processing' and configure
Computer Configuration\Policies\Administrative Templates\System\Group Policy\User Group Policy loopback processing mode > Enable, Mode:Merge
in the target computer OU, create a GPO called 'IE Proxy Server' and configure
User Configuration\Preferences\Control Panel\Internet Settings\ <set required proxy settings>Optionally, configure another GPO in this OU to prevent users from altering the proxy settings, using
Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Connections pageYou shouldn't have to use security filtering at all.
So long as these GPOs are linked ONLY to the OU in which the computers which you want to use a proxy server on then this will work, and on computers in other OUs users will not acquire these proxy settings.