Windows (going back to at least IE6) by default has WPAD turned on (Internet Options > Connections > LAN Settings > Automatically Detect Settings).
When you don't have a proxy or WPAD server, browsers initially take several seconds saying something to the effect of "Discovering proxy server.." before timing out and loading the page directly.
I can find lots of stuff about how to set up your proxy information via WPAD, but not how to configure WPAD to tell clients you have no proxy.
WPAD works via both DHCP and DNS, however Firefox only supports the DNS method, so a complete answer ideally provides configuration of both DHCP and DNS.
Best Answer
Even if you are using a proxy you should disable WPAD and manually configure your client's proxy setting using GPOs. WPAD does not have any mechanism for authentication. A Man-in-the-Middle attack is simply a matter of attacker answering the DNS query for
wpad.ad.domain.tldfaster than the legitimate nameserver (see this article going over the WPAD Metasploit).You can disable WPAD by using the following GPO:
Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\