Using Group Policy to enforce an Internet proxy server

Most networks of significant size use a forward proxy server to filter their Internet traffic. This is essentially a box that sits out near the edge of the corporate network; whenever client computers in the network try to access the Internet, their requests are sent out through this server. Doing this enables companies to monitor Internet use, restrict browsing permissions, and keep many forms of malware at bay. When implementing a proxy server, one of the big questions is always "How do we enforce the use of this proxy?". Some solutions do a default route through the proxy server so that all traffic flows outbound that way at a network level. More often, though, it is desirable for the proxy server settings to be configured at the browser level because it is probably unnecessary for all traffic to flow through this proxy; only the browser's web traffic should do so. In these cases, you could certainly open up the Internet Explorer options on everyone's computers and enter the proxy server information, but that is a huge task to undertake, and it gives users the ability to remove those settings if they choose to.

By using Group Policy to set the Internet Explorer proxy configuration, this task will be automated and hands-off. This also ensures that users are not able to manipulate these fields in the future, and you can be assured that your web traffic is flowing through the proxy server as you have defined it.

Getting ready

Our GPO has already been created; now we are using the Group Policy Management Console on our Server 2016 domain controller to configure settings within the GPO. A Windows 10 client computer is also sitting waiting for use as we will want to test this GPO after we finish the configuration.

How to do it…

Follow these steps to set everyone's Internet proxy settings via Group Policy:

  1. Open the Group Policy Management Console from the Tools menu of Server Manager.
  2. Find the new GPO that you have created for this task, right-click on it, and choose Edit….
  3. Navigate to User Configuration | Preferences | Control Panel Settings | Internet Settings.
  4. Right-click on Internet Settings and choose New | Internet Explorer 10.

    How to do it…

    Tip

    You may have to create multiple policies here if you are using multiple versions of Internet Explorer on your workstations.

  5. You will see a dialog box that looks just like the regular Internet options available in IE. You have the ability to change many things here, but for our purposes today, we are heading over to the Connections tab.
  6. Click on the LAN settings button.
  7. Check the box for Proxy server. Then input the Address and Port fields for your particular proxy server.

    How to do it…
  8. Click OK, and your setting will be put into place.
  9. Now log in to the client computer, and let's see whether this proxy server information was successfully implemented. Launch Internet Explorer and open Internet options.
  10. Browse to the Connections tab and click on the LAN settings button to ensure your proxy server settings have been properly plugged in. Also notice that they are now grayed out, showing you that they have been configured by Group Policy, and cannot be manipulated manually.

How it works…

Using Group Policy to assign Internet proxy server settings to all of your client computers with one simple GPO creation is another example of the power behind Group Policy. The possibilities for the centralized administration of your domain joined machines are almost endless; you just need to do a little digging and find the right place inside the GPOs for changing your settings. Maybe you don't have a proxy server in your network and don't need this recipe. But I still encourage you to take the steps listed here and apply them to some piece of technology that you do utilize. I guarantee anyone working in IT will find some setting inside Group Policy that will benefit them! Go out and find some that will help save you time and money.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.162.235