Home > GPO > Internet Explorer Proxy Settings via GPO not working

Internet Explorer Proxy Settings via GPO not working

One of our customer just released the beauty and power of GPO. They started to use it more and more. Couple days ago they set brand new GPO with following settings:

  • Proxy IP was set with port 3128 for all protocols
  • Exceptions for couple websites and local addresses

 

IE Proxy GPO

Problem was that this settings were not propagated to all computers in domain. I started to investigate GPO application and I checked:

  • Replication between domain controllers – it was OK
  • I tried Group Policy Modeling – everything looked alright. All GPOs were applied
  • I tried Group Policy Results – everything looked alright. All GPOs were applied
  • I tried to run gpresult /r – GPO was applied to user
  • I checked and cleared GPO history in registry and reaplied GPOs (http://support.microsoft.com/kb/201453/en-us) – didn’t help
  • I checked Internet Explorer registry keys for proxy – settings were not set
  • Eventlog was without any errors

So everything looked great from GPO point of view. So the problem was why those settings from GPO are not applied to IE registry keys? I started to think GPO was someway broken so I’ve created another brand new GPO with same settings. I had same problem. Then I started to create another GPO but only with part of GPO settings. First of all I’ve created GPO which defined only proxy server with port 80. This GPO worked perfectly. Then I have changed proxy port in GPO and it also worked perfectly. The only thing I didn’t configure in latest GPO were expceptions. I’ve looked at the expections and I found follwing list (they are modified):

https://webmail.DOMAIN1;
http://oradb.DOMAIN1;
https://kanban.DOMAIN2;
ftp://193.XXX.XXX.9/;
https://cag.DOMAIN3;
http://oradb.DOMAI1;
ftp://193.XXX.XXX.9;
http://DOMAIN2;
http://www.regulus.cz;
http://www.naturpack.sk;
http://www.zbierka.sk;

There are couple “problems” in this list:

  • There are duplicities (http://oradb.DOMAI1;ftp://193.XXX.XXX.9/;)
  • There is one URL with slash on the end of the address (ftp://193.XXX.XXX.9/;)

I’ve removed duplicities and it didn’t help. When I removed additional slash on the end of one URL everything started to work as expected. I didn’t want to believe it so I put back URL with slash (ftp://193.XXX.XXX.9/;) into exception list and it didn’t work again. Weeeeeird.

I thought that this kind of “problems” would handle GPO Extension responsible for IE Maintenance and I don’t have to spend 2 hours playing with such a issue 🙂

Client was Windows 7 and DC were W2003.

Have a nice day,

  1. October 22nd, 2012 at 12:16 | #1

    Interesting, but the “/” character is just a plain forward slash, not back slash 🙂

  2. October 22nd, 2012 at 12:39 | #2

    Sorry 🙂 I will fix it.

  1. No trackbacks yet.