Over the years I've tried a number methods for making changes to those and the proxy settings. The best by far IMO is using wpad. Browsers that have the "Automatically detect settings" tick box enabled look for http://wpad/wpad.dat. Wpad.dat is a file that is essentially just a renamed .pac file. The file contains instructions on how the browser should connect. In order for this to work you need a web server to host the wpad file. You also need to create a dns entry that resolves "wpad" to the server's IP. The reason this is the best method is that it does not require you to make any changes to the clients, distribute any files, scripts, group policies etc. All that is required is that automatically detect is ticked (which it is by default in most cases). Plus it works on Firefox and other browsers. As clients come on to your network they will pick up the wpad file and its settings. When they aren't on your network they will just go direct for internet connectivity or if required the client can manually enter proxy settings. Wpad is also the best option for Windows 7 clients as there are components of the OS that don't look at the proxy settings in IE. Checking for certificate revocations is one in particular that I've seen. With wpad these also work. Wpad files also allow great flexibility on what the browser connects through based on a number of variables, the subnet they are on, the domain name requested etc. You can use DNS or DHCP for wpad but I prefer DNS. Here is a wpad.dat file that I have used previously. The first two sections achieve what you are trying to do. I have a better one somewhere but I can't find it at the moment. Search the net for .pac files for other examples:- function FindProxyForURL(url, host) { // If URL has no dots in host name, send traffic direct. if (isPlainHostName(host)) return "DIRECT"; // If IP address is internal or hostname resolves to internal IP, send direct. var resolved_ip = dnsResolve(host); if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") || isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") || isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") || isInNet(resolved_ip, "127.0.0.0", "255.255.255.0")) return "DIRECT";
// All other traffic uses below proxies, in fail-over order or then goes direct return "PROXY proxyname.domain.internal:8080; DIRECT"; } James. -----Original Message----- From: Gavin Wilby [mailto:[email protected]] Sent: Tuesday, 13 March 2012 2:07 AM To: NT System Admin Issues Subject: Proxy server and ISA Hi, I have implemented an install of GFI Web Monitor on a server that runs ISA2004. Due to the fact that the ISA has to be set to require auth, for the users to get logged, I need to set IE for all users to Bypass Proxy Connections for Loacl Addresses under the Connections for the LAN. I can see how to policy this out and I cant find the right key to fix the registry. Help please? -- Gavin Wilby, Twitter: http://twitter.com/gavin_wilby ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
