Hi Guys, Thats really useful to know thank you hugely.
Ill take a proper look at the settings of the proxy and try and implemented as suggested. Thanks again. G. On Thu, Jul 15, 2010 at 1:48 AM, James Hill <[email protected]>wrote: > We use a .pac file. Works quite well. Here's an example that will work > perfectly for most environments:- > > function FindProxyForURL(url, host) { > > > // If URL has no dots in host name, send traffic direct. > if (isPlainHostName(host)) > return "DIRECT"; > > > // If IP address is internal or hostname resolves to internal IP, send > direct. > > var resolved_ip = dnsResolve(host); > > if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") || > isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") || > isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") || > isInNet(resolved_ip, "127.0.0.0", "255.255.255.0")) > return "DIRECT"; > > > // All other traffic uses below proxies, in fail-over order. > return "PROXY yourproxyserver:8080; DIRECT"; > } > > -----Original Message----- > From: Malcolm Reitz [mailto:[email protected]] > Sent: Tuesday, 13 July 2010 1:43 AM > To: NT System Admin Issues > Subject: RE: Internet Proxy - Group Policy Question > > That's what I was getting at. Very easy to publish wpad.dat or proxy.pac > via DHCP option 252 to all clients. Make sure you point to the > wpad.dat/proxy.pac by FQDN, not IP, so the proxy is gracefully ignored when > the PC is off the corporate network. > > -Malcolm > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Monday, July 12, 2010 09:27 > To: NT System Admin Issues > Subject: Re: Internet Proxy - Group Policy Question > > IMHO, this is not the most effective way of going about it. > > I would instead enforce that IE (and if you can, any other browsers) to > automatically detect proxy settings, then set up > http://wpad.example.com/wpad.dat, then configure wpad.dat with the > settings you want. > > That way, if the above URL isn't available - because they're outside your > perimeter, for example - then the browser is free to go direct, and not use > the proxy. > > Kurt > > On Mon, Jul 12, 2010 at 04:08, Gavin Wilby <[email protected]> wrote: > > Good Afternoon all, > > I have a quick question regarding Internet Proxys. > > I have a site that has a GPO that forces all users to to run through > > the Message Labs proxy server. The policy forces it so it cannot be > > turned off, and there are one or two exceptions in that policy. > > Now this is all well and good right up until the point that one of the > > users (a director) takes his laptop out of the building, and then > > disappears abroad with it without telling us. The internet then stops > > working for him, as Im guessing that its trying to use a proxy server > > that it can neither find, nor authenticate to. Due to the policy being > > forced he, as an end user cant turn it off, and we have resorted to > > manually changing the registry to get it working again. > > The GPO mentioned above is of course a USER based policy, so I cant > > omit his laptop from it, and although I could omit HIM from it, I dont > > really want to, as it means he has free rein on every PC he logs into. > > No doubt Im missing something blindingly obvious here, but whats going > > to be the best solution? > > > > -- > > Gavin Wilby, > > Twitter: http://twitter.com/gavin_wilby > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < > http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < > http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > -- Gavin Wilby, Twitter: http://twitter.com/gavin_wilby GSXR Blog: http://www.stoof.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
