Failed to apply Proxy Setting through GPO
We often got customer service requests about Proxy Setting not applying via GPO. Usually customer might deploy LAN setting through GPO IEM. I summarized several symptoms and solutions from my support experience in case you might get similar issue:
1. Check if there is invalid entry in Exception List
You may take a look below article for Proxy Bypass Lists entry rule.
Using Proxy Selection and Proxy Bypass Lists
https://technet.microsoft.com/en-us/library/dd361953.aspx
This issue can be easily reproduced in IE UI. As a result, proxy setting cannot be saved if there is invalid entry in Proxy Bypass Lists in Internet Options\Connections\LAN Settings
In one of my cases, customer had resembling Exception List setting in IEM Connection Settings as below, the yellow highlight one is invalid entry.
smtp.mstest.com.au;mail.mstest.com.au; remote.mstest.biz;https://ms-sql;https://ms-sql/Reports/Pages/Report.aspx?ItemPath=%2fDashboards%2fAXS_SalesDashboard |
After remove invalid entry, the GPO Proxy Setting successfully applies to users.
Moreover, if we capture Process Monitor log when running gpupdate /force on client machine, we can notice there is no RegSetValue action to Internet Settings.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
If we check brndlog.bak or brndlog.txt under
C:\Users\%user%\AppData\Local\Microsoft\Internet Explorer\ in Win7 machine, it indicates that the Processing stopped after exception list setting, as below.
02/25/2013 17:00:57 Processing proxy settings from the ins file… 02/25/2013 17:00:57 "Flags" is set to 0xB. 02/25/2013 17:00:57 "ProxyServer" is set to "192.168.10.21:8080". 02/25/2013 17:00:57 "ProxyBypass" is set to " smtp.mstest.com.au;mail.mstest.com.au; remote.mstest.biz;https://ms-sql;https://ms-sql/Reports/Pages/Report.aspx?ItemPath=%2fDashboards%2fAXS_SalesDashboard;<local>". 02/25/2013 17:00:57 ! Processing of this Wininet.dll connection settings failed. 02/25/2013 17:00:57 Done. 02/25/2013 17:00:57 Done. |
2. User with administrator permission get proxy setting applied but normal users not
We captured process monitor log when normal user login and run gpupdate /force
It shows it actually writes values to HKLM\Software\Microsoft\CurrentVersion\Internet Settings\
Since normal user don’t have permission to set value to HKLM key, it returns “Access Denied”.
By default, IE and Winlogon usually query value from HKCU or HKU\[SID] but if GPO enable Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Make proxy settings per-machine (rather than per user) that Applies proxy settings to all users of the same computer proxy setting will write to HKLM machine level path.
In this case, we found customer had this setting configured on another GPO which is applied at the OU level and set to merge with the Default Domain Policy.
3. Proxy setting not applied for users (random issue) during the peak hours
You may enable the Internet explorer policy processing as per the article
https://technet.microsoft.com/en-us/library/cc978526.aspx
The two options you can follow in this article:
Allow processing across a slow network connection
Process even if the Group Policy objects have not changed
In future, I will fill in more scenarios and hope it is helpful. Enjoy!!!
Reference
========
Entries in the proxy exception list are not shown in the Internet Explorer 7 Advanced Proxy Settings dialog box
https://support.microsoft.com/kb/968847
Regards,
Anik from APGC DSI Team
Comments
- Anonymous
May 11, 2015
Hi anik, it is really excellent. What u posted from ur experience. My problem is solved.