Check out some similar questions!

ashley velez · Mar 17, 2009, 11:39 AM

We are setting up a proxy server at my work. We want to set a group policy so they must connect to it. Problem is, we connect to a lot of VPN's a local sites. When you go to internet options-> connections->lan settings-> advanced, there is an exception box. (First of all, when you click bypass proxy for local intranet, it doesn't bypass) So anyway we have a lot of characters in the exceptions. I guess in IE7 you can only have 250 characters in the exception box, (Most users here have IE7) but in IE6 you can have up to 1024 characters. Well our domain controller where we'd set up the GPO is using IE6... If I set the GPO with the proxy rule and added the exceptions, would it still work on the people with t IE7?

chuckhole · Mar 17, 2009, 11:50 AM

Question: What proxy server are you using? Does it support Windows Proxy Auto Discovery (WPAD)?

Your exceptions list is for domains so it should be a short list and does not include any protocol specifics (no http, etc.).

I would highly suggest using the custom DHCP 252 WPAD entry to autoconfigure your clients. Then, you can set your IE6 and IE7 clients to "Automatically detect settings" so that it will NOT make it difficult for your mobile users.

You can then set your GPO to push out this setting instead of the problematic proxy server settings.

ashley velez · Mar 17, 2009, 11:56 AM

The proxy server is safe-squid for linux, but every other computer is part of a WIN AD domain.

chuckhole · Mar 17, 2009, 12:28 PM

Originally Posted by ashley velez

The proxy server is safe-squid for linux, but every other computer is part of a WIN AD domain.

It is good that it is an AD Domain. You have DNS and DHCP to work with as well as a central security authority for your proxy rules.

Follow the related information at Content Filtering - client-side to set up your custom PAC/DAT file. You can then add the custom DHCP with the help of Configuring Automatic Discovery for ISA Server Clients.. It is for the Microsoft ISA Server community but the DHCP configuration is the same. Rename your PAC file to WPAD.DAT to conform to the DHCP requirements. Try not to use the DNS configuration if you have multiple AD sites or DNS domains.

Lastly, to setup your proxy server as your DNS forwarder, you will need to install DNS on your proxy server without any primary zones so that it can cache your requests. Then add your AD DNS as a Secondary Zone. In your DNS configuration on your proxy server, add your ISP DNS servers as the forwarders. Set your public NIC IP properties with no DNS and your LAN NIC IP properties to itself as the primary DNS server.

Then in your AD DNS configuration, add your Proxy server DNS address as a name server and add this as your forwarder for all other DNS domains. Your internal clients will first go to your internal DNS and then your internal DNS will forward the request to your Proxy DNS which caches the results that it retrieves from your ISP DNS. Subsequent requests within the TTL will be performed locally from the cache.

Your DHCP server will automatically configure your clients for DNS and WPAD prior to logon and your single configuration will also serve you well for your mobile clients.