Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Group Policies / Configuring Proxy Settings on Windows Using Group Policy Preferences

February 27, 2023 Active DirectoryGroup PoliciesWindows 10Windows Server 2016

Configuring Proxy Settings on Windows Using Group Policy Preferences

In this article, we’ll take a look at how to centrally configure proxy settings on Windows 10 computers in a domain using Group Policy. Most popular browsers (such as Microsoft Edge, Google Chrome, Internet Explorer, Opera) and most applications automatically use the proxy settings set in Windows to access the Internet. We’ll also look at how to set up WinHTTP proxy settings on Windows.

Contents:
  • How to Set Proxy Settings on Windows via GPO?
  • Configure Proxy Setting via Registry and GPO
  • Change WinHTTP Proxy Settings via GPO

In this article, we will look at the specifics of configuring a proxy server through Group Policy in supported versions of Windows (Windows 10, 8.1, and Windows Server 2012/2016/2019). Note that proxy settings are set differently in Windows 7/Server 2008R2, Windows XP/Windows Server 2003 with discontinued support.

How to Set Proxy Settings on Windows via GPO?

Originally, to centrally configure Internet Explorer settings (including proxy settings) using Group Policies in the Active Directory domain environment, the Internet Explorer Maintenance (IEM) policy was used. This policy option was located in the user GPO section: User configuration –> Policies –> Windows Settings –> Internet Explorer Maintenance. But since Windows Server 2012/Windows 8, the IEM policy has been deprecated. This section is missing in modern versions of Windows 10/Windows Server 2016/2019.

Internet Explorer Maintenance section in GPO Editor

On the latest Windows versions, you must use Group Policy Preferences (GPP) to configure IE and proxy settings in the GPO Editor. There is also the option of using a special extension of Internet Explorer Administration Kit 11 (IEAK 11) – but it is rarely used.

Open the domain GPO Editor console (Group Policy Management Console – GPMC.msc), select the OU with the users to which you want to apply proxy settings, and create a new policy Create a GPO in this domain, and Link it here.

create proxy gpo in an active directory domain

Go to User Configuration -> Preferences -> Control Panel Settings -> Internet Settings. In the context menu, select New ->  Internet Explorer 10.

create internet explorer 10 policy preference

To configure proxy settings on Windows 10/Windows Server 2016, you need to use the Internet Explorer 10 item.

Tip. Although there is no separate option for Internet Explorer 11, the Internet Explorer 10 policy should apply to all versions of IE above 10 (in the InternetSettings.xml policy file, you can see that the option is valid to all IE versions from 10.0.0.0 to 99.0.0.0).

<FilterFile lte="0" max="99.0.0.0" min="10.0.0.0" gte="1" type="VERSION" path="%ProgramFilesDir%\Internet Explorer\iexplore.exe" bool="AND" not="0" hidden="1"/>

ie version support in gpo config file

A special Group Policy Preferences IE form will appear in front of you, almost completely identical to the Internet Options settings in the Windows Control Panel. For example, you can specify a home page (General tab -> Home page field).

ie set homepage

Important. It is not enough to simply save your changes in the Group Policy Editor. Notice the red and green underlines for the Internet Explorer 10 configurable settings. A red underline indicates that the setting won’t be applied. To save and apply a specific setting, press F5. A green underline of a parameter means that this IE parameter will be applied via GPP.

The following function keys are available:

  • F5 – Enable all settings on the current tab
  • F6 – Enable the selected setting
  • F7 – Disable the selected setting
  • F8 – Disable all settings in the current tab

To specify proxy settings, go to the Connections tab and click the Lan Settings button. The proxy server can be configured in one of the following ways:

  • Automatically detect settings – automatic detection of settings using the wpad.dat file;
  • Use automatic configuration script – auto-configuration script (proxy.pac);
  • Proxy Server – the IP address or DNS name of the proxy server is specified directly in the policy settings. This is the easiest way, and we will use it.

Check the option Use a proxy server for your LAN, and specify the IP/FQDN name of the proxy server and the connection port in the corresponding Address and Port fields.

enable and configure proxy server settings using GPO

By enabling the Bypass proxy server for local addresses option, you can prevent applications (including the browsers) from using a proxy server when accessing local resources (in the format http://localnetwork). If you use resource addresses like http://web1.woshub.loc or http://192.168.1.5, then these addresses are not recognized by the Windows as local ones. These addresses and addresses of other resources, for access to which you do not need to use a proxy, must be specified manually. Press Advanced button and add this addresses to the field Do not use proxy servers for addresses beginning with in the following format:  10.1.*;192.168.*;*.woshub.loc;*.local.net.

do not use proxy servers for addressing begining with - proxy exclusions

Tip. Proxy settings in Google Chrome also can be set through the GPO using special administrative templates. Also, you can install the ADMX templates for Mozilla Firefox.

After you save the policy, you can view the InternetSettings.xml file with the specified browser settings in the policy folder on the domain controller:

\\UKDC1\SYSVOL\woshub.com\Policies\{PolicyGuiID}\User\Preferences\InternetSettings\InternetSettings.xml

InternetSettings.xml config file in gpo

GPP allows you to more finely target policy to users/computers. For this, GPP Item Level Targeting is used. Go to the Common tab, enable the option Item-level targeting -> Targeting.

In the form that opens, specify the conditions for applying the policy. As an example, I indicated that the proxy configuration policy will be applied only to users who are members of the proxy_users domain security group. You can use your own logic for assigning proxy parameters.

proxy server item level gpo targeting

It remains to link the proxy policy to the AD container with the users and update policy settings on them. After applying policies on the users’ computers, new IE settings should be used. You can check the current proxy settings on Windows 10 in the Settings -> Network and Internet -> Proxy. As you can see, the computer now uses the proxy settings specified in the domain policy.

check proxy server settings on windows 10

To prevent users from changing the proxy server settings, you can use this article.

Configure Proxy Setting via Registry and GPO

In addition, you can configure IE settings through the registry using GPP policies. For example, to enable proxy server, you need to configure the following registry parameter in the registry key HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings. In the GPO editor go to the section User Configuration -> Preferences -> Windows Settings -> Registry and create three registry parameters under the specified reg key:

  • ProxyEnable (REG_DWORD) = 00000001
  • ProxyServer (REG_SZ) = 192.168.0.11:3128
  • ProxyOverride (REG_SZ) = https://*.woshub.com;192.168.*;10.1.*;*.contoso.com;<local>

You can also use Item-level targeting here to target your policy settings for specific users/devices.

set proxy settings via the registry

If you need to create proxy policies not per-user, but for the entire computer (per-computer), use the GPP settings from the GPO section Computer Configuration -> Preferences -> Windows Settings -> Registry. Set the same registry parameters under the registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings.

Change WinHTTP Proxy Settings via GPO

Some system services or applications (for example, the Wususerv update service or PowerShell) don’t use user’s proxy settings by default. For such applications to work correctly and access the Internet, you need to configure the WinHTTP proxy settings in Windows.

To check if WinHTTP proxy is configured on your computer, run the command:

netsh winhttp show proxy

The answer “Direct access (no proxy server)” means that no proxy is set. netsh winhttp show proxy Direct access (no proxy server)

You can manually set a proxy for WinHTTP on your computer with the command:
netsh winhttp set proxy proxy.woshub.com:3128 "localhost;10.1.*;192.168.*;*.woshub.com"

Or import proxy settings from user’s Internet Explorer settings:

netsh winhttp import proxy source=ie

winhttp proxy server import from IE

However, you won’t be able to configure WinHTTP through the GPO – there is no corresponding parameter in the GPO editor, and the parameter are stored in binary registry attribute that is not suitable for direct editing.

WinHttpSettings registry parameter

The only way to set WinHTTP proxy settings on Windows via GPO is to configure WinHTTP proxy on the reference computer, export the value of the WinHttpSettings parameter from the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections, and deploy this parameter to domain computers through the GPP registry extension.

deploy WinHttp proxy settings via GPO

16 comments
5
Facebook Twitter Google + Pinterest
previous post
Updating Group Policy Settings on Windows Domain Computers
next post
Configuring PowerShell Script Execution Policy

Related Reading

Zabbix: How to Get Data from PowerShell Scripts

October 27, 2023

Tracking Printer Usage with Windows Event Viewer Logs

October 19, 2023

How to Use Ansible to Manage Windows Machines

September 25, 2023

Installing Language Pack in Windows 10/11 with PowerShell

September 15, 2023

How to View and Change BIOS (UEFI) Settings...

September 13, 2023

16 comments

syed April 12, 2016 - 3:58 pm

Do we have to restart the user machine for this group policy to take effect

Reply
admin April 14, 2016 - 5:02 am

To apply user policy, user must logoff and login to machine or execute the command :

gpupdate /force

Reply
fred April 30, 2016 - 7:02 am

when I restarts the client and I do gpupdate / force the gpo not working to block the websites but she managed to display ONLY the URL of the home page sets but I can not bring down the parameters proxy to block certain sites on my client machines

Reply
BLUE STELLAR July 16, 2016 - 6:31 am

Very Good Tutorial.
 Works 100 percent. I tried varies different methods trying to set up the homepages on my
WINDOWS SERVER ESSENTIALS 2012 R2.                                                                                                                    BE VERY CAREFUL AND DO NOT FORGET TO PRESS “F5” TO SAVE THE CHANGES.
Add the websites and make sure your CURSOR is still blinking in the box where you added the website address. And then press “F5”. The red line changes to blue and then hit save and in Command prompt , RUN the command GPUPDATE /FORCE.
Thanks a million to the author. Really good resource.

Reply
Tammy August 12, 2016 - 5:42 pm

However, after applying this GPO, the user still has the ability to go in and remove the proxy settings.  I don’t see an option to force the proxy settings and not allow the user to remove them.
And taking away admin rights to the local machine for the user is not an option.
 

Reply
Max August 22, 2016 - 9:35 am

To prevent users from changing proxy servers settings, you can hide the IE Connection page using GPO:

User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel -> Disable the Connections page

Reply
Phil September 20, 2016 - 3:40 pm

I created this policy and it is not being applied.  Does anyone have this working on Windows 7 Clients with IE 11 ?? 

Reply
admin September 21, 2016 - 4:36 am

Can you check that the policy apply to the new operating systems: Windows 2012, Windows 8.1?

Reply
IE11 Internet Explorer Maintenance Policies Gone in 2k8R2? June 4, 2018 - 2:05 pm

[…] Do you have Group Policy Preferences in Server 2008? Configure Internet Explorer 11 Settings Using GPO | Windows OS Hub […]

Reply
Okan August 3, 2018 - 2:29 pm

I cannot edit the settings on the Security tab and in Trusted Sites. Its grayed out. How would I add a site to the Trusted Sites?

Reply
admin August 7, 2018 - 2:36 pm

You can add site to the trusted list using the rigistry:
for current user: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains
or for all users: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains

Or you can use this policy:
User Settings -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Site to Zone Assignment List

Reply
Mihail Stacanov August 6, 2018 - 10:57 am

I cannot disable with F7 and F8 Languages. If I delete or add some language it will be deleted/added on user side. If I delete all languages from the list then they will be deleted also from user side. Do you know how can I disable any changes in languages?

Reply
admin August 7, 2018 - 2:44 pm

I’ve never configured languages preferences in IE using a GPO. Have you tried clicking on the Suffix field and pressing the F8 button?
As I see all the available options have changed the underscore to red.

Reply
Jorge December 19, 2021 - 7:27 pm

There’s a problem here when the IE feature is disabled as the GPP searches the iexplore.exe to filter out the machines asn that file doesn’t exist in that case.

Reply
serg July 18, 2022 - 1:12 pm

_https://igorpuhalo.wordpress.com/2022/07/15/windows-proxy-settings-ultimate-guide-part-ii-configuring-proxy-settings/

Reply
Nikky January 22, 2023 - 4:35 pm

Hi I use this method it work well my problem is in proxyoverde .I add website that I want to access .I add like 90 website link it work but when I add more than 90 those above 90 won’t bypassed .how to add more than 90 site on exception? Am using windows server r12

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Zabbix: How to Get Data from PowerShell Scripts

    October 27, 2023
  • Tracking Printer Usage with Windows Event Viewer Logs

    October 19, 2023
  • PowerShell: Configure Certificate-Based Authentication for Exchange Online (Azure)

    October 15, 2023
  • Reset Root Password in VMware ESXi

    October 12, 2023
  • How to Query and Change Teams User Presence Status with PowerShell

    October 8, 2023
  • How to Increase Size of Disk Partition in Ubuntu

    October 5, 2023
  • How to Use Ansible to Manage Windows Machines

    September 25, 2023
  • Installing Language Pack in Windows 10/11 with PowerShell

    September 15, 2023
  • Configure Email Forwarding for Mailbox on Exchange Server/Microsoft 365

    September 14, 2023
  • How to View and Change BIOS (UEFI) Settings with PowerShell

    September 13, 2023

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Configure Google Chrome Settings with Group Policy
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • How to Find the Source of Account Lockouts in Active Directory
  • How to Disable or Enable USB Drives in Windows using Group Policy
  • Get-ADComputer: Find Computer Properties in Active Directory with PowerShell
  • Deploy PowerShell Active Directory Module without Installing RSAT
  • Managing User Photos in Active Directory Using ThumbnailPhoto Attribute
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top