Proxy Server (W10 21H2) Windows10 GPO proxy setting applied without values

[Denes, Laszlo]

I examined our proxy server forced GPO and noted that we still do the old way via 3 registry keys (user) and decided to test the new way for W10/W11 following

http://woshub.com/configure-internet-explorer-10-and-11-settings-using-gpo-in-windows-server-2012/

for users explicitly.

All the settings look good and I item targeted a user in a test OU and I can see that the GPO applied (gpresult /r /user) but none of the settings are there.

I don’t see any errors for the GPO either.

I noted this article, but no solution as they just used the previous registry setting and I want to move away from that.

https://serverfault.com/questions/1061289/windows10-gpo-proxy-setting-applied-without-values

I did make sure that all the values in the new GPO setting are enabled (F6) etc. and they are.

Chrome and Edge do pick up the proxy when I use a registry value as does IE11

Has anyone made this work using the GPO option? MUCHO THANKS for any help. Likely something silly I missed

Some screenshots

 

 

 

Many thanks In advance.

 

Regards,

 

Laszlo

 

 

Laszlo Denes

Technical Analyst Servers

Information Systems

The Salvation Army Toronto Grace Health Centre

650 Church Street, Toronto, ON M4Y 2G5

t: 416-925-2251 ext. 214

f: 416-925-3211

lde...@torontograce.org

www.torontograce.org

 

  

 

Exceptional and compassionate care for all.

 

________________________________________
NOTICE: This message, including any attachments, may contain privileged or confidential information and is intended for use only by the individual to whom it is specifically addressed (or those responsible for the delivery of the message to such person). Any distribution, copying or disclosure is strictly prohibited without the written consent of the sender. If you are not the intended recipient or have received this message in error, please notify us by reply email and permanently delete the original transmission from us. Thank you for your cooperation. If you have any questions about this message please contact the Information Systems Department, Salvation Army Toronto Grace Health Centre, 650 Church St., Toronto, ON M4Y 2G5. Phone: (416) 925-2251

[Mayo, Bill]

We have done this in the past. What you have in the screenshots looks correct and is consistent with what we have, minus the targeting aspect (which should be irrelevant). I do recall having some issues with it being deployed in some instances, and it seems like it had something to do with the run once settings—but it has been a long time and I don’t really remember. I can tell you that we have some additional settings in our policy, although I cannot guarantee that they are specifically related to this or that they will help. Those settings are:

• Windows Components/Internet Explorer
  • Disable changing Automatic Configuration settings: Enabled
  • Prevent running First Run wizard: Enabled (Go Directly to home page)
• Preferences > Windows Settings > Registry
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, AutoDetect, REG_DWORD, 0x0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, MigrateProxy, REG_DWORD, 0x1
  • HKCU\Software\Microsoft\Internet Explorer\Main, IE8RunOnceLastShown, REG_DWORD, 0x1
  • HKCU\Software\Microsoft\Internet Explorer\Main, IE8RunOncePerInstallCompleted, REG_DWORD, 0x1
  • HKCU\Software\Microsoft\Internet Explorer\Main, IE8RunOnceCompletionTime, REG_BINARY, <blank>
  • HKCU\Software\Microsoft\Internet Explorer\Main, IE8TourShown, REG_DWORD, 0x1
  • HKCU\Software\Microsoft\Internet Explorer\Main, IE8TourShownTime, REG_BINARY, <blank>
  • HKCU\Software\Microsoft\Internet Explorer\Main, IE8RunOnceLastShown_TIMESTAMP, REG_BINARY, <blank>
  • HKCU\Software\Microsoft\Internet Explorer\Main, IE8RunOnceComplete, REG_DWORD, 0x1
  • HKCU\Software\Microsoft\Internet Explorer\Main, RunOnceHasShown, REG_DWORD, 0x1

 

We are actually currently trying to stop things going through the proxy, and I am having a heck of a time with getting all the traffic off. This is mainly an issue with things running as system or using WinHTTP. From my research there is a plethora of places from which this is potentially picked up and I am still trying to figure it all out.

 

Bill Mayo

 

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Denes, Laszlo
Sent: Thursday, May 26, 2022 2:32 PM
To: ntsys...@googlegroups.com
Cc: Denes, Laszlo <lde...@torontograce.org>
Subject: [ntsysadmin] Proxy Server (W10 21H2) Windows10 GPO proxy setting applied without values

 

I examined our proxy server forced GPO and noted that we still do the old way via 3 registry keys (user) and decided to test the new way for W10/W11 following

http://woshub.com/configure-internet-explorer-10-and-11-settings-using-gpo-in-windows-server-2012/

for users explicitly.

All the settings look good and I item targeted a user in a test OU and I can see that the GPO applied (gpresult /r /user) but none of the settings are there.

I don’t see any errors for the GPO either.

I noted this article, but no solution as they just used the previous registry setting and I want to move away from that.

https://serverfault.com/questions/1061289/windows10-gpo-proxy-setting-applied-without-values

I did make sure that all the values in the new GPO setting are enabled (F6) etc. and they are.

Chrome and Edge do pick up the proxy when I use a registry value as does IE11

Has anyone made this work using the GPO option? MUCHO THANKS for any help. Likely something silly I missed

Some screenshots

 

 

 

Many thanks In advance.

 

Regards,

 

Laszlo

 

 

Laszlo Denes

Technical Analyst Servers

Information Systems

The Salvation Army Toronto Grace Health Centre

650 Church Street, Toronto, ON M4Y 2G5

t: 416-925-2251 ext. 214

f: 416-925-3211

lde...@torontograce.org

www.torontograce.org

 

  

 

Exceptional and compassionate care for all.

 

________________________________________
NOTICE: This message, including any attachments, may contain privileged or confidential information and is intended for use only by the individual to whom it is specifically addressed (or those responsible for the delivery of the message to such person). Any distribution, copying or disclosure is strictly prohibited without the written consent of the sender. If you are not the intended recipient or have received this message in error, please notify us by reply email and permanently delete the original transmission from us. Thank you for your cooperation. If you have any questions about this message please contact the Information Systems Department, Salvation Army Toronto Grace Health Centre, 650 Church St., Toronto, ON M4Y 2G5. Phone: (416) 925-2251

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/27d5afa077d14e6ebd882c8092fed07d%40TGHVSEX2013PASS.torontograce.org.

[Michael Rolleri]

Hi Laszlo,

The article you referenced mentions drilling down into the sysvol and looking at the InternetSettings.xml.

"After you save the policy, you can view the InternetSettings.xml file with the specified browser settings in the policy folder on the domain controller:

\\UKDC1\SYSVOL\woshub.com\Policies\{PolicyGuiID}\User\Preferences\InternetSettings\InternetSettings.xml"

Have you had a look to see if the XML exists, and if so, has the settings you want?  What about removing the item-level targeting?  The policy being applied is dependent on the policy scope, and you said it is being applied without error, so it would seem to me the proxy settings not be configured could be related to item-level targeting.

Regards,

Michael

[Denes, Laszlo]

I did remove the item level and it made no difference, but will drill down to what you suggested. Cheers for that J

 

Laszlo Denes

Technical Analyst Servers

Information Systems

t: ext. 214

lde...@torontograce.org

 

From: ntsys...@googlegroups.com [mailto:ntsys...@googlegroups.com] On Behalf Of Michael Rolleri
Sent: Friday, May 27, 2022 12:06 PM
To: ntsysadmin <ntsys...@googlegroups.com>
Subject: [ntsysadmin] Re: Proxy Server (W10 21H2) Windows10 GPO proxy setting applied without values

 

CAUTION: External mail. Do not open attachments or click links that you do not trust.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/09bbfe1b-77dc-4a5d-b39a-58de2800f877n%40googlegroups.com.

[Denes, Laszlo]

Yeah we disable the first run and change settings through GPO, but the GPO I setup for this was just the proxy item, i.e. separate GPO. Thanks

 

Laszlo Denes

Technical Analyst Servers

Information Systems

t: ext. 214

lde...@torontograce.org

 

From: ntsys...@googlegroups.com [mailto:ntsys...@googlegroups.com] On Behalf Of Mayo, Bill
Sent: Friday, May 27, 2022 11:03 AM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] RE: Proxy Server (W10 21H2) Windows10 GPO proxy setting applied without values

 

CAUTION: External mail. Do not open attachments or click links that you do not trust.

We have done this in the past. What you have in the screenshots looks correct and is consistent with what we have, minus the targeting aspect (which should be irrelevant). I do recall having some issues with it being deployed in some instances, and it seems like it had something to do with the run once settings—but it has been a long time and I don’t really remember. I can tell you that we have some additional settings in our policy, although I cannot guarantee that they are specifically related to this or that they will help. Those settings are:

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/7f6a2a25ab6c4f7d9916326fb12eb267%40pittcountync.gov.