group policy

Configuring GPO Proxy Settings for Internet Explorer 11


The article shows how to configure GPO proxy settings for Internet Explorer 11 browser using Active Directory Group Policies. In earlier versions of Internet Explorer (6, 7 and 9) to configure Internet Explorer settings you needed to use the following setting in the Group Policy Editor console: User configuration -> Policies -> Windows Settings -> Internet Explorer Maintenance.

However, in Internet Explorer 10 (presented in Windows Server 2012 and Windows 8), developers have removed the Internet Explorer Maintenance (IEM) section from Group Policy Editor. Moreover, this section also disappears in Windows 7/Windows Server 2008 R2 after Internet Explorer 10 or 11 install. And even if on a computer with IE 10 or 11 continue to apply the old policy with IEM, it will not work.

Tip. In January 2016 it was announced that support ends for all old versions of Internet Explorer. Thus, Internet Explorer 11 has become the only supported version in IE family. This means, that you must upgrade IE on all computers up to 11.

Config GPO Proxy Settings for IE 11

Now, it is necessary to use a new way to manage IE settings: Group Policy Preferences (GPP) or Internet Explorer Administration Kit 11 (IEAK 11). As claimed by Microsoft, it is more flexible and convenient. To configure IE 11 proxy settings via GPO, perform the following actions:

  1. Open Group Policy Management Console on a computer with Windows 8/10/Server 2012/R2 and create new (or edit existing) GPO. Expand the following section: User Configuration -> Preferences -> Control Panel Settings -> Internet Settings. Right click and select New -> Internet Explorer 10 (this policy will also be applied for the IE 11 and above).
    GPO Proxy Internet Explorer 11
  2. On the windows with the IE settings, go to the Connections tab and press LAN Settings button.
    GPO Proxy Settings IE 11
  3. Tick the checkbox “Use a proxy server for your LAN” and specify the Address and Port of your proxy server (for example 192.168.1.11, port 3128). To enable this option, press F6 button (underline for that setting will change the color from red to green). To disable setting press F7.
    Tip. The green underscore for the IE parameter means that this policy is enabled and will be applied through Group Policy. Red underlining means that the setting is configured, but disabled for users’ computers. To enable all setting on current tab, press F5. To disable all policies on this tab – use F8 key.
    GPO ie11 proxy
    Note the Bypass Proxy Server for Local Addresses option. When this policy is enabled, local resources are always accessed directly, not through a proxy server. Windows automatically recognizes the address of the format http://theitbros as local and IE when accessing them bypasses the proxy. However, it is important to mention that the addresses of the format http://forum.theitbros.local or http://192.168.0.50 can’t be recognized by the system as local. In order to avoid using a proxy to access such resources, you need to configure exceptions for them using the policy Do not use proxy servers for addresses beginning with (see below).
  4. If you need to specify the list of address exceptions, click Advanced. In the field Do not use proxy servers for addresses beginning with: specify the list of IP addresses or domains. For example: 192.*;*.theitbros.com
    ie11 gpo proxy settings
  5. Press OK twice to save settings.

Note. This rule only works for Internet Explorer 10 and Internet Explorer 11. For earlier versions you need to create separate rules.

It remains to link a GPO to desired Active Directory organization unit (OU) (in GPMC console right click on respective AD container, select Link an Existing GPO and find you IE proxy policy), update group policy setting on a client computers (gpupdate /force) and check proxy settings in IE.

internet explorer 11 gpo proxy

Tip. To configure new IE policy from Windows Server 2008/R2, you need to download Administrative Templates for Internet Explorer  and copy files Inetres.admx and Inetres.adml to the folder %SYSTEMROOT%\PolicyDefinitions\.

Also, you can configure IE proxy settings using the registry. Expand the GPP section User Configuration -> Preferences -> Registry and create 3 registry key in the following registry path:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]:

  • ProxyEnable (REG_DWORD) = 00000001
  • ProxyServer(REG_SZ) = 192.168.1.11:3128
  • ProxyOverride (REG_SZ) = 192.*;*.theitbros.com

ie 11 proxy gpo

You may also like:

Deploy LGPO with MDT 2013 Local Group Policy (LGPO) of computer is configured through gpedit.msc snap-in, which does not provide the possibility to export/import settings. That...
Configure NTP Time Sync using Group Policy The Windows Time service (despite its apparent simplicity) is the basis for the normal functioning of Active Directory domain. In properly configured ...
Installing Active Directory Snap-in on Windows 10 One of the main Active Directory domain management tools is the MMC snap-in Active Directory Users and Computers (ADUC). To work with ADUC snap-in in ...
FSMO Role: Infrastructure Master We continue the series of articles about FSMO roles in the Active Directory domain. This time, we will take a closer look at the FSMO role — Infrastru...
Deploy Printers in Domain using Group Policy One of the most important features of Group Policies usage in Active Directory Domain environment is the possibility to connect a shared network print...
Comments
  1. Posted by skip1019
  2. Posted by Daniel
    • Posted by TheITBros
      • Posted by Daniel
  3. Posted by Stefan
    • Posted by Stefan

Add Your Comment