group policy

Configuring GPO Proxy Settings for Internet Explorer 11


The article shows how to configure GPO proxy settings for Internet Explorer 11 browser using Active Directory Group Policies. In earlier versions of Internet Explorer (6, 7 and 9) to configure Internet Explorer settings you needed to use the following setting in the Group Policy Editor console: User configuration -> Policies -> Windows Settings -> Internet Explorer Maintenance.

However, in Internet Explorer 10 (presented in Windows Server 2012 and Windows 8), developers have removed the Internet Explorer Maintenance (IEM) section from Group Policy Editor. Moreover, this section also disappears in Windows 7/Windows Server 2008 R2 after Internet Explorer 10 or 11 install. And even if on a computer with IE 10 or 11 continue to apply the old policy with IEM, it will not work.

Tip. In January 2016 it was announced that support ends for all old versions of Internet Explorer. Thus, Internet Explorer 11 has become the only supported version in IE family. This means, that you must upgrade IE on all computers up to 11.

Config GPO Proxy Settings for IE 11

Now, it is necessary to use a new way to manage IE settings: Group Policy Preferences (GPP) or Internet Explorer Administration Kit 11 (IEAK 11). As claimed by Microsoft, it is more flexible and convenient. To configure IE 11 proxy settings via GPO, perform the following actions:

  1. Open Group Policy Management Console on a computer with Windows 8/10/Server 2012/R2 and create new (or edit existing) GPO. Expand the following section: User Configuration -> Preferences -> Control Panel Settings -> Internet Settings . Right click and select New-> Internet Explorer 10 (this policy will also be applied for the IE 11 and above).
    GPO Proxy Internet Explorer 11
  2. On the windows with the IE settings, go to the Connections tab and press LAN Settings button.
    GPO Proxy Settings IE 11
  3. Tick the checkbox “Use a proxy server for your LAN” and specify the Address and Port of your proxy server (for example 192.168.1.11, port 3128). To enable this option, press F5 button (underline for that setting will change the color from red to green). To disable setting press F7.
    GPO ie11 proxy
  4. If you need to specify the list of address exceptions, click Advanced. In the field Do not use proxy servers for addresses beginning with: specify the list of IP addresses or domains. For example: 192.*;*.theitbros.com
    ie11 gpo proxy settings
  5. Press OK twice to save settings.
READ ALSO  How to transfer FSMO Roles From a Failed Domain Controller

Note. This rule only works for Internet Explorer 10 and Internet Explorer 11. For earlier versions you need to create separate rules.

It remains to assign a GPO to desired Active Directory organization unit, update group policy setting on a client computers (gpupdate /force) and check proxy settings in IE.

internet explorer 11 gpo proxy

Tip. To configure new IE policy from Windows Server 2008/R2, you need to download Administrative Templates for Internet Explorer  and copy files Inetres.admx and Inetres.adml to the folder %SYSTEMROOT%\PolicyDefinitions\.

Also, you can configure IE proxy settings using the registry. Expand the GPP section User Configuration -> Preferences -> Registry and create 3 registry key in the following registry path:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]:

  • ProxyEnable (REG_DWORD) = 00000001
  • ProxyServer(REG_SZ) = 192.168.1.11:3128
  • ProxyOverride (REG_SZ) = 192.*;*.theitbros.com

ie 11 proxy gpo


You may also like:

Deploy LGPO with MDT 2013 Local Group Policy (LGPO) of computer is configured through gpedit.msc snap-in, which does not provide the possibility to export/import settings. That...
Installing Active Directory Snap-in on Windows 10 One of the main Active Directory domain management tools is the MMC snap-in Active Directory Users and Computers (ADUC). To work with ADUC snap-in in ...
How to hide specific OU in Active Directory The first thing you see while opening Active Directory Users and Computers (ADUC) snap-in is AD containers (Organization Unit, OU), in which user acco...
Change Default OU permissions in Active Directory By default, each newly created organizational unit (OU) in the access list includes read permission for the group Authenticated Users (built-in group)...
Join Domain and Login over a VPN Connection This is a short tutorial on how to join a computer to a domain over a VPN connection. This was very useful for us this weekend. We had to reformat a c...
  • skip1019

    I tried this GPO. For some reason , the GPO is not applied

  • Daniel

    Once applied, is it possible to remove the connections tab ? I don’t see a point changing the proxy address if users can then go in and change it ?

    • Hey, Daniel!

      To lock tab with proxy setting you must enable the policy User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Prevent changing proxy settings.

      • Daniel

        Awesome thanks – I will test this today. I have IE 11 on Windows 10 so I’m trying to avoid using registry changes, using the following
        User Configuration -> Preferences -> Control Panel Settings -> Internet Settings . Right click and select New-> Internet Explorer 10