This article explains how to create a Group Policy Object (GPO) on your Active Directory server to automatically configure all of the users' browsers within your Active Directory Organizational Unit (OU) to use the Web Appliance as their web proxy. With the minor change of selecting your domain rather that an OU, you can apply the following procedure to create a GPO for your entire domain.
The advantage of using GPOs is that they enforce the specified change, which removes the dependency on user actions from the task. Also, the configuration task can be done centrally in one quick and simple operation. The disadvantage is that it only works for Internet Explorer browsers on Windows systems. So users who prefer a different browser or work on other computer platforms cannot have their browsers configured this way. There are similar ways to configure Firefox browsers, and these are described in the articles that are listed in the note near the end of this article.
Caution: While some settings pushed out by GPO can be reversed by disabling the setting (for example, disabling Logoff on the Start Menu), others can only be removed by pushing out the original setting (such as Folder Redirection). Proper testing should be done before deciding to push out significant changes using a GPO.
Note: The following instructions are shown using the Group Policy Object Editor that comes with Windows 200x, not the newer Group Policy Management Console.
secedit /refreshpolicy machine_policy
secedit /refreshpolicy user_policy
Note: If some of your users are using Firefox, they can install an extension called "switchproxy" that adds a tool bar allowing them to set proxies, and switch between them, on the fly. There is also a website that has created .msi packages for Firefox that can be deployed via Active Directory and another site that provides instructions for creating .msi and .adm files to deploy and configure Firefox with a GPO:
Support for problems with third-party products that this article discusses may be provided by the manufacturer of that product. Sophos does not support such third-party products. The third-party products that this article discusses are manufactured by companies that are independent of Sophos. Sophos makes no warranty, implied or otherwise, about the performance or reliability of these products.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.