Internet Explorer 11 – applying proxy settings over GPO

One of the biggest changes (from administration perspective) in IE11 is that the Internet Explorer Maintenance (IEM) settings have been deprecated in favor of Group Policy Preferences, Administrative Templates (.admx), and the Internet Explorer Administration Kit 11 (IEAK 11).

2015-01-26 14_25_47-sneu0223 - Remote Desktop Connection

Because of this change, your IEM-configured settings will no longer work on computers running Internet Explorer 10 or newer. To fix this, you need to update the affected settings using Group Policy Preferences, Administrative Templates (.admx), or Internet Explorer Administration Kit 11 (IEAK 11).

I have mostly used that setting to apply proxy details only, but now, with IE11 it changes. In order to set up proxy details in “Automatic configuration” area you have to follow these steps:

Step 1: Create new policy and open it in GPMC Editor

Step 2: Go to User Configuration -> Preferences -> Control Panel Settings and select Internet Settings.

Step 3: Right click and select “New” -> Internet Explorer 10. There is no setting for IE 11 since IE 10 is declared as 10 or higher.

2015-01-26 14_33_41-sneu2013 - Remote Desktop Connection

Step 4: In “New Internet Explorer 10 Properties” window go directly to Connections -> LAN Settings. It will open up “Local Area Network (LAN) Settings” where you can specify all of the settings. Remember that all of the choices that you want to apply should be marked on green, to do so use F5-F8 keys as follows:

  • F5 – Configure all of these settings [MULTIPLE]
  • F6 – Configure just this setting [SINGLE]
  • F7 – Ignore just this setting [SINGLE]
  • F8 – Ignore all these settings [MULTIPLE]

2015-01-26 14_59_24-sneu2013 - Remote Desktop Connection

Configure similar options in the same policy for IE 8-9 or any other IE versions you are using.

As soon as you do that, you are good to go. Almost. Part of these settings may and won’t work on IE8-9 (and possibly older versions). Example? Option to “Automatically detect settings” which in my assumption should be disabled in most environments. Unless you know you are using WPAD (Web Proxy Auto Detection), then you know it has to be enabled. But in most cases, in most environments – we do not have WPAD configured in our DHCP and as long as “Automatically detect settings” is enabled – your IE will act like a stupid trying to find WPAD in your environment and waste a lot of time. Trust me, it can cost you (your users) some time.

Ok, so how do I set it up using GPO? Similar like for IE10 or higher, but, with one small difference – if you want to uncheck “Automatically detec settings” you have to export your settings as registry value

Step 1: Configure your IE Properties -> LAN settings manually:

2015-01-26 14_58_34-sneu2013 - Remote Desktop Connection

Step 2: Using regedit go directly to: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings and export it

2015-02-05 07_21_42-Registry Editor

In my case it looks like that:

What’s the first problem that you can find in here? It’s binary. Means it can be a bit tricky to manipulate those values. Nevertheless, this key holds our current settings that we want to deploy to our users.

Step 3: Using GPMC add new registry entry by importing file you exported in Step 2. At the end your policy should be similar to the one from screenshot below:

2015-02-05 07_30_42-Group Policy Management

As soon as you run gpupdate / log on anew on your PCs – settings should be applied correctly.

Leave a Reply