stackoom
  简体   繁体   中英

Small AD Domain, how to enforce Proxy settings but only for home LAN? (Windows 10 clients)

 原文  2019-01-15 21:18:36       windows/ proxy/ samba/ roaming

Question


I own/administer a small LAN for home where most of the stuff is Linux-based.

The end-users (teens, wifey) usually do stuff through their Windows 10 Laptop so I created a small AD Domain based on RHEL7.6 and Samba 4.8.x some time ago.

I set some GPOs using RSAT so I wouldn't have to go to each account on each Laptop to change settings : GPOs for Desktop Icons, Resume from Sleep, Enforce Proxy, etc..

Now I need to make sure that this config works so that Laptops do NOT try to use our home Proxy (squid-based) when working from school/university/coffee shop .

In short, I am looking for a way to Configure those Windows 10 laptops to go through the Proxy when at home but not anywhere else.

I am getting a little confused by the usual Windows Internet Settings:
Should I:
- enable 'Automatically detect settings' (I do have WPAD records in my ISC DHCP/DNS infra)
or:
- 'Use automatic configuration script' (I wrote and tested a PAC file which is served by thttpd locally - Is this file cached when clients are away?).

Should I configure both? Is it reliable enough to do so? Should I only configure the 'automatic configuration script URL' to make it fail faster when outside?

I've somewhat figured that 'Proxy Server' should actually be disabled and left unset if I want the laptops to use 'DIRECT' when they're away.

I'm basically trying to avoid having to drive an offspring through the daunting task of disabling the configured proxy server when he/she realizes that Network access from school/work/library doesn't appear to work.

Also, if the failure could be 'quick' and not add too many timeouts, I'd be -VERY- happy.

Thank you for reading, Vincent

2 answers

solution1
 0  2019-01-16 17:11:10

I've figured that the problem isn't with GPO Proxy Settings but instead with 'Google Chrome' and the way it just -ignores- the PAC file that's provided by the home network.

So I ended up crafting the GPO the way I wanted it to be:
[ ] Automatically Detect Settings
[X] Use Automatic Configuration Script
Address: http://10.20.30.44/krynn.pac
[ ] Use a proxy server....
[ ] Bypass...

And then I edited the goddamn 'Google Chrome' Shortcut on every desktop to add '--winhttp-proxy-resolver' to Chrome.

solution2
 0  2019-03-28 21:38:03

我打开了谷歌浏览器的一个问题: https : //bugs.chromium.org/p/chromium/issues/detail?id=922248 Chrome 问题本身在浏览器 72.0 版本中得到修复。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Capturing event of Windows LAN proxy settings change? How to change LAN Settings (proxy configuration) programmatically How does Windows actually detect LAN (proxy) settings when using Automatic Configuration How to Enforce Password Complexity Policy settings Windows How to see the proxy settings on windows? Retrieving proxy settings from IE10 in Windows 8 Metro app TortoiseSVN very slow over proxy if Windows internet explorer proxy settings are not set and using only TortoiseSVN proxy settings how to configure multiple lan card with multiple ip address in windows 10 Docker on Windows 10 Home How to run docker-onlyoffice-nextcloud on windows through LAN only
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM