Posted on July 27, 2017 · Posted in Group Policies

Prevent Changing IE Proxy Settings Using GPO

In this post, I’ll show you an easy way to prevent users without administrator privileges from changing the proxy server settings by blocking corresponding elements Internet Explorer dialog window using GPO.

Today Internet Explorer 11 is the only browser version that is officially supported by MSFT (besides Edge) and many users should have to update to this browser version. If in previous versions IE supposed its settings to be configured in Internet Explorer Maintenance(IEM) section of GPO, starting from Internet Explorer 10 (released in Windows Server 2012 / Windows 8), browser settings can be centrally configured only through the  section User Configuration -> Preferences -> Control Panel Settings -> Internet Settings (read more here).

After the policy containing IE settings has been applied to a user (in our example, we configure only proxy settings), he can change the assigned proxy parameters any time if necessary. However, these changes are overridden every 90 minutes during next policy update cycle. I would like to completely block this dialog box and prevent users without the administrator privileges from changing proxy server settings configured in the domain GPO.

configuring IE proxy settings with gpo

In GPMC.msc console, create a new GPO and switch to the Edit mode. Open User  Configuration ->Administrative Templates -> Windows Components -> Internet Explorer section and enable the policy Prevent changing proxy settings.

 Prevent changing proxy settings policy

Assign the policy to the OU containing users and update the policy on the clients. Check proxy server settings in IE. As you can see, text fields containing the settings are locked.

lockdown proxy dialog box

In addition to the existing policy, you can also prevent proxy server settings from being changed through the registry. To do it, go to User Configuration -> Preferences ->Windows Settings -> Registry section and create a DWORD parameter  with the name Proxy and the value 00000001 in the key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel.

Prevent changing proxy settings via registry GPP

In order the policy is not applied to administrators, add the necessary admin groups on the GPOs Delegation tab (e. g., corp_srvadmins) and check Deny next to Apply Group policy for them.

exclude admins group from policy


Related Articles