[THIN] Re: Registry Key to deny internet access

  • From: "Jeff Pitsch" <jepitsch@xxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Thu, 21 Sep 2006 09:42:42 -0400

You are absolutely correct Andrew.  You only need 1 GPO with loopback
processing enabled.  That OU and any OU underneath it would then be set to
loopback processing.

Jeff Pitsch Microsoft MVP - Terminal Server Provision Networks VIP

Forums not enough?
Get support from the experts at your business

On 9/21/06, Andrew Wood <andrew.wood@xxxxxxxxxxxxxxxx> wrote:

I was under the impression that you only needed to apply 1 GPO with loopback processing enabled. As that settings applies to the machine - all other GPO policies being run on that server would run in the loopback mode specified.

This way you can have a 'server' GPO - which enables the loopback
(but has no user settings). Then a number of 'user' GPOs - which each
have/need the server setting applied as  its already been done in the

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Of Jeremy Saunders
Sent: 21 September 2006 14:06
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Registry Key to deny internet access

Sure David. You can create multiple group policies (with loopback
enabled) and give them higher priority than your default settings. Then
apply these policies to different user group and place the users in these
groups. This way different sets of users can have different proxy


Kind regards,

Jeremy Saunders
Senior Technical Specialist

Infrastructure Technology Services
(ITS) & Cerulean
Global Technology Services (GTS)
IBM Australia
Level 2, 1060 Hay Street
West Perth WA 6005

Visit us at

P: +61 8 9261 8412                F: +61 8 9261 8486
M: TBA                            E-mail:

            >                                                          To
            Sent by:                  thin@xxxxxxxxxxxxx
            thin-bounce@freel                                          cc
                                      [THIN] Re: Registry Key to deny
            21/09/2006 08:43          internet access

Please respond to thin@xxxxxxxxxxxx g

Charles Fraser escribió: > There are 2 easy ways to do this by GPO. The 1st is User Configuration > > Windows Settings > Internet Explorer Maintenance > Connections > > Proxy Settings. Check the Enable Proxy Settings box, for the proxy > server address choose Check Use same proxy server for all > addresses and un-check Do Not Use Proxy Server for intranet addresses. > I use this for several classes of users and it works well. The > advantage of doing it in this manner is that in the event you need to > add sites to allow these users to go to you can add them to the > exception list. > > The second way is do dis-allow iexplore.exe via GPO. That policy is > located in User Configuration > Administrative Templates > System > > Don't run specified Windows applications. Then you would enable that > policy and add iexplore.exe. > > > There are also 3rd party applications like app-sense that you can use > as well but I think the GPO method will work for you. > > > Charlie > ***************** > Yes, I have implemented this GPO. But, only applied in the server's farm. Also I have implemented 'Loopback processing mode', so the GPO only is applied when the user are looged into a server. If I change the proxy settings I'm changing the settings for the server, included all the users connected there. So, the question is if there is any way to setup 'MANUALLY', the proxy settings per user inside registry.

For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation
use the below link:

************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************

For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:

Other related posts: