How to force a web proxy below browser level

1

I need help in forcing several workstations to use an external web proxy.

I realize I will be asking how to do this the "wrong way" considering that: a) Users are not part of any windows group and are all administrator users. b) I do not have access to the routers so can not force the proxy there.

My challenge is to force all the computers at a workspace to use the business's approved web proxy.

I will eventually get the correct infrastructure established, but for now I just need a quick and dirty solution to force the workstations to use a proxy.

Setting the proxy at browser level is useless as the users can just as easily turn it off.

Of course, as each user practically has an administrator account, they can also undo anything I implement.

But, if it were obscure enough, then it would solve the problem until I get a proper network in place.

I was thinking something along the lines of a registry setting, or script that would force the proxy for all browsers. The users are not the kind that would know the first thing about registry settings but would know how to change their browser settings. However, the only registry settings I have seen are for IE only - workstations use various browsers.

Any ideas?

Oscar

Posted 2011-07-23T13:56:41.870

Reputation: 151

Forcing autonomous computers to act as your subjects!? "Why you're the king? I didn't vote for you!" – surfasb – 2011-07-25T08:06:10.487

Answers

0

Since they all have administrator accounts and use a variety of different web browsers I'd say you have two solutions.

Using a PAC file, which allows browsers to automatically locate a configuration file which tells them which proxy to use, although this is still also easily disabled by going into Internet Explorers settings and clicking the "Automatically discover proxy" (or whatever it says).

The other option is to use a transparent proxy, with this everyones internet traffic will be forced through the proxy anyway, basically all this is is the proxy set as the default gateway but with rules to redirect web traffic into the proxy port, but it comes at the disadvantage of not being able to filter HTTPS.

Jack

Posted 2011-07-23T13:56:41.870

Reputation: 155

Thanks for you fast reply Jack. Few issues I have is that I don't have access to configure the gateways (which is also a mess, these guys have 8 separate internet lines - literally one for each office). The PAC file could be a solution, but as you say they can just turn it off. So looking for something like a registry setting or a way to force the PAC file. Any other ideas? – Oscar – 2011-07-23T14:28:09.227

You could just disallow the connections box in Internet explorer using a GPO (or the registry if you wish to do it that way) and force the proxy settings (with GPO or registry) and that would prevent them from opening the connections box in Internet Explorer. Heres how prevent them from opening the connections tab (it might be out of date I'm not sure). I can't really think of a way to control all browsers though unfortunately.

– Jack – 2011-07-23T14:46:07.260

I see what you mean. unfortunately most are using Firefox etc. But you have given me some ideas. thanks – Oscar – 2011-07-23T15:02:58.387

@Dale: Both Firefox and Chrome allow certain settings to be enforced.

– user1686 – 2011-07-23T15:27:58.437

Asked: 2011-07-23T13:56:41.870

Viewed: 1 266 times

Active: 2011-07-23T16:07:55.640