I own/administer a small LAN for home where most of the stuff is Linux-based.
The end-users (teens, wifey) usually do stuff through their Windows 10 Laptop so I created a small AD Domain based on RHEL7.6 and Samba 4.8.x some time ago.
I set some GPOs using RSAT so I wouldn't have to go to each account on each Laptop to change settings : GPOs for Desktop Icons, Resume from Sleep, Enforce Proxy, etc..
Now I need to make sure that this config works so that Laptops do NOT try to use our home Proxy (squid-based) when working from school/university/coffee shop.
In short, I am looking for a way to Configure those Windows 10 laptops to go through the Proxy when at home but not anywhere else.
I am getting a little confused by the usual Windows Internet Settings:
Should I:
- enable 'Automatically detect settings' (I do have WPAD records in my ISC DHCP/DNS infra)
or:
- 'Use automatic configuration script' (I wrote and tested a PAC file which is served by thttpd locally - Is this file cached when clients are away?).
Should I configure both? Is it reliable enough to do so? Should I only configure the 'automatic configuration script URL' to make it fail faster when outside?
I've somewhat figured that 'Proxy Server' should actually be disabled and left unset if I want the laptops to use 'DIRECT' when they're away.
I'm basically trying to avoid having to drive an offspring through the daunting task of disabling the configured proxy server when he/she realizes that Network access from school/work/library doesn't appear to work.
Also, if the failure could be 'quick' and not add too many timeouts, I'd be -VERY- happy.
Thank you for reading, Vincent
So I ended up crafting the GPO the way I wanted it to be:
[ ] Automatically Detect Settings
[X] Use Automatic Configuration Script
Address: http://10.20.30.44/krynn.pac
[ ] Use a proxy server....
[ ] Bypass...
And then I edited the goddamn 'Google Chrome' Shortcut on every desktop to add '--winhttp-proxy-resolver' to Chrome. – Vincent S. Cojot Jan 16 '19 at 17:07