Internet Explorer 7 Advanced Proxy Settings via Group Policy

Something that has been on my task list for the last 4 months, and pissing me off royally the entire time, has been to figure out why Group Policy settings for Proxy Settings have not been applying to Internet Explorer 7 clients. The policy has worked fine in Internet Explorer 6 but after upgrading to Internet Explorer 7, the function ceased to work.
Apparently, this has been an issue for a lot of users:

While some users had luck after checking Proxy Exceptions to
make sure no invalid characters were included, many were still faced with the
initial problem.
After months of looking for a solution to this problem, the big M$ decided to FINALLY address the issue with a knowledge base article
(which was only posted THIS WEEK on March 10, 2009).

According to Microsoft, the issue is related to Internet Explorer 7 no longer
supporting the Gopher protocol. As a result, if you customize a GPO to include
Internet Explorer Proxy Settings, you MUST NOT INCLUDE GOPHER. Simply leave the
field blank, close the GPO and refresh the settings on the client computer. Like
MAGIC the settings now appear! Woohoo. Check below for a short guide.


  1. Open the Group Policy Management Console and navigate to the GPO holding
    the settings.
  2. Navigate to the Proxy Configuration Settings located at User
    Configuration/Windows Settings/Internet Explorer Maintenance/Connection

    and configure the Proxy Settings field.

    Group Policy Configuration
  3. In this example, every field is set to the same server and port.
    Do not use the option
    "Use the same proxy server for all addresses."

    Original Proxy Settings
  4. Simply delete the entries on the Gopher Field, click
    Apply and then Ok.

    Adjusted Proxy Settings
  5. From the Client machine, open a command prompt and run
    "gpupdate /force".

  6. Check your IE settings. The proxy configuration should now be applied!

Let me know if this works for you!

OS X + Active Directory + Notebooks

Working with OS X, Windows, Active Directory and other network services as much as I do, I came across a great tip when adding a leopard based machine to a AD domain today. After you bind the machine to the domain, make sure to enable the option called “Create mobile account at login”, especially if the machine is a notebook. I’m not going to say I learned this from experience, but hey you get the drift.

Create mobile account at Login

After binding to your domain, select “Show Advanced Settings” and select the “Services” tab. Open the Active Directory settings and enable the Create Mobile Account at Login check box and confirmation box if necessary.