Wednesday, June 19, 2013

Bypass Proxy 

Netsh winhttp set proxy myproxy

Netsh winhttp set proxy myproxy:80 ";bar"

Netsh winhttp set proxy proxy-server="http=myproxy;https=sproxy:88" bypass-list="*.   contoso.com"



If you’re in an environment where users are allowed to use browsers other than the default Internet Explorer (IE), you should know that these programs will use settings outside of the Microsoft defaults. Employees using other browsers will also need to have all their traffic sent through GFI WebMonitor. In this post we’ll go through the procedure needed to ensure employees don’t get around security policies when using Firefox.



Unlike IE, Mozilla Firefox is a third-party browser with no integration with Microsoft Windows, and it does not support remote administration by default. Nevertheless, there are ways to remotely configure Firefox like IE. In order to use this procedure you will need a freeware package FirefoxADM. It can be downloaded from the repository SourceForge.



Note: GFI provides this for customers’ convenience. We do not support the FirefoxADM package.



Before deploying the proxy settings for Firefox, download and extract the package FirefoxADM on a server with Active Directory.



Pushing out Firefox proxy settings with GPO


    

  1. Open the relevant GPO for the site, domain or organizational unit in the Group Policy Object Editor
    2. 

  2. Expand the following levels within the tree: User Configuration Windows Settings > Scripts (Logon/Logoff)
    3. 

  3. Double-click Proxy-settings in the main policy area
    4. 

  4. Click the Show Files button; this will display the folder the script will be stored in
    5. 

  5. Copy and paste the script firefox_login.vbs from the FirefoxADM package into the folder
    6. 

  6. Return to the Logon Properties window and click Add
    7. 

  7. Browse to the location of the start scripts folder where the script was just copied to, select the file and click the Open button
    8. 

  8. Click OK and then OK again to save the changes.
    9. 




This has now configured the GPO to run a script which locks down the Firefox settings when the machine first starts up. You now need to add and configure the Administrative Templates which will be used to define the locked down proxy settings:


    

  1. Expand the User Configuration level in the tree
    2. 

  2. Right-click Administrative Templates and select Add/Remove Templates
    3. 

  3. Click the Add button and browse to the location of the startup template firefoxdefaults.adm, select the file and click Open, then Click Close
    4. 

  4. Expand the Administrative Templates level under Computer Configuration
    5. 

  5. Select Mozilla Firefox Default Settings in the tree
    6. 

  6. Double-click Proxy Settings in the main policy area
    7. 

  7. Select the radio button Enabled
    8. 

  8. At this point you can begin entering the proxy settings that are to be pushed to users; this information can be found in your provisioning email
    9. 

  9. Once finished click OK.
    10. 




This policy and any subsequent changes will only be refreshed on user login, or alternatively you can force a GPO update from command prompt if available (the command is: gpupdate /force).



Locking down Firefox proxy settings with GPO


    

  1. Open the relevant GPO for the site, domain or organizational unit in the Group Policy Object Editor
    2. 

  2. Expand the following levels within the tree: Computer Configuration > Windows Settings Scripts (Logon/Logoff)
    3. 

  3. Double-click Startup in the main policy area
    4. 

  4. Click the Show Files button, this will display the folder the script will be stored in
    5. 

  5. Copy and paste the script firefox_startup.vbs from the FirefoxADM package into the folder
    6. 

  6. Returning to the window, click Add in Startup properties
    7. 

  7. Browse to the location of the start scripts folder where the script was just copied to, select the file and click the Open button
    8. 

  8. Click OK and then OK again to save the changes.
    9. 




This has now configured the GPO to run a script which will lockdown the Firefox settings when the machine first starts up. You now need to add and configure the Administrative Templates which will be used to define the locked down proxy settings:


    

  1. Expand the Computer Configuration level in the tree
    2. 

  2. Right-click Administrative Templates and select Add/Remove Templates
    3. 

  3. Click the Add button and browse to the location of the startup template firefoxlock.adm, select the file and click Open, then click Close
    4. 

  4. Expand the Administrative Templates level under Computer Configuration
    5. 

  5. Select Mozilla Firefox Locked Settings in the tree
    6. 

  6. Double-click Proxy Settings in the main policy area
    7. 

  7. Select the radio button Enabled
    8. 

  8. At this point you can begin entering the proxy settings that are to be pushed to users; this information can be found in your provisioning email
    9. 

  9. Once finished click OK.
    10. 




This policy and any subsequent changes will only be refreshed on system start up.



Do you have any questions? Leave us a comment below and I’ll reply to your query.

- See more at: http://www.gfi.com/blog/how-to-prevent-users-from-changing-gfi-webmonitor-proxy-settings-in-firefox-using-group-policies/#sthash.O0JZl7C7.dpuf
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)