Using Automatic Configuration, Automatic Proxy, and Automatic Detection
After you have deployed Windows® Internet Explorer® 8, you can use the automatic proxy and automatic detection features to change some browser settings globally, without having to change each user's computer. Also, to customize user’s machines after deployment, you can deploy an IEAK8 configuration-only package using Active Directory or Systems Management Server (SMS). The information in this section is particularly useful if you expect the needs of your organization or users to change and you anticipate frequent changes to browser settings.
For more information about creating an Internet Explorer 8 custom package, see the IEAK 8 documentation at http://go.microsoft.com/fwlink/?LinkId=157940.
|You can use the Group Policy settings to manage the default browser settings on your users' computers. For administrators managing users' computers in an Active Directory® environment, the Administrative Templates in Group Policy provide policy settings for locking most configuration settings in Internet Explorer 8 after deployment.|
For more information about tools and programs to help you maintain Internet Explorer 8 after deployment, see:
Using automatic configuration
By default, automatic configuration is disabled for Internet Explorer 8. To enable this functionality, you will need to install KB973529 from Microsoft, unless you have the most recent Microsoftl Updates on your system. If you have the latest IE cumulative update installed on your system, you will need to uninstall that package and then reinstall it so that the QFE binaries from that package are installed from that update. See http://support.microsoft.com/kb/897225 for details on how to do this. Once the update is installed, use Windows Registry Editor Version 5.00 to manually the following registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_AUTOCONFIG_BRANDING] “iexplore.exe”=dword:00000001
With the correct binaries and registry key in place, automatic configuration should now process successfully as long as the Use automatic configuration script checkbox is selected, a proper URL path to the .INS file is present, and the Automatically detect settings check box is cleared.
|Branding changes (such as a customized Internet Explorer 8 title bar or toolbar that is distributed to users' computers through automatic configuration) are not applied if the Disable external branding of Internet Explorer policy setting is enabled in Group Policy. This policy prevents branding of Internet Explorer 8 by a third party, such as an Internet service provider or Internet content provider. For more information about the Administrative Templates policy settings, see Managing Browser Settings with Group Policy Tools in this deployment guide.|
In an Active Directory environment, you can also use the Internet Explorer Maintenance (IEM) extension settings in Group Policy to enable automatic configuration and specify the URLs of configuration scripts.
Updating automatic configuration settings
Use the following procedure to enable or change automatic configuration settings in the Internet Explorer 8 browsers that you deploy to your users' computers.
To edit automatic configuration settings
In the Internet Explorer Customization Wizard 8, advance to the Automatic Configuration page.
In IEAK 8 Profile Manager, select Automatic Browser Configuration.
In Internet Explorer Maintenance, in the left pane, click Connection, and then in the right pane, double-click Automatic Browser Configuration.
Select the Enable Automatic Configuration check box.
Specify the interval in minutes for how often automatic configuration will occur. If you enter 0 (zero) or do not enter a value, automatic configuration occurs only when users restart their computers.
To configure proxy selection automatically, type the URL for the automatic proxy script on your server in the Auto-proxy URL (.wpad, or .pac file) box.
To enable automatic detection of browser settings, select the Automatically detect configuration settings check box.
For more information about using automatic proxy, see Proxy selection and automatic proxy later in this section.
For more information about automatic detection, see Using automatic detection later in this section.
For more information about using IEM settings, see Managing Browser Settings with Group Policy Tools in this deployment guide.
Locking automatic configuration settings
You can restrict your users' ability to override the automatic configuration settings in Internet Explorer 8 by enabling the Administrative Templates setting Disable changing Automatic Configuration settings in Group Policy.
For more information about modifying registry-based Group Policy settings for Internet Explorer 8, see Managing Browser Settings with Group Policy Tools in this deployment guide.
Alternatively, if you do not manage an Active Directory environment, you can use the Advanced Settings policies in the Internet Explorer Customization Wizard 8, or in the IEAK Profile Manager. Click Corporate Restrictions, and then click Connections Page. Select the Disable changing Automatic Configuration settings check box to lock automatic configuration settings.
For more information about IEAK Advanced Settings, see http://go.microsoft.com/fwlink/?LinkId=157940.
Proxy selection and automatic proxy
As an administrator, you most likely already use a proxy server with a firewall to create a barrier between your organization and the Internet, to cache frequently used content, and to balance server load. Options for configuring and maintaining proxy settings in Internet Explorer 8 on your users' computers include:
Specifying proxy servers and proxy bypass lists in the following tools:
The Internet Explorer Customization Wizard 8.
IEAK Profile Manager after deployment (if you built a custom package using the Corporate version of IEAK 8).
Group Policy settings in IEM.
- The Internet Explorer Customization Wizard 8.
Using the Internet Explorer Customization Wizard 8 and IEAK Profile Manager, or IEM settings, to point users' browsers to the location of your automatic proxy script (if your organization configures proxy settings automatically through a script that is based on network requests from users' browsers).
|In an Active Directory environment managed with Group Policy, enabling the Administrative Templates policy setting Disable changing proxy settings locks proxy settings on your users' computers.|
Proxy selection and proxy bypass lists
On the Proxy Settings page of the Internet Explorer Customization Wizard 8 (or the Proxy Settings page of IEAK Profile Manager if you installed the Corporate version of IEAK 8), you can enter addresses for the proxy servers that connect your users to the Internet with Internet Explorer 8.
If you use Group Policy settings in IEM to configure Internet Explorer 8, you will find a corresponding Proxy Settings page in Internet Explorer Maintenance in Group Policy Object Editor. In the left pane, click Connection, and then in the right pane double-click Proxy Settings to enter your proxy server information.
For details on the proxy servers and bypass lists you can specify on the Proxy Settings page, see http://go.microsoft.com/fwlink/?LinkId=157940.
Using automatic proxy
With automatic proxy, you can:
Dynamically configure proxy settings, such as server addresses.
Bypass proxy servers based on requests from the browsers on users' computers.
Modify proxy settings after deployment.
To enable automatic proxy, you create a separate .wpad, or .pac script file and then copy the file to a server location. Then, you configure the browsers to use the automatic proxy script file, by entering the script URL on the Automatic Browser Configuration page in IEAK 8 tools or IEM.
For more information about setting automatic proxy, see Updating automatic configuration settings earlier in this section.
|If you specify a server location for an automatic proxy URL and an automatic configuration .ins file on the Automatic Browser Configuration page, the location of the automatic proxy script file is incorporated into the .ins file.|
The automatic proxy script file is executed whenever Internet Explorer 8 makes a network request. Within the script, you can configure multiple proxy servers for each protocol type. If a proxy server connection fails, Internet Explorer 8 automatically attempts to connect to another proxy server that you have specified.
For examples of automatic proxy scripts, see Appendix B: Auto-Proxy Configuration Script Examples in this deployment guide.
After deployment of your custom package, you can centrally maintain and update your proxy settings by modifying the script at the server location you specified on the Automatic Browser Configuration page. If you need to move the location of your automatic proxy script after deployment, modify the automatic proxy URL on the Automatic Browser Configuration page of IEAK Profile Manager, or in IEM Group Policy settings, and redeploy the profile.
Using automatic detection
You can configure your network so that Internet Explorer 8 is automatically customized the first time a user starts it. This can reduce administrative overhead and help-desk calls related to users' browser settings.
Automatic detection is based on Web Proxy AutoDiscovery (WPAD). It is supported by Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). If you select appropriate settings, DHCP and DNS servers can automatically detect and configure browser settings by directing Internet Explorer 8 to the location of a configuration file. This feature builds on existing automatic configuration technologies, in which a browser can be configured from a central location with an automatic proxy script file (.wpad, or .pac file).
With automatic detection, Internet Explorer 8 can be automatically configured when it is started, even if it was not originally customized and deployed by the administrator. For example, automatic detection can automatically configure and customize an Internet Explorer 8 browser that a user downloads independently from the Internet.
To enable automatic detection, in IEAK 8 tools or IEM, select Automatic Browser Configuration, and then select the Automatically detect configuration settings check box.
Configuring servers for automatic detection
To implement automatic detection, you must configure specific settings on DHCP servers, DNS servers, or both.
A DHCP server enables you to specify global and subnet TCP/IP parameters centrally, and to define users' parameters by using reserved addresses. When a user's computer is moved between subnets, it is automatically reconfigured for TCP/IP when the computer is started.
DNS is a set of protocols and services on a TCP/IP network that allow users to search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses.
Using DHCP servers with automatic detection works best for local area network (LAN)–based users, while DNS servers enable automatic detection on computers with both LAN-based and dial-up connections. Although DNS servers can handle network and dial-up connections, DHCP servers provide faster access to LAN users and greater flexibility for specifying configuration files.
|DHCP has a higher priority for automatic detection than DNS. If DHCP provides the URL for a .pac, .jvs, .js, or .ins configuration file, then no DNS lookup is performed.|
Automatic detection for DHCP
To set up automatic detection on DHCP servers, you must create a new option type with the code number 252. Then associate (with this option type) the URL to your configuration file. This file can be a .pac, configuration file.
For more information about configuring option types for automatic detection, consult your server documentation.
|Your DHCP servers must support the DHCPINFORM message.|
Automatic detection for DNS
In the DNS database file, enter a host record named wpad that contains the IP address of the Web server that contains the .pac, .jvs, .js, or .ins automatic configuration file. Alternatively, enter a canonical name (CNAME) alias record named wpad that contains the resolved name (not the IP address) of the server that contains the .pac automatic configuration file.
For more information about configuring a host record or CNAME alias record in the DNS database file, consult your server documentation.
After the record is added and the database file is propagated to the server, the DNS name wpad.<domain>.com resolves to the same name as your server that contains the automatic configuration file.
|When using DNS, Internet Explorer 8 constructs a default URL template based on the host name wpad. For example: http://wpad.<domain>.com/wpad.dat. Therefore, in the Web server wpad record, you must set up a file or redirection point named Wpad.dat to deliver the contents of your automatic configuration file.|