Answer
In GFI WebMonitor 2015 and later load balancing and/or High-Availability are possible by altering the proxypac.pac file that is delivered to machines from the network via proxy auto discovery.Once the proxypac file is edited, it can be distributed in different ways.
One of the possible ways is via Group Policy.
This solution should be used when you would like to host the file on a network share (or your domain controller) and use a VBScript to copy the PAC file from there to the local machines.
a. Creating a VBScript to copy the proxypac.pac file from a shared location to the local machines.
- Use the proxypac.pac file you have previously modified.
- Set a share directory on a file server or on your domain controller and store the proxypac.pac file. The share directory should have access permission to everyone, in order for everyone to be able to access it and read it.
- Create a VBScript to copy the .PAC file from the share directory to the client machines from your domain. Below you can see an example of such a script:
Const OverwriteExisting = True
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objName= CreateObject("wscript.network")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objName= CreateObject("wscript.network")
objFSO.CopyFile "\\server_name\share_name\proxypac.pac" , "C:\folder_name\proxypac.pac" , OverwriteExisting
- Save the file as a .vbs file in the share folder.
- Make sure that the user has rights to read/write on the local machine in the folder you have created.
- On the Domain Controller create a new Organization Unit with all the users you want to use the proxypac.pac file.
- Right click on the new OU and select “Create a GPO in this domain, and Link it here...”. Name it properly. Edit the new policy.
- In the Group Policy Object Editor go to User Configurations/ Windows Settings/ Scripts (Logon/Logoff)/ Logon.
- From the Logon Script window, click Add, in the Script Name dialog box, click Browse and paste the VBScript into that location. Click OK.
- In the same policy that enforces the Logon Script expand User Configuration/ Policies/ Windows Settings/ Internet Explorer Maintenance/ Connection / Automatic Browser Configuration.
- Disable “Automatically detect configuration settings”.
- Enable “Enable Automatic Configuration”
- Set the proxy URL (File://C:/local_machine_folder_name/proxypac.pac). If the user does not have rights to read/write on disk C, then you should create a folder on C and give the user rights to read/write in the folder. In the case that the user has rights on C you can specify directly File://C:/proxypac.pac.
- Click OK.
- On the Domain Controller go to Command Prompt and update the policies by using this command: “gpupdate /force”
- On the client machines Log Off and then Log In with a user that is part of the OU you have previously created.
- Check that on “C:/” or on the folder you have created on the client machine the file proxypac.pac exists.
- Open Internet Explorer or Chrome and check that in LAN Settings “Use automatic configuration script” is enabled and in the Address text box is the location of the proxy file.
- Verify that the proxypac.pac applies.
The settings that were written before apply only on versions lower than Internet Explorer 9. In order to work for IE 10 or 11 you have to make some additional settings. There are a few options available. You can use administrative templates from Microsoft “to define the registry-based Group Policy settings in the Group Policy Management Editor”, or the Internet Explorer Administration Kit (IEAK) “which simplifies the creation, deployment and management of customized Internet Explorer packages” or Registry preference items which “allow you to create, update, replace, and delete keys and values (including name, type, and data) in the Windows registry”.
Next, the steps for adding the Registry items are displayed:
- Go to the Domain Controller and the policy you have created and used before.
- Go to User Configuration / Preferences / Windows Settings/ Registry.
- Right click on Registry and select New Registry Wizard.
- If you have IE 10 on the Domain Controller machine you can select Local Machine, if not, select “Another computer” click browse and enter the name of a machine that has IE10. To be able to select Another computer, you should go to the client machine and in Services, enable the Remote Registry service and start it.
- On that machine you have to manually configure the Internet Explorer settings that are currently set on the machines that use IE8.
- Back to the Domain Controller click Next and then select the location: HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settings
- Enable everything that there is in that location and check to see if you have “AutoConfigURL” and if the value is the one you have set in the browser of the client machine.
- Go to the client machine, remove the settings made in IE10 and delete the history.
- Log off and Log in into the machine with a user from the OU.
- Update the policies by opening CMD with “gpupdate /force”.
- Check that you have the proxypac.pac file and also the settings from IE. They should be the same as the ones from IE8.
See also: