How to disable LAN proxy server

Need_More_Money_2

My work laptop has a proxy server set for LAN connections (In the LAN settings of IE). The IT department have also somehow disabled the ability to change this - options are grayed out. This is fine when connected to the network at work; but if I connect the laptop to my home network, it cannot see the proxy server and therefore cannot connect to the Internet (for programs that use the settings in IE).
The computer is set to login to a domain (required for work email) and I can still login even when not connected to a network that can see the domain. If I can create a user on the local machine and login as that user (logging into the machine rather than the domain) and that allows Internet access. But I'd prefer to just have the one login ID.
I found how to disable the proxy by editing the registry, but as soon as I reboot the machine when connected to the work network - the registry (and proxy settings) are restored. I considered using Firefox which would bypass the settings, but the IT dept have also done something in the registry which stops Firefox working.
Can anyone suggest how I can disable the proxy settings without manually editing the registry everytime? Either disabling it permanently or writing a script to run each time I want to use the machine on another network would be fine.

Thanks

theCapt

I would ask the IT dept to give you your requirements, they can only say no.

Failing that you need to gain access to the admin rights of the laptop, it is possible to do this with programs from the net. I will not however point you in the direction of one because it sounds like the IT dept. don't want you to be able to gain access to other networks usually for sercurity issues. Might be an idea to buy another connection method like WiFi or just buy another system.

Need_More_Money_2

theCapt wrote:

I would ask the IT dept to give you your requirements, they can only say no.

Failing that you need to gain access to the admin rights of the laptop, it is possible to do this with programs from the net. I will not however point you in the direction of one because it sounds like the IT dept. don't want you to be able to gain access to other networks usually for sercurity issues. Might be an idea to buy another connection method like WiFi or just buy another system.

I actually have the administrator password (I have to login to local machine rather than domain to be administrator). When logged in as administrator there is no proxy but I cannot see how to disable it for individual users on the domain. Laptop has WiFi but proxy applies to that as well, is bypassed for dial up conenctions but that's all.

I am planning to ask IT department about it, but I don't hold out much hope as they are generally fairly incompetent and ridiculously restrictive on what we can do

albertross_2

export the registry key to a .reg file, and click on it when you are at home, or create a vbs script and put it in startup, but that will stop it working at work

Need_More_Money_2

albertross wrote:

export the registry key to a .reg file, and click on it when you are at home, or create a vbs script and put it in startup, but that will stop it working at work

Thanks will try that. Do I just use 'Export Registry File' in Regedit and select the relevant key?
Will not matter if proxy is disabled at work as Internet access seems to work regardless of whether proxy is used or not

albertross_2

They've got a well messed up network if it works with the proxy disabled..!

yes, just find the key, and export that particular key, or create a file along these lines, using 1 or 0 as the value to switch it on/off.

Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable",1, "REG_DWORD"
WScript.Quit

save as pon.vbs etc..

is that the key you used?

Need_More_Money_2

albertross wrote:

They've got a well messed up network if it works with the proxy disabled..!

As I said in a previous post, they're fairly incompetent!

albertross wrote:

is that the key you used?

Yes that was it.

Thanks again

M9174852

The reason your settings are being greyed out whilst on your work network is probably due to group policy on the domain. There is a reason that IT lock down machines. Obviously you will feel that IT are restrictive etc etc, But can you think of any instances where the network has gone down/infected whole enterprise with a virus/lost all your data on servers etc etc? Downtime for users in these instances can be very frustrating. Downtime can be lessened by implementing such 'restrictive access'. Less freedom, less damage.

If a user is restricted for certain access within the workplace, this is to protect the workplace network and machines, and thus all your data on servers etc. If a user somehow figured out how to bypass this for home internet usage, they could potentially and I am not saying intentionally - unknowingly infect that machine. When it goes back into the workplace network, it could potentially be a major hazard. If this happened to your machine and it was flagged up by central virus servers or otherwise, I wouldn't like to be in your position. People have lost their jobs over less.

However, this keeps IT people in a job - but can also be destructive. I would think you are probably going to hate me for this post/v.interesting info:p, but having worked in companies where all hell breaks loose and no matter how good the contingency is- sometimes it's never enough to recover lost data. Then you have to explain to every other user why they cannot use their systems while IT do some more firefighting. Rebuilding hundreds of servers is not such a great job, just because a user innocently infected the whole network.

Need_More_Money_2

mhairipotter wrote:

The reason your settings are being greyed out whilst on your work network is probably due to group policy on the domain. There is a reason that IT lock down machines. Obviously you will feel that IT are restrictive etc etc, But can you think of any instances where the network has gone down/infected whole enterprise with a virus/lost all your data on servers etc etc? Downtime for users in these instances can be very frustrating. Downtime can be lessened by implementing such 'restrictive access'. Less freedom, less damage.

I realise why they do it and I guessed it was a group policy but know little about how this works. I understand it is probably necessary for most of the users who have little computing knowledge. It is, however, frustrating that they cannot have a more reasonable approach for those of us with a scientific background and, frankly, more computing knowledge and experience than most of the people in the IT department.

mhairipotter wrote:

If a user is restricted for certain access within the workplace, this is to protect the workplace network and machines, and thus all your data on servers etc. If a user somehow figured out how to bypass this for home internet usage, they could potentially and I am not saying intentionally - unknowingly infect that machine.

I feel that I am more than capable of dealing with the risk of infecting the machine. I've been using computers and the Internet for longer than the vast majority of people in our IT department.
The point of buying me a laptop was so that I could work at home (I'm behind a router and firewall) or when travelling and staying in hotels. The group policy significantly restricts the way I can work when off site.

mhairipotter wrote:

I would think you are probably going to hate me for this post/v.interesting info:p,

Of course not Thanks for posting your point of view.

A_Nice_Englishman

As a Network Manager with many years' experience in corporate and academic networks I would not give users the rights that the OP wants for the reasons mhairipotter states. However competent a user might be and however much I trusted him accidents can still happen.

I would try to give my users the functionality they need to get their work done though. In this case a 'dual boot' machine might be a solution. It would have two copies of Windows on two separate partitions of the hard disk and give the choice of 'home' or 'work' when starting up.

This is virtually like having two separate laptops and full admin rights could be given on the 'home' partition without jeopardising the corporate network.

theCapt

A_Nice_Englishman wrote:

As a Network Manager with many years' experience in corporate and academic networks I would not give users the rights that the OP wants for the reasons mhairipotter states. However competent a user might be and however much I trusted him accidents can still happen.

I would try to give my users the functionality they need to get their work done though. In this case a 'dual boot' machine might be a solution. It would have two copies of Windows on two separate partitions of the hard disk and give the choice of 'home' or 'work' when starting up.

This is virtually like having two separate laptops and full admin rights could be given on the 'home' partition without jeopardising the corporate network.

Good Idea, the same sorrt of thing could be done with a live version of linux, just create a second partition for saving data.