A colleague had an issue with a Windows 7 deployment: every single user group policy deployed correctly, EXCEPT the proxy pac file setting, despite other objects in the exact same group policy object applying correctly.
A gpresult /h on the affected machine showed the policy setting had applied to user:
However despite these settings Automatically detect configuration was “ticked” in IE on new deployments, for new users logging on, causing internet access to fail.
My colleague took a ProcMon log of launching IE. I set the filter to Path contains AutoConfigURL which is the name of the key this Auto-Proxy URL is set:
I could see the key was set correctly
With this item selected I then hit “reset filter” on ProcMon. We can now clearly see our culprit. Notice MigrateProxy is set to 1 (We can see the value of the reg key following word Data)
By clearly I mean, clearly if you know the quirks of how Windows works
Through trial and error you can prove:
- If MigrateProxy is set to 0 and Automatically Detect Settings is Disabled then on launching IE MigrateProxy is set to 1 and Automatically Detect Settings gets re-enabled
- If Automatically Detect settings is not disabled, MigrateProxy seems to do nothing.
In this case the theory was proved by mounting \Users\Default\ntuser.dat and setting MigrateProxy to 1.
After doing this new users logging onto the machine did not experience the issue
You could deploy this setting via Group Policy to all machines if required.
This is documented in MS KB article http://support.microsoft.com/kb/2587595 and is actually not a bug, but by bad … ahem … confusing design.
Be warned though…The MigrateProxy can be important … because if migration does not occur you may not get Dial-Up (if you use it) or VPN connection settings replicated as expected. If you apply the reg key hack make sure you test any dial-up (if used) or VPN connections that appear in Internet Options Connections tab, to ensure they continue to work.