In enterprise environments, there are times when you need to prevent users from arbitrarily changing proxy settings. This is essential for preventing security policy violations or unauthorized network access bypassing. Windows allows you to effectively control this through Group Policy.
1. GPO Configuration in Active Directory Environment
1.1 Basic Configuration Method
Open the Group Policy Management Console (gpmc.msc) and create a new GPO or edit an existing one.
User-level application:
User Configuration > Administrative Templates > Windows Components > Internet Explorer
Computer-level application:
Computer Configuration > Administrative Templates > Windows Components > Internet Explorer
In both paths, find the “Prevent changing proxy settings” policy and set it to Enabled.
| Type | Computer Configuration | User Configuration |
|---|---|---|
| Scope | All users on the computer | Specific users only |
| Priority | High | Low |
| Recommended Use | Shared PCs, kiosks | Individual user targeting |
1.2 Policy Application and Verification
After linking the GPO to the target OU, you can apply it immediately using gpupdate /force. When the policy is correctly applied, the proxy settings screen will display “Some settings are managed by your organization.”
2. Direct Configuration on Local Computers
2.1 Windows Pro/Enterprise Editions
For computers not joined to a domain, use the Local Group Policy Editor (gpedit.msc).
User Configuration > Administrative Templates > Windows Components > Internet Explorer > Prevent changing proxy settings
2.2 Windows Home Edition (Registry Method)
Home edition doesn’t include the Group Policy Editor, so you must modify the registry directly.
- Run Registry Editor (
regedit) - Navigate to:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel - Create a new DWORD value
Proxyand set the value to1
3. Advanced Configuration through GPO Preferences
In large-scale environments, GPO Preferences allows for more granular control.
3.1 Registry-based Configuration
User Configuration > Preferences > Windows Settings > Registry
Create the following two entries:
| Item | Registry Path | Value Name | Value Data | Purpose |
|---|---|---|---|---|
| Block proxy settings | HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel |
Proxy |
1 |
Prevent proxy setting changes |
| Block options menu | HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions |
NoBrowserOptions |
1 |
Block IE options window access |
3.2 Specific Group Exclusion Configuration
To allow administrators to change proxy settings, use Item Level Targeting.
- Select the Common tab in registry settings
- Check Item-level targeting
- Select New > Security Group
- Enter the group to exclude (e.g.,
Domain Admins)
4. Browser-specific Application Scope
Windows proxy settings apply to most browsers, but there are differences.
| Browser | Application | Notes |
|---|---|---|
| Internet Explorer 11 | ✅ Full support | Support ended June 2022 |
| Microsoft Edge | ✅ Full support | Uses system proxy |
| Google Chrome | ✅ Full support | Uses system proxy |
| Mozilla Firefox | ⚠️ Partial support | Requires “Use system proxy settings” option |
| Opera | ✅ Full support | Chromium-based |
For Firefox, you need to set network.proxy.type to 5 in about:config or enable “Use system proxy settings” in settings.
5. Hiding Windows 10/11 Settings App Proxy Page
For stronger blocking, you can hide the proxy page itself in the Settings app.
Computer Configuration > Administrative Templates > Control Panel > Settings Page Visibility
Enter hide:network-proxy in the policy value to completely hide the Network & Internet > Proxy page.
6. Troubleshooting and Considerations
6.1 Policy Application Verification Methods
# Check currently applied policies
gpresult /r
# Check specific user policies in detail
gpresult /user username /v
# Generate HTML report
gpresult /h c:\temp\gpo_report.html
6.2 Known Limitations
- Users with local administrator privileges can still directly edit the registry
- Regular users can modify personal registry keys without UAC prompts
- Policies automatically refresh every 90 minutes, so manual changes are reverted
6.3 Additional Security Hardening
For complete security, consider implementing these additional measures:
- Deploy web filtering solutions
- Block direct proxy connections at the firewall
- Remove local administrator privileges from user accounts
- Restrict registry editor access
Reference Links:
- Microsoft Learn – Group Policy Management
- Microsoft Docs – Prevent Proxy Setting Changes
- Microsoft Q&A – GPO Troubleshooting