How to implement SmartPAC in your Windows environment using AD GPO?

Considering the changes to Group Policy in the past few years (i.e., Changes from server 2008R2 to 2016 with GPP and the depreciation of ‘Internet Explorer Maintenance’ post IE10) we believe that registry adjustment is the easiest way of PAC enforcement. 

This KB article guides you through the implementation of Securly’s SmartPAC solution within your Windows environment using Active Directory GPO. 

Things to remember before getting started:

  1. The  GPO’s listed in this guide are based on the user level. Active Directory environments can differ vastly from one another. 
  2. Intranet Zones will need to be adjusted to prevent redirect loops in IE. IE places proxy servers automatically in the Intranet Zone. Since our proxy servers aren't on your intranet, this causes problems that prevent IE from properly loading web resources and results in a looping behavior.

*Pro Tip 1*

Each of the GPO's you will be creating in this guide may need to be removed one day.  Simply deleting a GPO does not mean its settings will be reset to normal.  Using the "Common" tab and checking "Remove this item when it is no longer applied" will accomplish this.

This option removes the GPO item should you decide to remove Securly and delete the GPO. If you delete the GPO without this option being selected, the settings will remain and users will continue to be filtered. Note that this option should be considered for all of the GPO’s in this guide should you ever want to remove Securly correctly.


*Pro Tip 2*

Each of these registry entries should be a separate GPO.  You may at some point in time need to disable one such as the GPO that locks the browser down so proxy settings cannot be changed.

Creating a single GPO with all of the below settings will prevent you from being able to selectively disable and troubleshoot.

When done, it should look something like this:



Getting started - Creating User-Based Registry Items:


Step 1: Create Registry Key for SmartPAC with the following details


Key Path: Software\Microsoft\Windows\CurrentVersion\Internet Settings

Action: Create

Value Name:  AutoConfigURL

Value Type: REG_SZ

Value Data: The SmartPAC URL provided to you by Securly Support or Sales team member. 

*Note that by default your SmartPAC URL may use HTTPS.  Some versions of IE only support HTTP.  Securly supports both so be aware that you may need to use HTTP.*

 Step 2: Create Registry Key to Lock Down Internet Settings


Key Path: Software\Policies\Microsoft\Internet Explorer\Control Panel

Action: Create

Value Name: ConnectionsTab

Value Type: REG_DWORD

Value Data: 1 

Windows 10

Key Path: Software\Policies\Microsoft\Internet Explorer\Control Panel
Action: Create
Value Name: Proxy
Value Type: REG_DWORD
Value Data: 1

Note that this setting is essential to locking out the Windows 10/ Edge proxy settings.


Ensure that you place the objects in the correct OU that corresponds to your off-site users (in most cases this will be your students).

Was this article helpful?
10 out of 28 found this helpful
Have more questions?
Submit a request



Article is closed for comments.

Articles in this section

See more