Proxy and intranet access design: Research and Executive users authenticate to a Windows 2000 Proxy Server for Internet access, but then must also authenticate to reach your internal intranet site. Users without proxy accounts cannot reach the intranet at all. You want all users to reach the intranet without supplying separate proxy credentials. What should you configure on the clients?

Difficulty: Easy

Move the intranet server onto the client segment of the network
Move the proxy server onto the server segment of the network
Configure each client to bypass the proxy server for local addresses
Configure each client to use port 81 for the proxy server
None of the above

Correct Answer: Configure each client to bypass the proxy server for local addresses

Explanation:

Introduction / Context:
Web proxy authentication is often required for outbound Internet access, but internal intranet sites should normally be reachable without passing through the external proxy or requiring proxy credentials. Browsers and WinINET clients can be configured to bypass the proxy for local (intranet) addresses, ensuring direct LAN access using standard Windows authentication if needed.

Given Data / Assumptions:

Proxy requires user credentials for Internet access.
Internal intranet server is reachable on the LAN.
Some users lack proxy accounts and should still access intranet.

Concept / Approach:
Configure the proxy settings to “Bypass proxy server for local addresses” or add the intranet FQDN/IP patterns to the proxy exception list. This allows direct connections to the intranet server, avoiding the proxy’s authentication gate while keeping proxy enforcement for external sites.

Step-by-Step Solution:
Open Internet Options → Connections → LAN settings.Check “Bypass proxy server for local addresses.”Optionally add intranet hostnames or domains to the Exceptions list.Test intranet access; ensure Internet sites still route via proxy.

Verification / Alternative check:
Use netstat or proxy logs to confirm intranet traffic no longer hits the proxy. Validate Single Sign-On to the intranet via Integrated Windows Authentication if applicable.

Why Other Options Are Wrong:
Moving servers: Topology changes are unnecessary; this is a client configuration issue.

Using port 81: Arbitrary and unrelated to the dual-auth problem.

None of the above: Incorrect because proxy bypass for local addresses solves it.

Common Pitfalls:
Forgetting to include both short hostnames and FQDNs in exceptions, or proxy-chaining intranet traffic inadvertently causing authentication prompts.

Final Answer:
Configure each client to bypass the proxy server for local addresses

Discussion & Comments

No comments yet. Be the first to comment!

More Questions from Windows 2000 Server

Discussion & Comments