Here within our campus environment, we have an issue with users running local proxy servers in order to bypass the content filter/firewall. In an attempt to stop this activity, there is a GP in place to prevent the user from editing the proxy settings in the internet options. This works great if the user is the one editing the settings, but what we have discovered is that they are using a program (or several, as it seems) that are on flash drives.
These programs appear to run a script that eliminates the need for any interface in order to change to the settings it needs. Simply “greying out” or removing the “connections” tab in internet options is not preventing this.
I have even explored registry “hacks” but the settings for IE and the internet options are all located in the user areas of the registry, and the limited accounts are unable to modify the registry, and attempting to modify it from an Admin account is difficult to do for other users.