Gpo proxy settings windows 10

In this article, we’ll take a look at how to centrally configure proxy settings on Windows 10 computers in a domain using Group Policy. Most popular browsers (such as Microsoft Edge, Google Chrome, Internet Explorer, Opera) and most applications automatically use the proxy settings set in Windows to access the Internet. We’ll also look at how to set up WinHTTP proxy settings on Windows.

In this article, we will look at the specifics of configuring a proxy server through Group Policy in supported versions of Windows (Windows 10, 8.1, and Windows Server 2012/2016/2019). Note that proxy settings are set differently in Windows 7/Server 2008R2, Windows XP/Windows Server 2003 with discontinued support.

How to Set Proxy Settings on Windows via GPO?

On the latest Windows versions, you must use Group Policy Preferences (GPP) to configure IE and proxy settings in the GPO Editor. There is also the option of using a special extension of Internet Explorer Administration Kit 11 (IEAK 11) – but it is rarely used.

Open the domain GPO Editor console (Group Policy Management Console – GPMC.msc), select the OU with the users to which you want to apply proxy settings, and create a new policy Create a GPO in this domain, and Link it here.

Go to User Configuration -> Preferences -> Control Panel Settings -> Internet Settings. In the context menu, select New ->  Internet Explorer 10.

To configure proxy settings on Windows 10/Windows Server 2016, you need to use the Internet Explorer 10 item.

<FilterFile lte="0" max="99.0.0.0" min="10.0.0.0" gte="1" type="VERSION" path="%ProgramFilesDir%\Internet Explorer\iexplore.exe" bool="AND" not="0" hidden="1"/>

A special Group Policy Preferences IE form will appear in front of you, almost completely identical to the Internet Options settings in the Windows Control Panel. For example, you can specify a home page (General tab -> Home page field).

To specify proxy settings, go to the Connections tab and click the Lan Settings button. The proxy server can be configured in one of the following ways:

• Automatically detect settings – automatic detection of settings using the wpad.dat file;
• Use automatic configuration script – auto-configuration script (proxy.pac);
• Proxy Server – the IP address or DNS name of the proxy server is specified directly in the policy settings. This is the easiest way, and we will use it.

Check the option Use a proxy server for your LAN, and specify the IP/FQDN name of the proxy server and the connection port in the corresponding Address and Port fields.

By enabling the Bypass proxy server for local addresses option, you can prevent applications (including the browsers) from using a proxy server when accessing local resources (in the format http://localnetwork). If you use resource addresses like http://web1.woshub.loc or http://192.168.1.5, then these addresses are not recognized by the Windows as local ones. These addresses and addresses of other resources, for access to which you do not need to use a proxy, must be specified manually. Press Advanced button and add this addresses to the field Do not use proxy servers for addresses beginning with in the following format:  10.1.*;192.168.*;*.woshub.loc;*.local.net.

Tip. Proxy settings in Google Chrome also can be set through the GPO using special administrative templates. Also, you can install the ADMX templates for Mozilla Firefox.

After you save the policy, you can view the InternetSettings.xml file with the specified browser settings in the policy folder on the domain controller:

\\UKDC1\SYSVOL\woshub.com\Policies\{PolicyGuiID}\User\Preferences\InternetSettings\InternetSettings.xml

GPP allows you to more finely target policy to users/computers. For this, GPP Item Level Targeting is used. Go to the Common tab, enable the option Item-level targeting -> Targeting.

In the form that opens, specify the conditions for applying the policy. As an example, I indicated that the proxy configuration policy will be applied only to users who are members of the proxy_users domain security group. You can use your own logic for assigning proxy parameters.

It remains to link the proxy policy to the AD container with the users and update policy settings on them. After applying policies on the users’ computers, new IE settings should be used. You can check the current proxy settings on Windows 10 in the Settings -> Network and Internet -> Proxy. As you can see, the computer now uses the proxy settings specified in the domain policy.

To prevent users from changing the proxy server settings, you can use this article.

Configure Proxy Setting via Registry and GPO

In addition, you can configure IE settings through the registry using GPP policies. For example, to enable proxy server, you need to configure the following registry parameter in the registry key HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings. In the GPO editor go to the section User Configuration -> Preferences -> Windows Settings -> Registry and create three registry parameters under the specified reg key:

• ProxyEnable (REG_DWORD) = 00000001
• ProxyServer (REG_SZ) = 192.168.0.11:3128
• ProxyOverride (REG_SZ) = https://*.woshub.com;192.168.*;10.1.*;*.contoso.com;<local>

You can also use Item-level targeting here to target your policy settings for specific users/devices.

If you need to create proxy policies not per-user, but for the entire computer (per-computer), use the GPP settings from the GPO section Computer Configuration -> Preferences -> Windows Settings -> Registry. Set the same registry parameters under the registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings.

Change WinHTTP Proxy Settings via GPO

Some system services or applications (for example, the Wususerv update service or PowerShell) don’t use user’s proxy settings by default. For such applications to work correctly and access the Internet, you need to configure the WinHTTP proxy settings in Windows.

To check if WinHTTP proxy is configured on your computer, run the command:

netsh winhttp show proxy

The answer “Direct access (no proxy server)” means that no proxy is set.

You can manually set a proxy for WinHTTP on your computer with the command:
netsh winhttp set proxy proxy.woshub.com:3128 "localhost;10.1.*;192.168.*;*.woshub.com"

Or import proxy settings from user’s Internet Explorer settings:

netsh winhttp import proxy source=ie

However, you won’t be able to configure WinHTTP through the GPO – there is no corresponding parameter in the GPO editor, and the parameter are stored in binary registry attribute that is not suitable for direct editing.

The only way to set WinHTTP proxy settings on Windows via GPO is to configure WinHTTP proxy on the reference computer, export the value of the WinHttpSettings parameter from the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections, and deploy this parameter to domain computers through the GPP registry extension.

You can use Group Policies (GPOs) to configure proxy server settings on Windows devices in an Active Directory domain. These proxy server settings are used by all modern browsers, including Google Chrome, Microsoft Edge, Opera, and Mozilla Firefox.

How to Set Proxy Settings with Group Policy Preferences?

The Group Policy Preferences (GPP) can be used to manage the Windows proxy server settings on users’ computers.

1. Open Group Policy Management Console (gpmc.msc);
2. Right-click on the Active Directory OU containing the user accounts to which you want to apply the new proxy settings and select Create a GPO in this domain and link it here;
   
3. Specify a policy name (for example, CA_Proxy), right-click your new GPO, and select Edit;
   
4. Navigate to User Configuration > Preferences > Control Panel Settings > Internet Settings. Right-click and select New > Internet Explorer 10;
   
5. You will see a standard Internet Properties form, similar to the one in the Windows Control Panel. Go to the Connections tab and press the LAN Settings button;
   
6. Tick the checkbox “Use a proxy server for your LAN” and specify the Address and Port of your proxy server (for example, 192.168.1.11, port 3128). Use the function keys to enable or disable options on this form.
   F6 — activate selected option (the underline for an enabled GPO option changes color from red to green)
   F7 — disable a specific policy setting press (disable the option “Automatic detect settings” this way)
   F5 — enable all settings on the current tab
   F8 — disable all policies on this tab press

   Tip. The Bypass Proxy Server for Local Addresses option allows certain local resources to be accessed directly, rather than through a proxy server. Windows automatically recognizes all URLs without a domain suffix as local address (for example, http://theitbros). When accessing such an address, the browser will bypass the proxy. Note that addresses of the format http://forum.theitbros.local or http://192.168.0.50 are not recognized by the Windows as local addresses;
   

7. You can specify a list of address exceptions to bypass the proxy in Advanced > Do not use proxy servers for addresses beginning with. The exclusion list is a simple string containing a list of DNS names and/or IP addresses (separated by semicolons). You can use the wildcards in the proxy exception list. For example:

   192.*;*.theitbros.com

   

8. Press OK twice to save the GPO settings.

Check that the proxy policy is being applied to client computers (run the gpupdate /force command to immediately apply new GPO settings to the computer). You can check your current proxy settings in Windows under Settings > Network and Internet > Proxy.

With GPP Item Level Targeting, you can apply proxy server settings to users based on the security group or IP subnet in which their devices are located. In the policy settings, go to the Common tab and check the Item-Level Targeting option. Click on the Targeting button.

Select New Item > IP address ranges. Specify the range of IP addresses in your subnet for which you want to apply proxy settings.

Save the settings. Similarly, create multiple GPP items with proxy settings for different IP subnets.

The result is that users’ proxy settings are applied in accordance with their IP network (office). (It can be convenient for mobile workers with laptops.

Configuring Proxy Setting on Windows Through Registry

You can apply proxy server settings directly to a user through the registry.

Note. Learn about how to add, edit, and remove registry keys with GPO.

Create a new GPO and go to User Configuration > Preferences > Registry. Create 3 registry parameters in the registry hive HKEY_CURRENT_USER in SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings key:

• ProxyEnable (REG_DWORD) = 00000001;
• ProxyServer (REG_SZ) = 192.168.1.11:3128;
• ProxyOverride (REG_SZ) = 192.*;*.theitbros.com.

After applying the GPO settings to the computer, check the proxy server settings in the HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings key.

How to Prevent Users from Changing Proxy Settings in Windows

After applying a proxy settings policy, the user can manually change any proxy settings using both IE options in the classic Control Panel and the modern Settings pane (the next GPO update will overwrite these settings.).

Administrator can prevent users from changing proxy settings in Windows using the GPO option “Prevent changing proxy settings”. This parameter is present in both the user and computer GPO sections.

• Computer Configuration > Policies > Administrative Templates > Windows Components – Internet Explorer
• User Configuration > Policies > Administrative Templates > Windows Components Internet Explorer

After you enable this GPO option, the fields with the proxy settings will be blocked in Windows, and the caption will appear:

Some of these settings are hidden or managed by your system organization.

Set Proxy Settings Per Machine Instead of Per User with GPO

By default, Windows proxy settings are per-user. However, you can apply proxy settings to all users of the computer. To do this, enable the policy Make proxy settings per-machine (rather than per user) under Computer Configuration > Administrative Templates > Windows Components > Internet Explorer.

To apply settings to computer objects, also enable the policy Configure user Group Policy loopback processing mode under the Computer Configuration > Policies > Administrative Templates > System > Group Policy. Select the Merge mode in the policy settings.

How to Apply WinHTTP Proxy Settings via GPO

Above, we looked at how to apply proxy settings to users. However, this will not change the WinHTTP proxy settings (also known as a device proxy or system proxy). This means that some applications (including .NET Core apps) and system services (such as the Windows Update service) won’t be able to use a proxy to access the Internet.

Check current WinHTTP proxy settings with the command:

netsh.exe winhttp show proxy

Current WinHTTP proxy settings: Direct access (no proxy server).

There is no separate Group Policy option that allows you to configure the WinHTTP proxy. To enable WinHTTP proxy for a computer through a GPO, you must configure a special registry parameter.

First, you need to configure a proxy for WinHTTP on the reference computer. The easiest way is to import the proxy settings from the current user:

netsh winhttp import proxy source=ie

These settings will be saved in the WinHttpSettings REG_BINARY parameter under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections.

Now open your proxy GPO and go to Computer Configuration > Preferences > Windows Settings > Registry > New > Registry Wizard.

Select Local computer and specify the full path to the WinHttpSettings parameter.

Now click Finish, update the policy on client computer, and check if WinHTTP proxy settings are applied successfully.

In this article, we looked at how to configure proxy settings in Windows using the GPO. All modern browsers (Edge, Chrome, Mozilla Firefox) will use your Windows proxy settings if you enable the “Use system proxy settings” option in them.

В этой статье мы рассмотрим, как централизованно задать настройки прокси на компьютерах с Windows 10 в домене Active Directory с помощью групповых политик. Большинство распространенных браузеров (таких как Microsoft Edge, Google Chrome, Internet Explorer, Opera) и большинство приложений автоматически используют для доступа в интернет параметры прокси сервера, заданные в Windows. Также мы рассмотрим, как задать параметры системного WinHTTP прокси.

В этой статье мы рассмотрим особенности настройки прокси сервера политиками в поддерживаемых версиях Windows (Windows 10, 8.1 и Windows Server 2012/2016/2019). Обратите внимание, что в снятых с поддержки Windows 7/Server 2008R2, Windows XP/Windows Server 2003 параметры прокси сервера задаются по другому.

Как задать параметры прокси сервера в Windows через GPO?

До выхода Windows Server 2012/Windows 8 для настройки параметров Internet Expolrer (и в том числе настроек прокси) использовался раздел Internet Explorer Maintenance (IEM) из пользовательской секции GPO (User configuration –> Policies –> Windows Settings –> Internet Explorer Maintenance). В современных версиях Windows 10 /Windows Server 2016/2019 этот раздел отсутствует.

В новых версиях Windows для настройки параметров IE и прокси в редакторе GPO нужно использовать предпочтения групповых политик GPP (Group Policy Preferences). Также есть вариант использования специального расширения Internet Explorer Administration Kit 11 (IEAK 11) – но применяется он редко.

Откройте консоль редактора доменных GPO (Group Policy Management Console –
GPMC.msc
), выберите OU с пользователями, для которых нужно назначить параметры прокси-сервера и создайте новую политику Create a GPO in this domain, and Link it here.

Перейдите в раздел User Configuration -> Preferences -> Control Panel Settings -> Internet Settings. В контекстном меню выберите пункт New -> и выберите Internet Explorer 10.

Для настройки параметров прокси в Windows 10/Windows Server 2016 нужно использовать пункт Internet Explorer 10.

Перед вами появится специальная форма, практически полностью идентичная настройкам параметра обозревателя в панели управления Windows. Например, вы можете указать домашнюю страницу (Вкладка General, поле Home page).

Чтобы указать параметры прокси-сервера, перейдите на вкладку Connections и нажмите кнопку Lan Settings). Прокси сервер можно настроить одним из следующих способов:

• Automatically detect settings — автоматическое определение настроек прокси с помощью файла wpad.dat;
• Use automatic configuration script — скрипт автоконфигурации (proxy.pac);
• Proxy Server – можно вручную указать IP адрес или DNS имя прокси сервера и порт подключения. Это самый простой способ настроить прокси в Windows, его и будем использовать.

Поставьте галку Use a proxy server for your LAN, а в полях Address и Port соответственно укажите IP/FQDN имя прокси-сервера и порт подключения.

Включив опцию Bypass Proxy Server for Local Addresses можно запретить приложениям (в том числе браузеру) использовать прокси-сервер при доступе к локальным ресурсам (в формате
http://intranet
). Если вы используете адреса ресурсов вида
https://winitpro.ru
или
http://192.168.20.5
, то эти адреса не распознаются Windows как локальные. Эти адреса и адреса других ресурсов, для доступа к которым не нужно использовать прокси, нужно указать вручную. Нажмите кнопку Advanced и в поле Exceptions введите адреса в формате:
10.*;192.168.*;*.loc;*.contoso.com

Совет. Параметры прокси-сервера в Google Chrome можно задать централизованно через GPO с помощью специальных административных шаблонов. Для Mozilla Firefox можно использовать такое решение.

После сохранения политики вы можете просмотреть XML файл с заданными настройками браузера в каталоге политики на контроллере домена \\DC1\SYSVOL\winitpro.ru\Policies\(PolicyGuiID)\ User\Preferences\InternetSettings\InternetSettings.xml

В GPP есть возможность более тонко нацелить политику на клиентов. Для этого используется GPP Item Level Targeting. Перейдите на вкладку Common, включите опцию Item-level targeting -> Targeting.

В открывшейся форме укажите условия применения политики. В качестве примера я указал, что политика настройки прокси будет применена только к пользователям, которые состоят в доменной группе ruspb_proxy_users. Вы можете использовать собственную логику назначения параметров прокси (в зависимости от IP подсети, сайта AD и т.д.).

Осталось назначить политику IE на контейнер с пользователями и обновить политики на них. После обновления политики на компьютерах пользователей должны примениться новые настройки прокси в IE. В Windows 10 текущие параметры прокси можно посмотреть в разделе Settings -> Network and Internet -> Proxy. Как вы видите, на компьютере теперь заданы настройки прокси, указанные в доменной политике.

Чтобы запретить пользователям менять настройки прокси-сервера, воспользуйтесь этой статьей.

Настройка параметров прокси через реестр и GPO

Кроме того, настроить параметры IE можно и через реестр, политиками GPP. К примеру, чтобы включить прокси для пользователя нужно настроить следующие параметры реестра в ветке HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings.

Перейдите в редакторе GPO в раздел User Configuration -> Preferences -> Windows Settings -> Registry и создайте три параметра реестра в указанной ветке:

• ProxyEnable
  (REG_DWORD) =
  00000001
• ProxyServer
  (REG_SZ) =
  192.168.0.50:3128
• ProxyOverride
  (REG_SZ) =
  *winitpro.ru;https://*.contoso.com;192.168.*;<local>

Здесь также можно использовать Item level targeting для более тонкого нацеливания политик.

Если вам нужно создать политики не для каждого пользователя (per-user), а для всех пользователей компьютера (per-computer), используйте параметры GPP из раздела GPO Computer Configuration -> Preferences -> Windows Settings -> Registry. Используйте аналогичные параметры реестра в ветке HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings.

Настройка параметров WinHTTP прокси групповыми политиками

Некоторые системные сервисы или приложения (например, служба обновлений Wususerv или PowerShell) по-умолчанию не используют пользовательские настройки прокси сервера из параметров Internet Explorer. Чтобы такие приложения работали корректно и получали доступ в интернет, вам нужно задать в Windows настройки системного прокси WinHTTP.

Чтобы проверить, настроен ли на вашем компьютере WinHTTP прокси, выполните команду:

netsh winhttp show proxy

Ответ “
Direct access (no proxy server)
” говорит о том, что прокси не задан, система использует прямой интернет доступ.

Вы можете задать на компьютере прокси для WinHTTP вручную командой:

netsh winhttp set proxy 192.168.0.50:3128 "localhost;192.168.*;*.winitpro.com"

Или импортировать настройки прокси из параметров Internet Explorer теекщего пользователя:

netsh winhttp import proxy source=ie

Однако настроить WinHTTP через GPO не получится – в редакторе GPO нет соответствующего параметра, а в реестре параметры хранятся в бинарном виде и не подходят для прямого редактирования.

Единственный вариант задать параметры WinHTTP прокси – настроить их на эталонном компьютере, выгрузить значение параметра WinHttpSettings в ветке реестра HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections в reg файл и распространить этот параметр на компьютеры в домене через GPP registry.

Wondering how to Configure Proxy Settings on Windows Using Group Policy? We can help you.

Most popular browsers and applications use the proxy settings set in Windows to access the Internet.

As part of our Server Management Services, we assist our customers with several Windows queries.

Today, let us see how to centrally configure proxy settings on Windows in a domain using Group Policy.

Configure Proxy Settings on Windows Using Group Policy

In order to configure the proxy settings, our Support Techs suggest the following methods.

Set Proxy Settings on Windows via GPO

Originally, to centrally configure Internet Explorer settings via GPO, the Internet Explorer Maintenance (IEM) policy was used.

We can find it under, User configuration –> Policies –> Windows Settings –> Internet Explorer Maintenance.

However, since Windows Server 2012/Windows 8, this section is missing in modern versions.

On the latest Windows versions, we must use Group Policy Preferences (GPP) to configure IE and proxy settings in the GPO Editor.

To do so, we open the domain GPO Editor console, select the OU with the users to which we want to apply proxy settings. Then we create a new policy Create a GPO in this domain and Link it.

We go to User Configuration -> Preferences -> Control Panel Settings -> Internet Settings. In the context menu, select New -> Internet Explorer 10.

On the other hand, on Windows 10/Windows Server 2016, we need to use the Internet Explorer 10 item.

Although there is no separate option for Internet Explorer 11, the Internet Explorer 10 policy should apply to all versions of IE above 10.

<FilterFile lte=”0″ max=”99.0.0.0″ min=”10.0.0.0″ gte=”1″ type=”VERSION” path=”%ProgramFilesDir%\Internet Explorer\iexplore.exe” bool=”AND” not=”0″ hidden=”1″/>

We will get Group Policy Preferences IE forms, almost completely identical to the Internet Options settings in the Windows Control Panel.

For example, we can specify a home page (General tab -> Home page field).

To save and apply a specific setting, ensure to press F5. A green underline of a parameter means that this IE parameter will apply via GPP.

Similarly, we can specify proxy settings in the Connections tab and click the Lan Settings button.

We configure the proxy server in one of the following ways:

• Automatically detect settings – automatic detection of settings using the wpad.dat file
• Use automatic configuration script – auto-configuration script (proxy.pac)
• Proxy Server – the IP address or DNS name of the proxy server is specified directly in the policy settings. We use it.

Check the option Use a proxy server for our LAN. Then we specify the IP/FQDN name of the proxy server and the connection port in the corresponding Address and Port fields.

If we enable the Bypass proxy server for local addresses option, we prevent applications from using a proxy server when accessing local resources.

Addresses of other resources, for access to which we do not need to use a proxy, must be specified manually. Press the Advanced button and add these addresses to the field Do not use proxy servers for addresses beginning with in the following format: 10.1.*;192.168.*;*.bobcares.com;*.local.net.

We can also set proxy settings in Google Chrome through the GPO using special administrative templates.

After we save the policy, we can view the InternetSettings.xml file with the specified browser settings in the policy folder on the domain controller:

\\UKDC1\SYSVOL\bobcares.com\Policies\{PolicyGuiID}\User\Preferences\InternetSettings\InternetSettings.xml

GPP allows to more finely target policy to users/computers. For this, GPP Item Level Targeting is used. Go to the Common tab, enable the option Item-level targeting -> Targeting.

In the form that opens, we specify the conditions for applying the policy. We can use our own logic to assign proxy parameters.

It remains to link the proxy policy to the AD container with the users and update policy settings on them.

After applying policies on the users’ computers, we use the new IE settings.

We can check the current proxy settings on Windows 10 in the Settings -> Network and Internet -> Proxy.

Configure Proxy Setting via Registry and GPO

In addition, we can configure IE settings through the registry using GPP policies.

For example,

To enable a proxy server, we configure the following registry parameter in the registry key HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings.

In the GPO editor, under User Configuration -> Preferences -> Windows Settings -> Registry and create three registry parameters under the specified reg key:

• ProxyEnable (REG_DWORD) = 00000001
• ProxyServer (REG_SZ) = 192.168.0.11:3128
• ProxyOverride (REG_SZ) = https://*.bobcares.com;192.168.*;10.1.*;*.contoso.com;<local>

We create proxy policies not per-user, but for the entire computer. To do so, we use the GPP settings from the GPO section Computer Configuration -> Preferences -> Windows Settings -> Registry.

Set the same registry parameters under the registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings.

Change WinHTTP Proxy Settings via GPO

Some system services or applications do not use the user’s proxy settings by default. For such applications to work, we configure the WinHTTP proxy settings in Windows.

To check if WinHTTP proxy is configured on our computer, we run:

netsh winhttp show proxy

The “Direct Access (no proxy server)” output means no proxy is set.

We can manually set a proxy for WinHTTP on our computer. To do so, we run:

netsh winhttp set proxy proxy.bobcares.com:3128 “localhost;10.1.*;192.168.*;*.bobcares.com”

Or we import proxy settings from the user’s Internet Explorer settings:

netsh winhttp import proxy source=ie

However, this will not configure WinHTTP through the GPO.

The only way is to configure WinHTTP proxy on the reference computer.

Then we export the value of the WinHttpSettings parameter from the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections.

Finally, we deploy this parameter to domain computers through the GPP registry extension.

[Need help with the procedures? We are available 24*7]

Conclusion

In short, we saw how our Support Techs configure Proxy Settings on Windows using Group Policy.

var google_conversion_label = «owonCMyG5nEQ0aD71QM»;