How do I restrict the browsers allowed in my network to only those that can be configured with a PAC or WPAD file?
If you are using Microsoft Active Directory and Internet Explorer, the recommended approach is to use a Group Policy Object (GPO). Windows Group Policy is designed for centralized IT control and configuration of Windows computers that are members of Active Directory Domain Services.
For configuration details, see How do I configure a Group Policy so that Internet Explorer uses the PAC file?. For an introduction to Group Policy, see these Microsoft TechNet articles: Group Policy for Beginners and Managing Browser Settings with Group Policy Tools.
Most other browsers will consume a PAC file but do not provide support for GPO. This makes it much more challenging for administrators to control the configuration and use of
alternate browser (Firefox 3 offered a GPO add-on, but Firefox 3 is long gone). Search the Internet for tools and strategies available for your organization’s chosen browser.
Note: In
addition to controlling which browsers are allowed and managing their configuration, it is essential that proper firewall policy is in place. No traffic should be allowed to go direct
to the Internet, bypassing the proxy, unless it is explicitly allowed by policy.