If your organization uses Active Directory and Internet Explorer, Google Chrome, Safari or Firefox, you can use the Active Directory Group Policy Object (GPO) feature to distribute the PAC file URL to all devices in your organization. When you configure Internet Explorer to use a PAC file, Google Chrome, Opera, and Safari use the same PAC file configuration as well. Firefox requires a separate configuration. To use GPO to distribute the PAC file URL to Firefox browsers, use FirefoxADM, which can be downloaded from the repository SourceForge: http://sourceforge.net/projects/firefoxadm.
The following procedure describes how to create a new GPO to distribute a PAC file URL to devices in your organization. It assumes that the Group Policy Management Console (GPMC) is installed. For information on Active Directory GPO and GPMC, refer to the Windows Active Directory and GPMC documentation.
To create a new GPO and distribute the PAC file URL:
In the following figure, the Zscaler default PAC file is specified.
You can use the Group Policy Results wizard to verify the policy settings of the users or computers in the domain.
Additionally, you can enforce the PAC File setting so your users will not be able to change it even when they're logged in as Administrator.
To enforce the PAC file setting:
The user will not be able to change the proxy setting as shown below.
Depending on your authentication configuration, your users will have to log in to the service at least once before the service can start protecting their web traffic. Note that if a user logs into a captive portal, such as Starbucks or MacDonald’s, the user must close the browser and open it again to reload the PAC file. The browser tries to fetch the PAC file only when there is a PAC URL timeout.