Hi all Situation: completely locked down mobility devices (tablets and such), which at boot automatically logon with a preset user and start Citrix Workspace, which does SSO and provides user with list of apps. One of the lock down mechanisms is to set a dummy proxy and set the ProxyOverride key to 'allow' specific sites via GPO. Not the best solution probably, but the root of it works as it should. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride We had an issue this week where a colleague adjusted the GPO, he mistakenly added a URL with a / to the ProxyOverride key, which apparently breaks the entire process of the key, as such that many users that received that key suddenly couldn't connect to Citrix Workspace anymore. Meaning: Workspace opened, showed the apps they have rights to (presumably cached), but clicking an app would just load for a couple of seconds, but never open the app, no error displayed. Clicking Refresh apps showed "App refresh failed". No errors on Citrix infra side (logically, as they couldn't even connect). Once we figured out what was wrong a number of hours later, the policy was updated, the / was removed from the registry key. Now, the thing is, during the timeframe that the bad GPO was in place, a bunch of users received the bad key and seemingly "automatically applied it" and could no longer work. But, once we updated the GPO, for some users it was fixed by simply rebooting the device. For a bunch of others, who received the fixed registry key (we could see the registry key was applied), it required the manual start of IE to actually start working again... Meaning, one of our admins needed to (remotely) logon to the device, overrule the lockdown, start IE (or just inetcpl.cpl) as the user and then restart the device. Once that was done, everything worked as expected again. Question is: why did the "bad GPO" apply automatically (no IE start involved in the startup process) and did the "fixed GPO" need manual/admin intervention of starting IE to get working again? Is this some weird inner working of Win10/IE? Thanks for possible insights/thoughts/remarks to help us understand this 🙂 (Recommendations to replace the ProxyOverride way of preventing users to browse are also welcome)