I’ve seen a lot of questions about using PAC files and proxy settings on laptops / mobile computers which are often used outside of the typical corporate network. How do they behave?
Keep in mind that the default behavior for Internet Explorer (and most other browsers) is to try to load the PAC file as configured in the browser settings. If that PAC file can’t be loaded (or contains an error) the browser will default to retrieving everything directly without using a proxy.
When a laptop user is on the corporate network the browser will pull a PAC file and follow the rules laid out in it. When that browser is on another network or the Internet it will not be able to load the configured PAC file and will default to browser direct.
(This, of course, assumes that you are following good security practices and not hosting your PAC file on a place where it could be retrieved from the Internet. PAC files contain data about internal IP addresses, traffic flows and hostnames – Not something that you want to be available on the Internet.)
If you are trying to load a PAC file as a file on the PC this, of course, won’t work – The PAC file will always be accessible. This is, obviously, not recommended. If you must do this, be sure to check if the workstation’s IP address is on one of your corporate subnets before trying to return a proxy, else return direct.
Pulling a PAC file using WPAD works in a very similar manner to a traditially-configured PAC file. When the laptop is on the local network it will get the PAC from WPAD via DHCP or the default WPAD DNS name. When the machine is on the Internet neither of these methods will work and the browser will default to direct. Just keep in mind that if you plug into another company's network who uses WPAD your machine will download and apply those settings automatically.