I have been trying for too long without asking anyone to give me a little help. Right now I have a DC with DNS and DHCP on it, and a second VM with Forefront TMG on it. What I am TRYING to do: Force all clients without WPAD to use the proxy, mostly because these clients all do not use IE anyway, and Firefox's default policy is not to even search for a proxy. So, if there is ANY Way around this, I am completely open to whatever you suggest to remedy this problem with TMG. I'd rather not hear "get another firewall"