What is the best way to automatically configure Windows desktops and laptops in an AD environment to use a proxy server?
I have recently setup a Squid proxy server for caching purposes and would like to start pointing my desktops and laptops to it.
My computers are running Windows XP with IE8 and Windows 7 with IE9.
In my experience there is not single way that will work reliably every time. You probably need to setup WPAD, and and also setup the policies for some machines that won't do WPAD.
Since your users have laptops, you almost certainly are going to want to have WPAD. IE, Firefox, Chrome, can all support this, even on non-windows operating systems.
You should probably set it up so you deliver the wpad infromation both via DHCP for your Windows boxes, and also setup the DNS method. Place the config at http://wpad.yourdomain.example.org/wpad.dat
Setting group policies as another method will help to, but you will almost certainly want to exclude your laptops, or they may not be able to use the Internet when they are outside of your network.
If your squid doesn't require authentication, and you don't mind either breaking SSL, or permitting out without going through the proxy, then the easiest way is to simply place squid in a location on your network where you can set it up in Interception mode. In this mode you don't have to set anything on the clients. They are forced through the proxy by the ACLs on your firewall/router.
You can configure proxy settings for Internet Explorer in the Internet Explorer group policy settings templates. They are found in the IEAK for each version of the browser available on the Microsoft download site.
The above are all great examples.
We use a different method in our office to catch all HTTP traffic. What kind of network equipment are you using? Squid supports WCCP, and network equipment like Cisco routers and firewalls (ASA, PIX), and other vendors too, also support it. This allows you to do a transparent proxy server, forcing all http traffic to be routed at the firewall level, rather than the client level. This works on all browsers, not just IE, because it's handled at the network level. An example setup is documented nicely here.