Are they using Websense? I ran into issues like that quite often
The problems, like you stated, is A) stored credentials and B) respecting proxy settings. What we usually did at Websense was had customers put their Apple devices on a distinct subnet so that we could effectively filter them by IP address specifying subnets. As far as respecting proxy settings... you'll probably need exclusions set up for that, which if all traffic is forced through a proxy, you have no choice but to configure those exclusions at the proxy. Stuff like ITunes isn't very proxy-aware, and usually has trouble.
So, these are Websense-specific... but may help give you some insight. Hope it helps. Unfortunately, the Websense Content Gateway (Proxy) documents requires credentials to access that I no longer have as I am no longer an employee.http://www.websense.com/support/article ... -filteringhttp://www.websense.com/support/article ... from-a-Machttp://www.websense.com/support/article ... -computers