block a user from deleting their temp internet files

[Backup]

I am looking for one of two things

Number 1: Is there a way to block a user from deleting their temp internet
files and history / cookies. In windows XP. I would like to do this gp but
I haven't seen an option for this. This pertains to any non admin user.



Number 2: In ISA is there a way to log what ever a particular user has done
internet wise. such ass a list of all websites they have browsed.

 

[Herb Martin]

I am looking for one of two things

Number 1: Is there a way to block a user from deleting their temp internet
files and history / cookies. In windows XP. I would like to do this gp but
I haven't seen an option for this. This pertains to any non admin user.

No -- I seriously doubt that such COULD exist.

Those files are created by the user (running an
instance of IE etc on their behalf) and must be
deletable and updatable for the system to work
correctly.

Even if you arranged a scheme to prevent this (deny
delete defaults on parent directories) it would screw
up the system for normal use AND a knowledgable
user (and ONLY such) could bypass it at any time
by directly changing the permissions.

Why would you ever want such a thing?

Number 2: In ISA is there a way to log what ever a particular user has done
internet wise. such ass a list of all websites they have browsed.

Add-on tools (like Net Nanny or some such name) do this but
nothing included automatically.

ISA (a central) location is a better choice anyway.

 

[Guest]

I am looking for one of two things

Number 1: Is there a way to block a user from deleting their temp
internet files and history / cookies. In windows XP. I would like to
do this gp but I haven't seen an option for this. This pertains to
any non admin user.

You didn't think this one through, did you? This is a temporary file
cache. If it were permanent where no files could be deleted by the user
then eventually all of the free space in their entire partition would
get consumed with worthless files.

Number 2: In ISA is there a way to log what ever a particular user
has done internet wise. such ass a list of all websites they have
browsed.

Don't know ISA. But any packet sniffer in an upstream host through
which a host must pass through, like a proxy, can monitor who goes where
and what was in their session (unless they used SSL to encrypt all of
their traffic).

 

[Steve Good \(492720\)]

Actually you could prevent them from accessing them with minimal ease. What
we do in our school district is take away the "internet options" and the
ability to view the "C Drive" This eliminates the easy way for someone to
browse to the location or use Internet options to delete. Although these are
"temp" files if the cache is large enough it can provide valuable evidence
if a user was to access something they should not. This has served valuable
for us in the past. Via policy you could set permissions to give system full
control but the user only read and write ability to those locations. I would
assume that the system would still have access to overwrite files this way.
Anyone defiantly could find ways around but for allot of users all you have
to do is block the obvious to fix issues.



Steve

 

[Mark Randall]

Hope you took away every MS office product, the command prompt and notepad
as well, I once enumerated every file and folder on my entire school domain
using MS office and VBA, thats the sorta thing you have to be careful of,
its like putting visual studio on your computers, once you do kiss your
security goodbye, the computer is now in the ownership of anyone who can log
on and code.

Removing ones abilility to view through explorer is pretty useless
especially if you don't revoke traverse permissions.

Of course - moving the temp internet files folder to some bizzare location
may help.,

- MR

 

[Backup]

Thanks Guys....
I am going to stick with my packet sniffing and SQL dB.
Then i just have to parse out the junk to get the intel... i need on "said"
users.

 

[Mark Randall]

Packet sniffing is going to HAMMER any serious network.

How about going for a client based monitoring solution that records to an
online database? They used one on my old school network, granted it wasnt
too hard to shut down, and the database was so easy to hack you could get
the rather poorly implimented ASP session keys and read other peoples
email.. but there has to be something better)

- Mark R

 

[Guest]

Maybe this sounds too simple but how about running a script that copies their
history and temp files to a secure partition in which they don't have rights
to? Or better yet start interviewing other people....

 

[Herb Martin]

The log might be generated with SNORT -- a free
intrusion detection system but it can be used to
log most any traffic or even to alert you when
certain (illegal/undesirable) traffic is generated.

Runs fine on Windows or Linux either one.

 

[Hank Arnold]

Funny, I've been looking for a way to do the exact opposite in our W2K AD
domain....

 

[Robert Moir]

I am looking for one of two things

Number 1: Is there a way to block a user from deleting their temp
internet files and history / cookies. In windows XP. I would like to
do this gp but I haven't seen an option for this. This pertains to
any non admin user.

No, at least no way that won't also have unpleasent side affects.

Number 2: In ISA is there a way to log what ever a particular user
has done internet wise. such ass a list of all websites they have
browsed.

Yes. Its covered quite clearly in the help files. You *have* read the help
files?

--