block a user from deleting their temp internet files

Archived from groups: microsoft.public.security,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.general,microsoft.public.windows.server.security,microsoft.public.windowsxp.security_admin (More info?)

"Backup" <backup@yahoo.com> wrote in message
news:ejwO799MFHA.3704@TK2MSFTNGP12.phx.gbl...
> I am looking for one of two things
>
> Number 1: Is there a way to block a user from deleting their temp
internet
> files and history / cookies. In windows XP. I would like to do this gp
but
> I haven't seen an option for this. This pertains to any non admin user.

No -- I seriously doubt that such COULD exist.

Those files are created by the user (running an
instance of IE etc on their behalf) and must be
deletable and updatable for the system to work
correctly.

Even if you arranged a scheme to prevent this (deny
delete defaults on parent directories) it would screw
up the system for normal use AND a knowledgable
user (and ONLY such) could bypass it at any time
by directly changing the permissions.

Why would you ever want such a thing?

> Number 2: In ISA is there a way to log what ever a particular user has
done
> internet wise. such ass a list of all websites they have browsed.

Add-on tools (like Net Nanny or some such name) do this but
nothing included automatically.

ISA (a central) location is a better choice anyway.

Archived from groups: microsoft.public.security,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.general,microsoft.public.windows.server.security,microsoft.public.windowsxp.security_admin (More info?)

Actually you could prevent them from accessing them with minimal ease. What
we do in our school district is take away the "internet options" and the
ability to view the "C Drive" This eliminates the easy way for someone to
browse to the location or use Internet options to delete. Although these are
"temp" files if the cache is large enough it can provide valuable evidence
if a user was to access something they should not. This has served valuable
for us in the past. Via policy you could set permissions to give system full
control but the user only read and write ability to those locations. I would
assume that the system would still have access to overwrite files this way.
Anyone defiantly could find ways around but for allot of users all you have
to do is block the obvious to fix issues.



Steve


"Backup" <backup@yahoo.com> wrote in message
news:ejwO799MFHA.3704@TK2MSFTNGP12.phx.gbl...
> I am looking for one of two things
>
> Number 1: Is there a way to block a user from deleting their temp
internet
> files and history / cookies. In windows XP. I would like to do this gp
but
> I haven't seen an option for this. This pertains to any non admin user.
>
>
>
> Number 2: In ISA is there a way to log what ever a particular user has
done
> internet wise. such ass a list of all websites they have browsed.
>
>
>

Archived from groups: microsoft.public.security,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.general,microsoft.public.windows.server.security,microsoft.public.windowsxp.security_admin (More info?)

Thanks Guys....
I am going to stick with my packet sniffing and SQL dB.
Then i just have to parse out the junk to get the intel... i need on "said"
users.


"Mark Randall" <markyr@REMOVETHISgoogle.ANDTHIScom> wrote in message
news:eliaasGNFHA.2704@TK2MSFTNGP15.phx.gbl...
> Hope you took away every MS office product, the command prompt and notepad
> as well, I once enumerated every file and folder on my entire school
> domain using MS office and VBA, thats the sorta thing you have to be
> careful of, its like putting visual studio on your computers, once you do
> kiss your security goodbye, the computer is now in the ownership of anyone
> who can log on and code.
>
> Removing ones abilility to view through explorer is pretty useless
> especially if you don't revoke traverse permissions.
>
> Of course - moving the temp internet files folder to some bizzare location
> may help.,
>
> - MR
>
>
> "Steve Good (492720)" <Steve.good@colstrip.com> wrote:
>> Actually you could prevent them from accessing them with minimal ease.
>> What
>> we do in our school district is take away the "internet options" and the
>> ability to view the "C Drive" This eliminates the easy way for someone
>> to
>> browse to the location or use Internet options to delete. Although these
>> are
>> "temp" files if the cache is large enough it can provide valuable
>> evidence
>> if a user was to access something they should not. This has served
>> valuable
>> for us in the past. Via policy you could set permissions to give system
>> full
>> control but the user only read and write ability to those locations. I
>> would
>> assume that the system would still have access to overwrite files this
>> way.
>> Anyone defiantly could find ways around but for allot of users all you
>> have
>> to do is block the obvious to fix issues.
>>
>>
>>
>> Steve
>
>

Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.general (More info?)

The log might be generated with SNORT -- a free
intrusion detection system but it can be used to
log most any traffic or even to alert you when
certain (illegal/undesirable) traffic is generated.

Runs fine on Windows or Linux either one.

--
Herb Martin


"Alan" <Alan@discussions.microsoft.com> wrote in message
news:4F3198E2-5D14-448C-9061-35482FAD8559@microsoft.com...
> Maybe this sounds too simple but how about running a script that copies
their
> history and temp files to a secure partition in which they don't have
rights
> to? Or better yet start interviewing other people....