block a user from deleting their temp internet files

Archived from groups: microsoft.public.security,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.general,microsoft.public.windows.server.security,microsoft.public.windowsxp.security_admin (More info?)

I am looking for one of two things

Number 1: Is there a way to block a user from deleting their temp internet
files and history / cookies. In windows XP. I would like to do this gp but
I haven't seen an option for this. This pertains to any non admin user.


Number 2: In ISA is there a way to log what ever a particular user has done
internet wise. such ass a list of all websites they have browsed.
7 answers Last reply
More about block user deleting temp internet files
  1. Archived from groups: microsoft.public.security,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.general,microsoft.public.windows.server.security,microsoft.public.windowsxp.security_admin (More info?)

    "Backup" <backup@yahoo.com> wrote in message
    news:ejwO799MFHA.3704@TK2MSFTNGP12.phx.gbl...
    > I am looking for one of two things
    >
    > Number 1: Is there a way to block a user from deleting their temp
    internet
    > files and history / cookies. In windows XP. I would like to do this gp
    but
    > I haven't seen an option for this. This pertains to any non admin user.

    No -- I seriously doubt that such COULD exist.

    Those files are created by the user (running an
    instance of IE etc on their behalf) and must be
    deletable and updatable for the system to work
    correctly.

    Even if you arranged a scheme to prevent this (deny
    delete defaults on parent directories) it would screw
    up the system for normal use AND a knowledgable
    user (and ONLY such) could bypass it at any time
    by directly changing the permissions.

    Why would you ever want such a thing?

    > Number 2: In ISA is there a way to log what ever a particular user has
    done
    > internet wise. such ass a list of all websites they have browsed.

    Add-on tools (like Net Nanny or some such name) do this but
    nothing included automatically.

    ISA (a central) location is a better choice anyway.
  2. Archived from groups: microsoft.public.security,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.general,microsoft.public.windows.server.security,microsoft.public.windowsxp.security_admin (More info?)

    "Backup" <backup@yahoo.com> wrote in message
    news:ejwO799MFHA.3704@TK2MSFTNGP12.phx.gbl...
    >I am looking for one of two things
    >
    > Number 1: Is there a way to block a user from deleting their temp
    > internet files and history / cookies. In windows XP. I would like to
    > do this gp but I haven't seen an option for this. This pertains to
    > any non admin user.

    You didn't think this one through, did you? This is a temporary file
    cache. If it were permanent where no files could be deleted by the user
    then eventually all of the free space in their entire partition would
    get consumed with worthless files.

    > Number 2: In ISA is there a way to log what ever a particular user
    > has done internet wise. such ass a list of all websites they have
    > browsed.

    Don't know ISA. But any packet sniffer in an upstream host through
    which a host must pass through, like a proxy, can monitor who goes where
    and what was in their session (unless they used SSL to encrypt all of
    their traffic).

    --
    ____________________________________________________________
    Post your replies to the newsgroup. Share with others.
    E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
    ____________________________________________________________
  3. Archived from groups: microsoft.public.security,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.general,microsoft.public.windows.server.security,microsoft.public.windowsxp.security_admin (More info?)

    Actually you could prevent them from accessing them with minimal ease. What
    we do in our school district is take away the "internet options" and the
    ability to view the "C Drive" This eliminates the easy way for someone to
    browse to the location or use Internet options to delete. Although these are
    "temp" files if the cache is large enough it can provide valuable evidence
    if a user was to access something they should not. This has served valuable
    for us in the past. Via policy you could set permissions to give system full
    control but the user only read and write ability to those locations. I would
    assume that the system would still have access to overwrite files this way.
    Anyone defiantly could find ways around but for allot of users all you have
    to do is block the obvious to fix issues.


    Steve


    "Backup" <backup@yahoo.com> wrote in message
    news:ejwO799MFHA.3704@TK2MSFTNGP12.phx.gbl...
    > I am looking for one of two things
    >
    > Number 1: Is there a way to block a user from deleting their temp
    internet
    > files and history / cookies. In windows XP. I would like to do this gp
    but
    > I haven't seen an option for this. This pertains to any non admin user.
    >
    >
    >
    > Number 2: In ISA is there a way to log what ever a particular user has
    done
    > internet wise. such ass a list of all websites they have browsed.
    >
    >
    >
  4. Archived from groups: microsoft.public.security,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.general,microsoft.public.windows.server.security,microsoft.public.windowsxp.security_admin (More info?)

    Hope you took away every MS office product, the command prompt and notepad
    as well, I once enumerated every file and folder on my entire school domain
    using MS office and VBA, thats the sorta thing you have to be careful of,
    its like putting visual studio on your computers, once you do kiss your
    security goodbye, the computer is now in the ownership of anyone who can log
    on and code.

    Removing ones abilility to view through explorer is pretty useless
    especially if you don't revoke traverse permissions.

    Of course - moving the temp internet files folder to some bizzare location
    may help.,

    - MR


    "Steve Good (492720)" <Steve.good@colstrip.com> wrote:
    > Actually you could prevent them from accessing them with minimal ease.
    > What
    > we do in our school district is take away the "internet options" and the
    > ability to view the "C Drive" This eliminates the easy way for someone to
    > browse to the location or use Internet options to delete. Although these
    > are
    > "temp" files if the cache is large enough it can provide valuable evidence
    > if a user was to access something they should not. This has served
    > valuable
    > for us in the past. Via policy you could set permissions to give system
    > full
    > control but the user only read and write ability to those locations. I
    > would
    > assume that the system would still have access to overwrite files this
    > way.
    > Anyone defiantly could find ways around but for allot of users all you
    > have
    > to do is block the obvious to fix issues.
    >
    >
    >
    > Steve
  5. Archived from groups: microsoft.public.security,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.general,microsoft.public.windows.server.security,microsoft.public.windowsxp.security_admin (More info?)

    Thanks Guys....
    I am going to stick with my packet sniffing and SQL dB.
    Then i just have to parse out the junk to get the intel... i need on "said"
    users.


    "Mark Randall" <markyr@REMOVETHISgoogle.ANDTHIScom> wrote in message
    news:eliaasGNFHA.2704@TK2MSFTNGP15.phx.gbl...
    > Hope you took away every MS office product, the command prompt and notepad
    > as well, I once enumerated every file and folder on my entire school
    > domain using MS office and VBA, thats the sorta thing you have to be
    > careful of, its like putting visual studio on your computers, once you do
    > kiss your security goodbye, the computer is now in the ownership of anyone
    > who can log on and code.
    >
    > Removing ones abilility to view through explorer is pretty useless
    > especially if you don't revoke traverse permissions.
    >
    > Of course - moving the temp internet files folder to some bizzare location
    > may help.,
    >
    > - MR
    >
    >
    > "Steve Good (492720)" <Steve.good@colstrip.com> wrote:
    >> Actually you could prevent them from accessing them with minimal ease.
    >> What
    >> we do in our school district is take away the "internet options" and the
    >> ability to view the "C Drive" This eliminates the easy way for someone
    >> to
    >> browse to the location or use Internet options to delete. Although these
    >> are
    >> "temp" files if the cache is large enough it can provide valuable
    >> evidence
    >> if a user was to access something they should not. This has served
    >> valuable
    >> for us in the past. Via policy you could set permissions to give system
    >> full
    >> control but the user only read and write ability to those locations. I
    >> would
    >> assume that the system would still have access to overwrite files this
    >> way.
    >> Anyone defiantly could find ways around but for allot of users all you
    >> have
    >> to do is block the obvious to fix issues.
    >>
    >>
    >>
    >> Steve
    >
    >
  6. Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.general (More info?)

    Maybe this sounds too simple but how about running a script that copies their
    history and temp files to a secure partition in which they don't have rights
    to? Or better yet start interviewing other people....
  7. Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.general (More info?)

    The log might be generated with SNORT -- a free
    intrusion detection system but it can be used to
    log most any traffic or even to alert you when
    certain (illegal/undesirable) traffic is generated.

    Runs fine on Windows or Linux either one.

    --
    Herb Martin


    "Alan" <Alan@discussions.microsoft.com> wrote in message
    news:4F3198E2-5D14-448C-9061-35482FAD8559@microsoft.com...
    > Maybe this sounds too simple but how about running a script that copies
    their
    > history and temp files to a secure partition in which they don't have
    rights
    > to? Or better yet start interviewing other people....
Ask a new question

Read More

Security Internet Windows Server Microsoft Windows XP