I am looking for one of two things

Number 1: Is there a way to block a user from deleting their temp internet
files and history / cookies. In windows XP. I would like to do this gp but
I haven't seen an option for this. This pertains to any non admin user.



Number 2: In ISA is there a way to log what ever a particular user has done
internet wise. such ass a list of all websites they have browsed.

"Backup" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I am looking for one of two things
>
> Number 1: Is there a way to block a user from deleting their temp
internet
> files and history / cookies. In windows XP. I would like to do this gp
but
> I haven't seen an option for this. This pertains to any non admin user.

No -- I seriously doubt that such COULD exist.

Those files are created by the user (running an
instance of IE etc on their behalf) and must be
deletable and updatable for the system to work
correctly.

Even if you arranged a scheme to prevent this (deny
delete defaults on parent directories) it would screw
up the system for normal use AND a knowledgable
user (and ONLY such) could bypass it at any time
by directly changing the permissions.

Why would you ever want such a thing?

> Number 2: In ISA is there a way to log what ever a particular user has
done
> internet wise. such ass a list of all websites they have browsed.

Add-on tools (like Net Nanny or some such name) do this but
nothing included automatically.

ISA (a central) location is a better choice anyway.

"Backup" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I am looking for one of two things
>
> Number 1: Is there a way to block a user from deleting their temp
> internet files and history / cookies. In windows XP. I would like to
> do this gp but I haven't seen an option for this. This pertains to
> any non admin user.

You didn't think this one through, did you? This is a temporary file
cache. If it were permanent where no files could be deleted by the user
then eventually all of the free space in their entire partition would
get consumed with worthless files.

> Number 2: In ISA is there a way to log what ever a particular user
> has done internet wise. such ass a list of all websites they have
> browsed.

Don't know ISA. But any packet sniffer in an upstream host through
which a host must pass through, like a proxy, can monitor who goes where
and what was in their session (unless they used SSL to encrypt all of
their traffic).

--
____________________________________________________________
Post your replies to the newsgroup. Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
____________________________________________________________

Actually you could prevent them from accessing them with minimal ease. What
we do in our school district is take away the "internet options" and the
ability to view the "C Drive" This eliminates the easy way for someone to
browse to the location or use Internet options to delete. Although these are
"temp" files if the cache is large enough it can provide valuable evidence
if a user was to access something they should not. This has served valuable
for us in the past. Via policy you could set permissions to give system full
control but the user only read and write ability to those locations. I would
assume that the system would still have access to overwrite files this way.
Anyone defiantly could find ways around but for allot of users all you have
to do is block the obvious to fix issues.



Steve


"Backup" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I am looking for one of two things
>
> Number 1: Is there a way to block a user from deleting their temp
internet
> files and history / cookies. In windows XP. I would like to do this gp
but
> I haven't seen an option for this. This pertains to any non admin user.
>
>
>
> Number 2: In ISA is there a way to log what ever a particular user has
done
> internet wise. such ass a list of all websites they have browsed.
>
>
>

Hope you took away every MS office product, the command prompt and notepad
as well, I once enumerated every file and folder on my entire school domain
using MS office and VBA, thats the sorta thing you have to be careful of,
its like putting visual studio on your computers, once you do kiss your
security goodbye, the computer is now in the ownership of anyone who can log
on and code.

Removing ones abilility to view through explorer is pretty useless
especially if you don't revoke traverse permissions.

Of course - moving the temp internet files folder to some bizzare location
may help.,

- MR


"Steve Good (492720)" <(E-Mail Removed)> wrote:
> Actually you could prevent them from accessing them with minimal ease.
> What
> we do in our school district is take away the "internet options" and the
> ability to view the "C Drive" This eliminates the easy way for someone to
> browse to the location or use Internet options to delete. Although these
> are
> "temp" files if the cache is large enough it can provide valuable evidence
> if a user was to access something they should not. This has served
> valuable
> for us in the past. Via policy you could set permissions to give system
> full
> control but the user only read and write ability to those locations. I
> would
> assume that the system would still have access to overwrite files this
> way.
> Anyone defiantly could find ways around but for allot of users all you
> have
> to do is block the obvious to fix issues.
>
>
>
> Steve

Thanks Guys....
I am going to stick with my packet sniffing and SQL dB.
Then i just have to parse out the junk to get the intel... i need on "said"
users.


"Mark Randall" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hope you took away every MS office product, the command prompt and notepad
> as well, I once enumerated every file and folder on my entire school
> domain using MS office and VBA, thats the sorta thing you have to be
> careful of, its like putting visual studio on your computers, once you do
> kiss your security goodbye, the computer is now in the ownership of anyone
> who can log on and code.
>
> Removing ones abilility to view through explorer is pretty useless
> especially if you don't revoke traverse permissions.
>
> Of course - moving the temp internet files folder to some bizzare location
> may help.,
>
> - MR
>
>
> "Steve Good (492720)" <(E-Mail Removed)> wrote:
>> Actually you could prevent them from accessing them with minimal ease.
>> What
>> we do in our school district is take away the "internet options" and the
>> ability to view the "C Drive" This eliminates the easy way for someone
>> to
>> browse to the location or use Internet options to delete. Although these
>> are
>> "temp" files if the cache is large enough it can provide valuable
>> evidence
>> if a user was to access something they should not. This has served
>> valuable
>> for us in the past. Via policy you could set permissions to give system
>> full
>> control but the user only read and write ability to those locations. I
>> would
>> assume that the system would still have access to overwrite files this
>> way.
>> Anyone defiantly could find ways around but for allot of users all you
>> have
>> to do is block the obvious to fix issues.
>>
>>
>>
>> Steve
>
>

Packet sniffing is going to HAMMER any serious network.

How about going for a client based monitoring solution that records to an
online database? They used one on my old school network, granted it wasnt
too hard to shut down, and the database was so easy to hack you could get
the rather poorly implimented ASP session keys and read other peoples
email.. but there has to be something better)

- Mark R

"Backup" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Thanks Guys....
> I am going to stick with my packet sniffing and SQL dB.
> Then i just have to parse out the junk to get the intel... i need on
> "said" users.

Maybe this sounds too simple but how about running a script that copies their
history and temp files to a secure partition in which they don't have rights
to? Or better yet start interviewing other people....

The log might be generated with SNORT -- a free
intrusion detection system but it can be used to
log most any traffic or even to alert you when
certain (illegal/undesirable) traffic is generated.

Runs fine on Windows or Linux either one.

--
Herb Martin


"Alan" <(E-Mail Removed)> wrote in message
news:4F3198E2-5D14-448C-9061-(E-Mail Removed)...
> Maybe this sounds too simple but how about running a script that copies
their
> history and temp files to a secure partition in which they don't have
rights
> to? Or better yet start interviewing other people....

Funny, I've been looking for a way to do the exact opposite in our W2K AD
domain....

--
Regards,
Hank Arnold

"Backup" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I am looking for one of two things
>
> Number 1: Is there a way to block a user from deleting their temp
> internet files and history / cookies. In windows XP. I would like to do
> this gp but I haven't seen an option for this. This pertains to any non
> admin user.
>
>
>
> Number 2: In ISA is there a way to log what ever a particular user has
> done internet wise. such ass a list of all websites they have browsed.
>
>
>