Batch to delete TIFs, History, and Cookies

[Guest]

By the subject, some of you will say this is easy and/or already been
answered a million times. Well, my particular case has not. And I've
searched through the messages for the past hour and a half to see if it has.
With that, I'll begin my explanation.

------------
The Setup
------------
I am the lab administrator at Greenville Technical College. There are
thirty machines in my lab, and one of my jobs is monitoring what the students
are doing. If they're just playing around online, or looking at things they
ought not be looking at, I need to notify them that they are violating lab
policy. If it becomes an excessive issue, I'll need to revoke their lab
priveliges and notify my boss, with evidence, of the offense.

All machines use WinXP Pro SP2 in a domain environment.

-----------------
Whats Needed
-----------------
Ultimately, I need a batch that clears the temporary internet files,
history, and cookies from the current logged on user. I would like (but not
necessary) to be able to run this script from my computer here in the office
(office is attached to the lab of 30 machines) for any 1 particular machine,
or for all at once. I understand that it might be easier to have it in a
startup folder, and run a reboot batch nightly. If this be the case, then I
already have a working reboot batch for all machines.

-------------
The Issues
-------------
I have done some extensive internet research to try and cover this topic,
but to no avail. Every sample batch people have used or recommended doesn't
exactly work as stated. I've ran a few, and as it's running it shows that it
is in the process of deleting temporary files, and indeed does clear out the
Content.IE5 folder and all its subdirectories of randomly generated names.
However, if I then go to that specific computer node, and browse to
"C:\Documents and Settings\%username%\Local Settings\Temporary Internet
Files", they are all still there.

Now, I know there is an option in IE to clear the cache upon exiting the
browser, however, this is not acceptable. If there is a potential offending
internet user, I'll need evidence to prove it. And if all he/she has to do
is close the browser to clear their tracks, I'm up the creek. The reason
this is such a big deal is because we've had to expell people in the not so
distant past for such offenses, and we're just trying to keep guard and keep
our labs clean.

That being said, my boss initially wanted me to write a batch to copy over
the contents of the potential offender's Temporary Internet Files, History,
Cookies, etc., to my computer in the office for future review. I wrote one
to do that, but in the process, I found that it had copied over 15,000 files
because the TIF's were never cleared out (or had been a long time since the
last clear). This left wayy too many files to have to search through, so
that's when I decided it necessary to clean them all out at the end of the
night, and if its necessary to dump that information to my computer on the
next day, then there is only that day's information to sort through--if that
makes sense.

I apologise for the length of this post, but I had to be detailed to make
sure I got my point across. Thanks to you all in advance for any knowledge
or help on the situation you may provide. I have received help from this
community before, and I trust that the brilliant minds here will be able to
handle this one!

 

[Gary Smith]

When you clear the files from Content.IE5, is the index.dat file being
deleted along with the others? If not, viewing the TIF folder in Explorer
will show all of the files still present even though they're gone. What
you see when you view the TIF folder is what's listed in index.dat, not
what's actually present.

By the subject, some of you will say this is easy and/or already been
answered a million times. Well, my particular case has not. And I've
searched through the messages for the past hour and a half to see if it has.
With that, I'll begin my explanation.

------------
The Setup
------------
I am the lab administrator at Greenville Technical College. There are
thirty machines in my lab, and one of my jobs is monitoring what the students
are doing. If they're just playing around online, or looking at things they
ought not be looking at, I need to notify them that they are violating lab
policy. If it becomes an excessive issue, I'll need to revoke their lab
priveliges and notify my boss, with evidence, of the offense.

All machines use WinXP Pro SP2 in a domain environment.

-----------------
Whats Needed
-----------------
Ultimately, I need a batch that clears the temporary internet files,
history, and cookies from the current logged on user. I would like (but not
necessary) to be able to run this script from my computer here in the office
(office is attached to the lab of 30 machines) for any 1 particular machine,
or for all at once. I understand that it might be easier to have it in a
startup folder, and run a reboot batch nightly. If this be the case, then I
already have a working reboot batch for all machines.

-------------
The Issues
-------------
I have done some extensive internet research to try and cover this topic,
but to no avail. Every sample batch people have used or recommended doesn't
exactly work as stated. I've ran a few, and as it's running it shows that it
is in the process of deleting temporary files, and indeed does clear out the
Content.IE5 folder and all its subdirectories of randomly generated names.
However, if I then go to that specific computer node, and browse to
"C:\Documents and Settings\%username%\Local Settings\Temporary Internet
Files", they are all still there.

Now, I know there is an option in IE to clear the cache upon exiting the
browser, however, this is not acceptable. If there is a potential offending
internet user, I'll need evidence to prove it. And if all he/she has to do
is close the browser to clear their tracks, I'm up the creek. The reason
this is such a big deal is because we've had to expell people in the not so
distant past for such offenses, and we're just trying to keep guard and keep
our labs clean.

That being said, my boss initially wanted me to write a batch to copy over
the contents of the potential offender's Temporary Internet Files, History,
Cookies, etc., to my computer in the office for future review. I wrote one
to do that, but in the process, I found that it had copied over 15,000 files
because the TIF's were never cleared out (or had been a long time since the
last clear). This left wayy too many files to have to search through, so
that's when I decided it necessary to clean them all out at the end of the
night, and if its necessary to dump that information to my computer on the
next day, then there is only that day's information to sort through--if that
makes sense.

 

[kaream]

"What you see when you view the TIF folder is what's listed in
index.dat, not what's actually present."

Thanks, Gary. I've seen hints to that general effect here in these
discussion groups, but never stated quite so plainly.

Actually, Bryan, I suspect your situation is going to be somewhat
different as administrator of 30 machines; I'm not sure what you will
see, but would be curious to know if you'd be kind enough to post back
here.

On a single-user XP machine, if you click down in Windows Explorer to
the TIF folder, you'll see a bunch of cookies and other pointers
listed, but not Content.IE5 or index.dat. So what Gary is saying is
that this is the listing from the hidden index.dat. Again talking
about a single-user computer, the easiest way to see the hidden stuff
is to click the TIF folder to put that much of the pathname into the
Explorer address bar, and append "\content.ie5" following the word
"Files". Now under the main TIF folder you'll still see the cookies
and pointers, and in Content.IE5 you'll see the various randomly-named
subfolders as well as index.dat and desktop.ini. Unlike the pointers
in the main TIF folder, the files inside the randomly-named folders are
all real files that had been automatically downloaded from each website
visited; the filenames in the two different areas are similar but not
identical. At this point you can simply delete whatever you want to
get rid of, from either area.

The difference between a single-user vs a multi-user XP computer is
that on a multi-user machine, if you look at any logon other than your
own, what you see is that person's index.dat, desktop.ini and
Content.IE5, complete with subfolders and real files, but not their TIF
cookies and pointers. You also cannot see their actual History
entries, although you can see the index.dat files for the main History
folder, and for its subfolders. The contents of other users' dedicated
Cookies folders are not hidden, but these will probably not be
identical to the TIF cookies -- at least they aren't in mine, because I
use CookieWall, which blocks new cookies from the Cookies folder but
not from the TIF folder.

So we're not at all answering your question about a multi-machine
environment, much less about an appropriate batch file -- but perhaps
these comments may help a little. I assume you're not particularly
interested in whatever OLK or other special hidden folders there might
be inside TIF; getting at these is slightly more complicated, but not
difficult. Note, however, that working at the DOS level with your
batch file will still not necessarily access everything hidden in
Windows -- MS also hides lots of stuff from DOS. I think the first
thing you need to do, once you know all of the hidden stuff you have to
look for, is to find out exactly what on your 30 computers you can
access from your admin machine in Windows, and then in DOS. At that
point it should be pretty easy to write your batch file.

 

[Guest]

Hi Gary,

Thanks for your post.

To answer your question, no, the batch file is NOT deleting the index.dat
file, as it says it is currently being used by another process. However, I
logged in as my administrator account, browsed to that users profile, and
deleted it that way. (It was my first impression that the TIFs I was seeing
were due to entries in the index.dat). I then rebooted, and logged in as the
user profile whos tracks I wanted to delete, browsed to the TIF folder, only
to find it all still there, with a fresh regenerated index.dat file.

So at that point, I figured it must be something else. I'm still clueless.

 

[Guest]

If then, however, my problem is stemming from the index.dat file, would there
be a way to include code in the batch to delete the index.dat file as it is
also cleaning the TIFs, Cookies, and History?

 

[Gary Smith]

As you've found, you can't delete index.dat for the currently logged-on
user because it's always busy. There's a way around that, but it involves
stopping explorer.exe, which is at best inconvenient. However, for any
other user, an administrator can delete the Content.IE5 folder and all of
its contents. That pretty much guarantees a clean slate. I've done that
numerous times on my machine with no ill effects whatever. The necessary
folders and files are recreated as necessary. This appears to be the only
way to reduce the size of index.dat, which otherwise will apparently grow
without limit.

Hi Gary,

Thanks for your post.

 

[Martin Underwood]

Bryan Scott wrote in
(e-mail address removed):

Now, I know there is an option in IE to clear the cache upon exiting
the browser, however, this is not acceptable. If there is a
potential offending internet user, I'll need evidence to prove it.
And if all he/she has to do is close the browser to clear their
tracks, I'm up the creek. The reason this is such a big deal is
because we've had to expell people in the not so distant past for
such offenses, and we're just trying to keep guard and keep our labs
clean.

What's to stop a user doing Tools | Internet Options | Delete Files and
Clear History in Internet Explorer, and then doing Start | Settings |
Taskbar | Start Menu | Customize | Clear? Maybe even going into
Docs+Sets\user\Local Files\TIF and deleting the contents of all the folders.

It's what I'd do if I wanted to cover my tracks - only takes a minute or
two. I bet many students, especially if they knew that they were going to be
expelled for this "offence", would do it.

As a matter of interest, what does the department object to? Is it accessing
illegal/dubious sites such as porn, or is it *any* browsing that's not
directly relevant to the work of the lab?

 

[kaream]

"All machines use WinXP Pro SP2 in a domain environment."

"... as it's running it shows that it is in the process of deleting
temporary files, and indeed does clear out the Content.IE5 folder and
all its subdirectories of randomly generated names. However, if I
then go to that specific computer node, and browse to "C:\Documents and
Settings\%username%\Local Settings\Temporary Internet Files", they are
all still there."

The basic question, to which I have no idea of the answer, is exactly
how does this master admin computer communicate with the 30 student
computers, and vice versa? Is there a standard built-in setup for this
domain environment, or was the protocol specially written for this
particular lab? If your admin machine is reporting that the 30
individual TIFs have been cleared when in fact they have not, then no
batch file is going to solve your problem. On the other hand, once
you've established that you can reliably read and write to the 30
machines from your admin computer, then you could presumably overcome
Martin Underwood's objection by having each student machine write and
update a copy of its TIF to your admin computer in real time rather
than at the end of the day.

 

[Guest]

Group Policy stops them from doing that. They're rather restricted by what
they can do with IE.

 

[Guest]

I have a batch file that maps a network drive to the specific computer's
login profile, and then runs a set of commands to clear out TIF, cookies, and
history. I run it from my computer in the office, and it maps to the first
node, runs the commands, then cuts the mapped connection. It then repeats
this process for the second node, third node, and so-on. This is how they
are communicating.

The machine I'm running it from doesnt "report" that the files have been
cleared out, however, if you watch the batch file in execution it shows that
files are being deleted from the specified folder.

As long as a connection is mapped to the computers, I can read and write
from them. I don't think it necessary to have all of them write to my
machine on the fly as websites are visited. There'd be more cleanup involved
than necessary.

 

[kaream]

As mentioned above, I have no experience with or knowledge of this kind
of setup, but unless I'm misunderstanding something, on the one hand
you're saying that your batch file *does* delete the students' TIFs,
but then to the contrary, "if I then go to that specific computer node,
and browse to "C:\Documents and Settings\%username%\Local
Settings\Temporary Internet Files", they are all still there."

This is why I assumed your admin machine was "reporting" the folders
and files were deleted when in fact they had not been. It seems to me
that since your purpose is to get all those folders deleted from the 30
student machines, it really doesn't matter what message is returned by
your batch file on the admin machine if it isn't actually deleting
them. If it were me, I would set up one of the student computers next
to mine, and try tweaking the delete command until I knew it worked
reliably, and then incorporate that command into the batch file. Again
I don't know, but I suspect Gary Smith's point that "you can't delete
index.dat for the currently logged-on user because it's always busy"
might be part (or even all?) of the problem. I'm also not quite sure
whether you're trying to delete the students' Content.IE5 folders,
their index.dat files, their pointers appearing in the main TIF folder,
or what combination of these. Depending on how you're logged on,
Windows and/or DOS will not find some of these different things.

As I'm sure you know, access to History behaves differently from access
to TIF. And "cookies" depends on whether you mean the cookies in the
TIF folder or those in the Cookies folder.

Or perhaps I'm entirely misunderstanding the problem.