Collaboration

Video: Control users' temporary Internet files and browser history

If monitoring software is too costly for your budget, you may was to consider a technique that uses existing Windows XP and Windows Server 2003 functionality. In this IT Dojo video, Bill Detwiler shows you a simple monitoring solution that uses Windows Server 2003 Group Policy.

Monitoring your users' Internet activity is an often unwelcome part of an IT professional's job. Few of us want to be the office's secret police. However, many companies require some level of Internet monitoring to ensure compliance with usage policies and to track problem users.If monitoring software is too costly for your IT department's budget, you may want to consider a technique that uses existing Windows XP and Windows Server 2003 functionality. In this IT Dojo video, I demonstrate a simple monitoring solution that uses Windows Server 2003 Group Policy.

Before watching the video, you should realize this tip isn't right for every situation. This method uses Windows XP and Internet Explorer's local browsing history. To view the history files, you must physically visit each machine, remotely access the machine, or copy the files to a network location with a script. Furthermore, a sophisticated end-user could easily navigate to and delete the browser history. This monitoring technique is best suited when monitoring a small number of users, or better yet, a single, problem user. If you're looking for a more robust Internet monitoring solution, I recommend you go with a commercial service or application.

After watching the video, you can read the original tip in Derek Schauland' article, "Control users' temporary Internet files and browser history using Windows Server 2003 Group Policy". For more Internet usages and monitoring advice, check out the following TechRepublic Resources:

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

19 comments
group policy
group policy

I loved it but i tried to do it and for some reason its not accepting it. I clicked on run then typed in the gpedit.msc but won't accept it when i hit ok. whats wrong??

1Cat2Many
1Cat2Many

Users are notified that they are monitored, both on login and during annual training sessions. It's no secret, if you're going to abuse your privileges you're going to get caught.

ceji
ceji

about 50% of your tip I have used in my job, I learn more every tip. Please keep going on. I love you

BALTHOR
BALTHOR

My Panda always gets them there.My thoughts are that the hackers are in at sys ex and they pull virus out of your chips like the CPU.They even tie stop virus to your installed software or firmware.These virus end up in a temp folder.The hackers are trying to block an FCC scan or a memory dump command.The virus never travel the Internet wires they're already recorded into the computer's electronics.

Bill Detwiler
Bill Detwiler

If monitoring software is too costly for your budget, you may was to consider a technique that uses existing Windows XP and Windows Server 2003 functionality. In a recent IT Dojo video, I demonstrated how to control users' temporary Internet files and browser history through Windows Server 2003 Group Policy. Original post: http://blogs.techrepublic.com.com/itdojo/?p=146 The technique I describe in the video is best suited when monitoring a small number of users, or better yet, a single, problem user. If you're looking for a more robust Internet monitoring solution, you should consider a commercial service or application, like SurfControl, WebSense, or Track4Win. What's the best Internet monitoring tool or technique that you've used?

cewcathar
cewcathar

Hi, I think some things do travel over the internet wires; I think people put back doors into your Windows using the wires?? Anyway, maybe that is what happened to me, it came over the wires. I was working on a job application online. All of a sudden my computer did a core memory dump & shut off. Normally that is to help the administrator, but I wonder if it could have been done so that the administrative system could be gotten control of. I had all my resumes in a folder on the C drive & when I shut the computer back on the anti-virus program had been disabled. What would have done that?? I immediately went off line and deleted my files (a dumb decision; I should have overwritten my personal information and resaved them) because this was at the job service and I did not have a way to clean up the whole hard drive. --CEW

The 'G-Man.'
The 'G-Man.'

Lets see if they can find out who or what you are!

Chipv
Chipv

Balthor, Go back to Planet " I wish i had a clue" and leave us IT Ninjas to the comments!

clusty1
clusty1

While this is indeed an easy way, it seems it takes a lot of time to check. I guess that it would be simpler to force users to use a proxy server and then you can really easily check browsing habits and single out those bandwidth hoggers :D There are also lots of opensource projects that passively monitor local traffic and generate reports. One such tool might be ntop.

TechnoDoc
TechnoDoc

Just a consideration... A bad thing about this technique may be that in some businesses you might not want to make it easy for anyone to sit down at a workstation and view the browser history, which is wide open in the browser with this technique (just use the menu or type control-H). Maybe one employee should not be able to see what another employee is investigating on the net. The careful user who wants to maintain good privacy and security by regularly deleting the cache is frustrated in his or her efforts, and you mistrain people that it is not useful or viable to think of clearing the cache regularly.

paul.bird.ctr
paul.bird.ctr

Here's a better plan. Just have a script go and get the index.dat file and run PASCO or Web Historian on it. This will give you a very nice spreadsheet to review. The users cannot delete this file and it will hold all web locations visited down to jpg's. See http://www.securityfocus.com/infocus/1827 for more information on this process.

Understaffed
Understaffed

I've been using IE Spy for several years to remotely gather history on problematic users. The firewall content filter will get a hit (or series of hits), or there will be a complaint of someone spending too much time viewing news/sports/whatever, and I'll run the tool against the suspect PC. The script generates a html output listing the full URL, user name, date, time and machine name of every site/page visited. It works extremely slick. I haven't had to download it in a couple of years, but found one copy here: http://www.freevbcode.com/ShowCode.asp?ID=4301

Wally Bahny
Wally Bahny

Nirsoft has created a tool called IEHistoryView that is Freeware that allows you to view these logs on any computer on your network. Couple the command line of this with some crafty programming, and you can (reasonably) easily log Internet usage to a database.

cewcathar
cewcathar

I'm thinking now that it was their system that dumped the memory and shut the computer down although I've heard that there are viruses that work this way?? (A core dump or memory dump to get at the higher level flag bigs??) Thanks. Still a newbie, CEW

ILUVIT
ILUVIT

Hey, wbahny or any one else -- I just downloaded IEHV, cool program, but it only shows history for one user profile at a time. Is it possible to get one total list to see what other user accounts are accessing (on my terminal servers)? Kind of tedious to load one profile at a time with 100 user profiles :(

Wally Bahny
Wally Bahny

I wrote a VB.NET app that executes the command line of IEHV, which writes the data to a temp file, then VB imports that info into a grid (or better yet, a database) for analysis.