Solved

Delete Internet Explorer temporary internet files on terminal server

Posted on 2013-11-04
8
6,512 Views
Last Modified: 2013-12-30
I need to automate the routine removal of temporary internet files from every local user profile on a terminal server, preferably using the GPO option, "Empty temporary internet files folder when browser is closed".

I have created a GPO and linked it to the Terminal Server OU (where the terminal server computer account resides). I have tried enabling the user configuration setting and loopback processing on the GPO, and have also tried enabling the computer configuration setting. I have verified through gpresult on the terminal server that the policy is being applied, but it is not deleting the files. Screenshot attached.

Terminal server is running Windows Server 2008 R2 and IE 9. I have tested this GPO on other non-terminal server servers (also Server 2008 R2 with IE9), and the GPO works as long as only ONE user is logged into that server at a time. If I log in more than one administrator user on the other servers and open multiple IE sessions, then the policy does not successfully delete the files when the browser is closed in either one or both remote desktop sessions.

I suspect there may be an inherent flaw in this policy whereby it does not work on terminal servers, where multiple users are logged in and multple IE sessions are constantly running. I have not verifed this theory yet by logging in outside business hours when no other users are logged in to see if the GPO works with only one user logged in.

Any ideas?

Thank you,

Jeff
GPO.png
0
Comment
Question by:garner-it
8 Comments
 
LVL 38

Accepted Solution

by:
Tom Beck earned 125 total points
ID: 39743751
While not a GPO solution, the solution here using Scheduled Tasks shows promise.

http://www.petri.co.il/forums/showthread.php?t=55025
0
 
LVL 21

Assisted Solution

by:Larry Struckmeyer MVP
Larry Struckmeyer MVP earned 125 total points
ID: 39744019
What is the goal, besides just deleting?  If to save space, what if you simply limited them to some really small number of temporary files?  A quick search turns up several GPO possibilities so I won't list any here.
0
 
LVL 15

Assisted Solution

by:joharder
joharder earned 125 total points
ID: 39744675
The GPO that is supposed to accomplish this is flaky at best.  Bottom line is that you can't depend on it.

The easiest way to effectively and completely delete Temporary Internet Files is to delete the folder contents of this specific folder via GPO.  So long as your AD is Windows Server 2008 R2, you can create a GPO based on an action for this specific location.  Set the policy to delete.  What this will do is delete the contents of that location every time GPOs are run (~90 minutes).  We've been doing it this way for about a year now with no issues whatsoever.

Doing it this way is much easier than scripting a logoff script or scheduled task.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 20

Expert Comment

by:Svet Paperov
ID: 39746215
Please, take a look at Internet Explorer Administration Kit (IEAK). It allows you to specify and lock down any option.

http://technet.microsoft.com/en-us/ie/bb219517.aspx
0
 
LVL 20

Assisted Solution

by:Svet Paperov
Svet Paperov earned 125 total points
ID: 39746236
Addition to my previous post: “Delete browsing history on exit” is not part of IEAK. Here is my GPO configuration supporting that (in the PNG file)
Delete browsing history on exit via GPO
0
 

Author Closing Comment

by:garner-it
ID: 39746583
Thank you all for your comments and proposed solutions.

o TommyBoy: The logon/logoff script looks promising and I will look into that further.

o FlyFishing: I will consider limiting the TIF size via GPO. It's already set at 250MB for each user, which I guess is the default (not sure where that setting is coming from), but I've found several users that had TIF folders of 5+GB so I'm not sure how effective that setting is.

o Joharder: I will look into the folder-based GPO policy.

o Spaperov: I didn't realize the "Delete browsing history" setting has the ability to delete temporary internet files, as I thought it was only for clearing the web site history list. Reading the policy description, it indicates it does also allow control of deleting temporary internet files, so I will look into this as an option as well.

Between these 4 options, I'm bound to get something working!

Thanks again!

Jeff
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now