• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7373
  • Last Modified:

Delete Internet Explorer temporary internet files on terminal server

I need to automate the routine removal of temporary internet files from every local user profile on a terminal server, preferably using the GPO option, "Empty temporary internet files folder when browser is closed".

I have created a GPO and linked it to the Terminal Server OU (where the terminal server computer account resides). I have tried enabling the user configuration setting and loopback processing on the GPO, and have also tried enabling the computer configuration setting. I have verified through gpresult on the terminal server that the policy is being applied, but it is not deleting the files. Screenshot attached.

Terminal server is running Windows Server 2008 R2 and IE 9. I have tested this GPO on other non-terminal server servers (also Server 2008 R2 with IE9), and the GPO works as long as only ONE user is logged into that server at a time. If I log in more than one administrator user on the other servers and open multiple IE sessions, then the policy does not successfully delete the files when the browser is closed in either one or both remote desktop sessions.

I suspect there may be an inherent flaw in this policy whereby it does not work on terminal servers, where multiple users are logged in and multple IE sessions are constantly running. I have not verifed this theory yet by logging in outside business hours when no other users are logged in to see if the GPO works with only one user logged in.

Any ideas?

Thank you,

Jeff
GPO.png
0
garner-it
Asked:
garner-it
4 Solutions
 
Tom BeckCommented:
While not a GPO solution, the solution here using Scheduled Tasks shows promise.

http://www.petri.co.il/forums/showthread.php?t=55025
0
 
Larry Struckmeyer MVPCommented:
What is the goal, besides just deleting?  If to save space, what if you simply limited them to some really small number of temporary files?  A quick search turns up several GPO possibilities so I won't list any here.
0
 
joharderCommented:
The GPO that is supposed to accomplish this is flaky at best.  Bottom line is that you can't depend on it.

The easiest way to effectively and completely delete Temporary Internet Files is to delete the folder contents of this specific folder via GPO.  So long as your AD is Windows Server 2008 R2, you can create a GPO based on an action for this specific location.  Set the policy to delete.  What this will do is delete the contents of that location every time GPOs are run (~90 minutes).  We've been doing it this way for about a year now with no issues whatsoever.

Doing it this way is much easier than scripting a logoff script or scheduled task.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Svet PaperovIT ManagerCommented:
Please, take a look at Internet Explorer Administration Kit (IEAK). It allows you to specify and lock down any option.

http://technet.microsoft.com/en-us/ie/bb219517.aspx
0
 
Svet PaperovIT ManagerCommented:
Addition to my previous post: “Delete browsing history on exit” is not part of IEAK. Here is my GPO configuration supporting that (in the PNG file)
Delete browsing history on exit via GPO
0
 
garner-itAuthor Commented:
Thank you all for your comments and proposed solutions.

o TommyBoy: The logon/logoff script looks promising and I will look into that further.

o FlyFishing: I will consider limiting the TIF size via GPO. It's already set at 250MB for each user, which I guess is the default (not sure where that setting is coming from), but I've found several users that had TIF folders of 5+GB so I'm not sure how effective that setting is.

o Joharder: I will look into the folder-based GPO policy.

o Spaperov: I didn't realize the "Delete browsing history" setting has the ability to delete temporary internet files, as I thought it was only for clearing the web site history list. Reading the policy description, it indicates it does also allow control of deleting temporary internet files, so I will look into this as an option as well.

Between these 4 options, I'm bound to get something working!

Thanks again!

Jeff
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now