?
Solved

Delete Internet Explorer temporary internet files on terminal server

Posted on 2013-11-04
8
Medium Priority
?
7,270 Views
Last Modified: 2013-12-30
I need to automate the routine removal of temporary internet files from every local user profile on a terminal server, preferably using the GPO option, "Empty temporary internet files folder when browser is closed".

I have created a GPO and linked it to the Terminal Server OU (where the terminal server computer account resides). I have tried enabling the user configuration setting and loopback processing on the GPO, and have also tried enabling the computer configuration setting. I have verified through gpresult on the terminal server that the policy is being applied, but it is not deleting the files. Screenshot attached.

Terminal server is running Windows Server 2008 R2 and IE 9. I have tested this GPO on other non-terminal server servers (also Server 2008 R2 with IE9), and the GPO works as long as only ONE user is logged into that server at a time. If I log in more than one administrator user on the other servers and open multiple IE sessions, then the policy does not successfully delete the files when the browser is closed in either one or both remote desktop sessions.

I suspect there may be an inherent flaw in this policy whereby it does not work on terminal servers, where multiple users are logged in and multple IE sessions are constantly running. I have not verifed this theory yet by logging in outside business hours when no other users are logged in to see if the GPO works with only one user logged in.

Any ideas?

Thank you,

Jeff
GPO.png
0
Comment
Question by:garner-it
6 Comments
 
LVL 38

Accepted Solution

by:
Tom Beck earned 500 total points
ID: 39743751
While not a GPO solution, the solution here using Scheduled Tasks shows promise.

http://www.petri.co.il/forums/showthread.php?t=55025
0
 
LVL 22

Assisted Solution

by:Larry Struckmeyer MVP
Larry Struckmeyer MVP earned 500 total points
ID: 39744019
What is the goal, besides just deleting?  If to save space, what if you simply limited them to some really small number of temporary files?  A quick search turns up several GPO possibilities so I won't list any here.
0
 
LVL 15

Assisted Solution

by:joharder
joharder earned 500 total points
ID: 39744675
The GPO that is supposed to accomplish this is flaky at best.  Bottom line is that you can't depend on it.

The easiest way to effectively and completely delete Temporary Internet Files is to delete the folder contents of this specific folder via GPO.  So long as your AD is Windows Server 2008 R2, you can create a GPO based on an action for this specific location.  Set the policy to delete.  What this will do is delete the contents of that location every time GPOs are run (~90 minutes).  We've been doing it this way for about a year now with no issues whatsoever.

Doing it this way is much easier than scripting a logoff script or scheduled task.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 20

Expert Comment

by:Svet Paperov
ID: 39746215
Please, take a look at Internet Explorer Administration Kit (IEAK). It allows you to specify and lock down any option.

http://technet.microsoft.com/en-us/ie/bb219517.aspx
0
 
LVL 20

Assisted Solution

by:Svet Paperov
Svet Paperov earned 500 total points
ID: 39746236
Addition to my previous post: “Delete browsing history on exit” is not part of IEAK. Here is my GPO configuration supporting that (in the PNG file)
Delete browsing history on exit via GPO
0
 

Author Closing Comment

by:garner-it
ID: 39746583
Thank you all for your comments and proposed solutions.

o TommyBoy: The logon/logoff script looks promising and I will look into that further.

o FlyFishing: I will consider limiting the TIF size via GPO. It's already set at 250MB for each user, which I guess is the default (not sure where that setting is coming from), but I've found several users that had TIF folders of 5+GB so I'm not sure how effective that setting is.

o Joharder: I will look into the folder-based GPO policy.

o Spaperov: I didn't realize the "Delete browsing history" setting has the ability to delete temporary internet files, as I thought it was only for clearing the web site history list. Reading the policy description, it indicates it does also allow control of deleting temporary internet files, so I will look into this as an option as well.

Between these 4 options, I'm bound to get something working!

Thanks again!

Jeff
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses
Course of the Month8 days, 23 hours left to enroll

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question