I think we are all on the same page when it comes to understanding the issues that surround the problems that certain files that are obtained from the Internet can cause on a single system and the entire network. We try every possible configuration, firewall setting, phishing settings, malware, adware, and virus protection to stop these malicious attacks. Still, the Internet poses a risk that must be protected. One area of Internet Explorer that you can "aid" in protecting desktops and the entire network is in the area of cleaning up the Temporary Internet files that are downloaded during user browsing Web pages. By cleaning up these files, you can help protect the desktop and the network from being invaded by malicious files.
Default Location of Temporary Internet Files
When Internet Explorer launches for the first time, it starts to immediately store files that it puts into the browser interface for faster access time the next time the Web page is viewed. The default location for these Temporary Internet Files is under a different location depending on the version of Windows that you are using. Here is the breakdown of the file location per Desktop OS:
Path to Temporary Internet Files
C:\Users\<name>\AppData\Local\Microsoft\Windows\Temporary internet Files
C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files
C:\Documents and Settings\username\Local Settings\Temporary Internet Files
Manually Controlling the Temporary Internet Folder Contents
When you are sitting at the console of your Windows desktop and you want to ensure that the files that you were just viewing are not stored on your computer anymore, you can clean those files up. Let's say that you were just working away at your desk and remembered that you needed to book the hotel reservations for that vacation that is coming up. You head out to your favorite hotel reservation Web site, I prefer www.yahoo.com\travel, and do searching on that killer all-inclusive resort in Cancun, Mexico. After an hour of reviewing the resorts, tours, transportation, nightlife, and child care accommodations, you realize that your computer just stored nothing but paradise pictures and files on your work computer. You need to clean these up!
To clean these up, you can go into the Internet Explorer tools, which on my Vista computer running IE 7, is under the Tools dropdown list and select Internet Options. The Internet Options dialog box appears, as shown in Figure 1.
Figure 1: Internet Options dialog box is used to configure IE settings
On the default tab, the General tab, you will find an entire section on Browsing History. Here, you have a button labeled Delete, which will delete the history of the Internet Explorer. With the new versions of IE, you can control what is being deleted, such as Temporary Internet Files, Cookies, History, Form data, and Passwords. Obviously, we are mostly concerned about the Temporary Internet Files here. When you select the Delete Files button, you will initially be asked to confirm your selection, which upon clicking it, will delete the files in the Temporary Internet Files folder.
Using Group Policy Preferences to Delete Files
When you crack open a GPO in Windows Server 2008 or Windows Vista SP1, you will find a new set of GPO settings that fall under the Preferences node. The setting that we want to focus on can be found under either the Computer Configuration node or the User Configuration node. The path to our setting is the same under each node: Preferences\Windows Settings\Folders.
When you get to this node, right-click Folders, then select the New - Folder. This will open up the New Folder Properties dialog box, as shown in Figure 2.
Figure 2: Group Policy Preferences Folder Policy
Within this policy, you will need to configure the Action of the policy, as well as the path to the folder that you want to control initially. The action mode that you want to configure is Delete, obviously. Then, you will type in the path to the Temporary Internet Files based on the operating system that you are targeting. Finally, you will need to select the check box that is labeled Delete all files in the folder(s) to ensure that you remove all of the files in the Temporary Internet Files folder.
One of the great benefits of using the Group Policy Preferences via Group Policy is that it adheres to the background refresh that Group Policy possesses. This occurs every 90 minutes (give or take 30 minutes either way) on all computers that process Group Policy. Thus, the files will be deleted from all computers that the GPO targets within a two hour period!
Targeting the Correct Operating System
Now, you will need to have some solution in order to target Windows Vista computers versus Windows XP computers, since they have different paths to the Temporary Internet Files location. You could develop some elaborate OU design scheme which has your Windows XP desktops located under a WindowsXP OU and your Windows Vista desktops located under a WindowsVista OU. This would work, but consider that you would potentially have to redesign a portion of your Active Directory structure.
As an alternate solution, that fits into the Windows Server 2008/Vista Group Policy Preferences, you can use Item-level Targeting to ensure that the GPO setting "hits" the correct OS version. To set up Item-level targeting for your GPO settings to erase the files for XP and Vista, you will need to create two different Folder Policies. Then, for each policy setting, you will configure a "target".
Item-level targeting is configured inside of the GPO setting, by clicking on the Common tab, as shown in Figure 3.
Figure 3: The Common tab allows you to configure an item-level target
When you click on the Targeting button, you will have the Targeting Editor dialog box open. To configure the operating system version for your policy, select the New Item dropdown list and select Operating System. Within the bottom pane, select the dropdown list for Product. Choose either Windows XP or Windows Vista, depending on the path you input for the policy setting, as shown in Figure 4.
Figure 4: Item-level targeting allows you to target computers running a specific operating system version
You can configure both Folder Policies in the same GPO if you , since the targeting action will delineate the correct path to the proper operating system version. After you configure each of your policy settings for Windows XP and Windows Vista, you will be cleaning up the Temporary Internet files on all desktops on an interval of every 90 minutes or so.
Cleaning up the Temporary Internet Files folder is important to all desktops on your network. This will protect the desktops from malicious files that want to attack the local system, as well as the entire network. The temporary files can be cleaned manually, but as a proactive network admin, you will want to clean these up for your users periodically. By using the Group Policy Preferences you can have this action done every 90 minutes or so. The settings are easy to configure and with item-level targeting, you can ensure that the correct path of the temporary files matches the correct operating system version.