List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] GPO For deleting Temp Items

Prev Next

You are not authorized to post a reply.

Page 2 of 2

Author

Messages

christine.allen User is Offline

Posts:11

10/03/2008 12:52 PM
Fs, I ag wh all of you of h ssu of oup pofls. I ha no suppod oamng pofls fo ha ason. Impan uss jus shung off h ompus whl loggng off. No B9 dos no dl, jus als you and bloks h xuon/nsallaon of non appod sofwa. Th mhodology s o "whls" wha you us, (.. wod, xl, ) and blok yhng ls. So on w a n lok-down, only applaons ha a appod wll b allowd o b xud. So, hs pols a no gong o b a daly hng. Jus pa of ou du dlgn of lanng up h malous suff w ha found. I don' plan on unnng hs agans yon jus hos fw ha w ha found wh h od n h pofls. -Chsn Chsn N. lln S. Sysms Engn Salm F 210 Essx S Salm, M 01970 978-720-5928 hsn.alln@salmf.om Ths nfomaon may b onfdnal and/o plgd. Us of hs nfomaon by anyon oh han h nndd pn s pohbd. If you d hs n o, plas nfom h snd and mo any od of hs mssag. ________________________________ Fom: -own@mal.ad.og [malo:-own@mal.ad.og] On Bhalf Of an Ma-Ela Sn: Fday, Oob 03, 2008 12:13 PM To: @mal.ad.og Subj: RE: [] GPO Fo dlng Tmp Ims a- I nd o ag wh wha you a sayng abou gng uss an oppouny o g fusad nough o oup h pofls. pndng upon h nonmn, ha sk s al and panful. lnas ha manda lang ou hs fls nlud usng GP Pfns o dsbu a Shduld Task o hs uss ha dos h job on a sm-pod bass, o lyng on h us o do . You an also onfgu TIF o b small o sa wh, so ha h pan of dlng on logoff s no so ga. How, f h boom ln bhnd dlng h onns on a gula bass s o pn bad od sod h fom xung, hn I nd o ag wh h pon you mply blow ha ha s pobably a band-ad. Uss who xplly hoos o sa od lswh, as opposd o jus opnng and unnng fom TIF o %mp% wll no b pnd fom anyhng unlss you ha a sysm n pla ha whlss applaon od ha you allow o un. I susp ha was Chsn's moaon fo a ool lk B9 n h fs pla. Of ous, mananng whlss s no al n any dn-szd oganzaon, bu anly hlps aod many of h ssus ha mgh b ausd by uss ndsmnaly downloadng suff. an Fom: -own@mal.ad.og [malo:-own@mal.ad.og] On Bhalf Of a Wad Sn: Fday, Oob 03, 2008 8:40 M To: @mal.ad.og Subj: RE: [] GPO Fo dlng Tmp Ims In h as of a logoff sp, hn s n wos baus h uss h h swh whl loggng off and you wll hn anly g a damagd pofl. s fo nass n h, ys ha's wh usually l, baus has wh IE ahs hm. ny hng lswh s h baus h us pu h. I was gong o say f B9 ds hm dosn' dl hm hn? a Wad Busnss Ss I.C.T. 0161 474 5456 ________________________________ Fom: -own@mal.ad.og [malo:-own@mal.ad.og] On Bhalf Of Chsn.lln@salmf.om Sn: 03 Oob 2008 16:26 To: @mal.ad.og Subj: RE: [] GPO Fo dlng Tmp Ims I man a logoff sp. Good pon abou h bandwdh. Th ason fo hs s ha w ha mplmnd a nw wh lsng applaon B9. W ha found ha mos of h malous onn s found boh n h mp and Inn mp dos. -Chsn Chsn N. lln S. Sysms Engn Salm F 210 Essx S Salm, M 01970 978-720-5928 hsn.alln@salmf.om Ths nfomaon may b onfdnal and/o plgd. Us of hs nfomaon by anyon oh han h nndd pn s pohbd. If you d hs n o, plas nfom h snd and mo any od of hs mssag. ________________________________ Fom: -own@mal.ad.og [malo:-own@mal.ad.og] On Bhalf Of a Wad Sn: Fday, Oob 03, 2008 10:06 M To: @mal.ad.og Subj: RE: [] GPO Fo dlng Tmp Ims If you wan o aod damagd pofls, an I songly suggs ha you s hs on a "al" mahn wh a ypal quany of fls n hs folds. I would xp ha h fs m you un , h wll los of fls and wll b slow, and h uss wll g fd up wang fo h mahn o shu down, and hn fo pow down h mahn by pullng h wall plug. I also wond abou s ff on xnal nwok bandwdh. By lang h loal ah folks wll always h xnal pag. pndng on h yp of poxy you us h ff ould b sgnfan a Wad Busnss Ss I.C.T. 0161 474 5456 ________________________________ Fom: -own@mal.ad.og [malo:-own@mal.ad.og] On Bhalf Of an Ma-Ela Sn: 03 Oob 2008 14:52 To: @mal.ad.og Subj: RE: [] GPO Fo dlng Tmp Ims Chsn- Kp n mnd ha f you do hs n a shudown sp, may no ha ass o any us's %mp% a ha pon. In fa, mos lkly won', sn h us has alady loggd off by h m shudown sps un. Insad, you pobably wan o us a logoff sp, whh s p-us and uns as h us s loggng off. an ** an Ma-Ela CTO & Found SM Sofwa, In. "Th Goup Poly Exps" www.sdmsofwa.om &l;hp://www.sdmsofwa.om/&g; uoma Goup Poly auds and hangs wh h GPExp(m) Spng Toolk hp://www.sdmsofwa.om/goup_poly_spng Fom: -own@mal.ad.og [malo:-own@mal.ad.og] On Bhalf Of Chsn.lln@salmf.om Sn: Fday, Oob 03, 2008 6:19 M To: @mal.ad.og Subj: RE: [] GPO Fo dlng Tmp Ims Thanks, I found ha. I was lookng fo a GPO o dl h mp doy n h us's pofl. I'm gong o ha a shudown sp dl hm as wll as mplmn h GPO fo Tmp Inn fls. Thanks all fo you suggsons! -Chsn Chsn N. lln S. Sysms Engn Salm F 210 Essx S Salm, M 01970 978-720-5928 hsn.alln@salmf.om Ths nfomaon may b onfdnal and/o plgd. Us of hs nfomaon by anyon oh han h nndd pn s pohbd. If you d hs n o, plas nfom h snd and mo any od of hs mssag. ________________________________ Fom: -own@mal.ad.og [malo:-own@mal.ad.og] On Bhalf Of Paul Loonn Sn: Fday, Oob 03, 2008 9:13 M To: @mal.ad.og Subj: RE: [] GPO Fo dlng Tmp Ims You an aually dl mpoay fls whn you los nn xplo by onfgung goup poly: Th sng s onfgud n dmnsa Tmplas\Wndows Componns\Inn Explo\Inn Conol Panl\dand Pag (you ha hs boh fo uss and ompus) Paul. Fom: -own@mal.ad.og [malo:-own@mal.ad.og] On Bhalf Of Haalson, Jo (GE Comm Fn, non-GE) Sn: Thusday, 02 Oob, 2008 8:46 PM To: @mal.ad.og Subj: RE: [] GPO Fo dlng Tmp Ims I would appa ha also Chsn f you don' mn. ________________________________ Fom: -own@mal.ad.og [malo:-own@mal.ad.og] On Bhalf Of Chsn.lln@salmf.om Sn: Thusday, Oob 02, 2008 12:35 PM To: @mal.ad.og Subj: RE: [] GPO Fo dlng Tmp Ims Su! Compu Confguaon\dmnsa Tmpla\Wndows Componns/Inn Explo/Inn Conol Panl/dand Pag -Chsn Chsn N. lln S. Sysms Engn Salm F 210 Essx S Salm, M 01970 978-720-5928 hsn.alln@salmf.om Ths nfomaon may b onfdnal and/o plgd. Us of hs nfomaon by anyon oh han h nndd pn s pohbd. If you d hs n o, plas nfom h snd and mo any od of hs mssag. ________________________________ Fom: -own@mal.ad.og [malo:-own@mal.ad.og] On Bhalf Of Hay Sngh Sn: Thusday, Oob 02, 2008 12:35 PM To: @mal.ad.og Subj: R: [] GPO Fo dlng Tmp Ims Chsn - would you mnd shang h GPO you found o lan Tmpoay Inn ? I was hnkng abou wng a sp o lan hm upon logoff bu GPO would b n. On Thu, O 2, 2008 a 12:29 PM, &l;Chsn.lln@salmf.om&g; wo: Hllo, os anyon know f h s a GPO o lan ou h C:\oumns and Sngs\Pofl\Loal Sngs\Tmp? I found on fo Tmpoay Inn. If no, dos anyon ha a way o mplmnng hs globally hy would b wllng o sha? TI -Chsn Chsn N. lln S. Sysms Engn Salm F 210 Essx S Salm, M 01970 978-720-5928 hsn.alln@salmf.om Ths nfomaon may b onfdnal and/o plgd. Us of hs nfomaon by anyon oh han h nndd pn s pohbd. If you d hs n o, plas nfom h snd and mo any od of hs mssag. ****************************************************************** Ths mal, and any fls ansmd wh , s onfdnal and nndd solly fo h us of h nddual o ny o whom hy a addssd. s a publ body, h Counl may b qud o dslos hs mal, o any spons o , und h Fdom of Infomaon 2000, unlss h nfomaon n s od by on of h xmpons n h . If you hs mal n o plas nofy Sokpo ICT, Busnss Ss a mal.quy@sokpo.go.uk and hn pmannly mo fom you sysm. Thank you. hp://www.sokpo.go.uk ********************************************************************

davewade

Posts:42

10/03/2008 7:03 PM
I didn't say "don't do it" I said "check that it does what you want". So I would 1) Time it on typical PC to see how long it takes 2) Warn the users (easy if there are only a few) about it 3) Perhaps have some kind of opt in with perhaps a limit of a week.... If you only intend to delete it once then you may need some kind of flag to say its cleaned. You could also e-mail out a link for the users to run "at their leisure". So something like if exist %temp%\cleaned.txt goto :eof erase /s %temp%\. echo "data erased" >%temp%\cleaned.txt (No I havn't tested so it probably has bugs) Dave Wade 0161 474 5456 From: Christine.Allen@salemfive.com Sent: Fri 03/10/2008 17:47 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items First, I agree with all of you of the issue of corrupt profiles. I have not supported roaming profiles for that reason. Impatient users just shutting off their computers while logging off. No Bit9 does not delete, just alerts you and blocks the execution/installation of non approved software. Their methodology is to "whitelist" what you use, (i.e. word, excel, etc) and block everything else. So once we are in lock-down, only applications that are approved will be allowed to be executed. So, these polices are not going to be a daily thing. Just part of our due diligence of cleaning up the malicious stuff we have found. I don't plan on running this against everyone just those few that we have found with the code in their profiles. -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: Friday, October 03, 2008 12:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Dave- I tend to agree with what you are saying about giving users an opportunity to get frustrated enough to corrupt their profiles. Depending upon the environment, that risk is real and painful. Alternatives that mandate clearing out these files include using GP Preferences to distribute a Scheduled Task to these users that does the job on a semi-periodic basis, or relying on the user to do it. You can also configure TIF to be smaller to start with, so that the pain of deleting it on logoff is not so great. However, if the bottom line behind deleting the contents on a regular basis is to prevent bad code stored there from executing, then I tend to agree with the point you imply below that that is probably a band-aid. Users who explicitly choose to save code elsewhere, as opposed to just opening and running it from TIF or %temp% will not be prevented from anything unless you have a system in place that whitelists application code that you allow to run. I suspect that was Christine's motivation for a tool like Bit9 in the first place. Of course, maintaining whitelists is not trivial in any decent-sized organization, but certainly helps avoid many of the issues that might be caused by users indiscriminately downloading stuff. Darren From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dave Wade Sent: Friday, October 03, 2008 8:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items In the case of a logoff script, then its even worse because the users hit the switch while logging off and you will then certainly get a damaged profile. As for nastiest in there, yes that's where usually live, because thats where IE caches them. Any thing elsewhere is there because the user put it there. I was going to say if Bit9 detects them doesn't it delete them then? Dave Wade Business Services I.C.T. 0161 474 5456 From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com Sent: 03 October 2008 16:26 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items I meant a logoff script. Good point about the bandwidth. The reason for this is that we have implemented a new white listing application Bit9. We have found that most of the malicious content is found both in the temp and Internet temp directories. -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dave Wade Sent: Friday, October 03, 2008 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items If you want to avoid damaged profiles, can I strongly suggest that you test this on a "real" machine with a typical quantity of files in these folders. I would expect that the first time you run it, there will lots of files and it will be slow, and the users will get fed up waiting for the machine to shut down, and then force power down the machine by pulling the wall plug. I also wonder about its effect on external network bandwidth. By clearing the local cache folks will always retrieve the external page. Depending on the type of proxy you use the effect could be significant Dave Wade Business Services I.C.T. 0161 474 5456 From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: 03 October 2008 14:52 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Christine- Keep in mind that if you do this in a shutdown script, it may not have access to any user's %temp% at that point. In fact, it most likely won't, since the user has already logged off by the time shutdown scripts run. Instead, you probably want to use a logoff script, which is per-user and runs as the user is logging off. Darren ** Darren Mar-Elia CTO & Founder SDM Software, Inc. "The Group Policy Experts" http://www.sdmsoftware.com/ Automate Group Policy audits and changes with the GPExpertT Scripting Toolkit http://www.sdmsoftware.com/group_policy_scripting From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com Sent: Friday, October 03, 2008 6:19 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Thanks, I found that. I was looking for a GPO to delete the temp directory in the user's profile. I'm going to have a shutdown script delete them as well as implement the GPO for Temp Internet files. Thanks all for your suggestions! -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Paul Loonen Sent: Friday, October 03, 2008 9:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items You can actually delete temporary files when you close internet explorer by configuring group policy: The setting is configured in Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page (you have this both for users and computers) Paul. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Haralson, Joe (GE Comm Fin, non-GE) Sent: Thursday, 02 October, 2008 8:46 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items I would appreciate that also Christine if you don't mine. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com Sent: Thursday, October 02, 2008 12:35 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Sure! Computer Configuration\Administrative Template\Windows Components/Internet Explorer/Internet Control Panel/Advanced Page -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh Sent: Thursday, October 02, 2008 12:35 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] GPO For deleting Temp Items Christine - would you mind sharing the GPO you found to clean Temporary Internet ? I was thinking about writing a script to clean them upon logoff but GPO would be nicer. On Thu, Oct 2, 2008 at 12:29 PM, <Christine.Allen@salemfive.com> wrote: Hello, Does anyone know if there is a GPO to clean out the C:\Documents and Settings\Profile\Local Settings\Temp? I found one for Temporary Internet. If not, does anyone have a way to implementing this globally they would be willing to share? TIA -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. ****************************************************************** This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport ICT, Business Services via email.query@stockport.gov.uk and then permanently remove it from your system. Thank you. http://www.stockport.gov.uk ********************************************************************

jcastin1

Posts:5

10/03/2008 7:42 PM
Just a quick question... not trying to flame or flamebait... why would you use a 3rd party solution like Bit9 when you can block all software and create exemptions in AD with a GPO? Windows Server 2003 introduced Software Restriction policies. A number of software-restriction options are available, such as blocking files based on their hash value (which means renaming a file won't allow it to be run), and restricting based on code-signing levels: 1. Start the GPMC, and open a GPO to edit. 2. Right-click Software Restrictions, and select New Software Restriction Policies. 3. Two nodes will appear under Software Restriction Policies: Security Levels and Additional Rules. Select Security Levels. 4. Under Security Levels, three levels are displayed: Disallowed is for default blocking of all software, Basic User is for software that can run but will run without administrator credentials, and Unrestricted allows all software to run. Unrestricted is the default. Right-click on Disallowed and select the option to "Set as default". After you set Disallowed as the default, then add exceptions to Basic User/Unrestricted that can run. Thanks, Jesus ________________________________ From: ActiveDir-owner@mail.activedir.org on behalf of Christine.Allen@salemfive.com Sent: Fri 10/3/2008 12:47 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items First, I agree with all of you of the issue of corrupt profiles. I have not supported roaming profiles for that reason. Impatient users just shutting off their computers while logging off. No Bit9 does not delete, just alerts you and blocks the execution/installation of non approved software. Their methodology is to "whitelist" what you use, (i.e. word, excel, etc) and block everything else. So once we are in lock-down, only applications that are approved will be allowed to be executed. So, these polices are not going to be a daily thing. Just part of our due diligence of cleaning up the malicious stuff we have found. I don't plan on running this against everyone just those few that we have found with the code in their profiles. -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: Friday, October 03, 2008 12:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Dave- I tend to agree with what you are saying about giving users an opportunity to get frustrated enough to corrupt their profiles. Depending upon the environment, that risk is real and painful. Alternatives that mandate clearing out these files include using GP Preferences to distribute a Scheduled Task to these users that does the job on a semi-periodic basis, or relying on the user to do it. You can also configure TIF to be smaller to start with, so that the pain of deleting it on logoff is not so great. However, if the bottom line behind deleting the contents on a regular basis is to prevent bad code stored there from executing, then I tend to agree with the point you imply below that that is probably a band-aid. Users who explicitly choose to save code elsewhere, as opposed to just opening and running it from TIF or %temp% will not be prevented from anything unless you have a system in place that whitelists application code that you allow to run. I suspect that was Christine's motivation for a tool like Bit9 in the first place. Of course, maintaining whitelists is not trivial in any decent-sized organization, but certainly helps avoid many of the issues that might be caused by users indiscriminately downloading stuff. Darren From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dave Wade Sent: Friday, October 03, 2008 8:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items In the case of a logoff script, then its even worse because the users hit the switch while logging off and you will then certainly get a damaged profile. As for nastiest in there, yes that's where usually live, because thats where IE caches them. Any thing elsewhere is there because the user put it there. I was going to say if Bit9 detects them doesn't it delete them then? Dave Wade Business Services I.C.T. 0161 474 5456 ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com Sent: 03 October 2008 16:26 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items I meant a logoff script. Good point about the bandwidth. The reason for this is that we have implemented a new white listing application Bit9. We have found that most of the malicious content is found both in the temp and Internet temp directories. -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dave Wade Sent: Friday, October 03, 2008 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items If you want to avoid damaged profiles, can I strongly suggest that you test this on a "real" machine with a typical quantity of files in these folders. I would expect that the first time you run it, there will lots of files and it will be slow, and the users will get fed up waiting for the machine to shut down, and then force power down the machine by pulling the wall plug. I also wonder about its effect on external network bandwidth. By clearing the local cache folks will always retrieve the external page. Depending on the type of proxy you use the effect could be significant Dave Wade Business Services I.C.T. 0161 474 5456 ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: 03 October 2008 14:52 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Christine- Keep in mind that if you do this in a shutdown script, it may not have access to any user's %temp% at that point. In fact, it most likely won't, since the user has already logged off by the time shutdown scripts run. Instead, you probably want to use a logoff script, which is per-user and runs as the user is logging off. Darren ** Darren Mar-Elia CTO & Founder SDM Software, Inc. "The Group Policy Experts" www.sdmsoftware.com <http://www.sdmsoftware.com/> Automate Group Policy audits and changes with the GPExpert(tm) Scripting Toolkit http://www.sdmsoftware.com/group_policy_scripting From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com Sent: Friday, October 03, 2008 6:19 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Thanks, I found that. I was looking for a GPO to delete the temp directory in the user's profile. I'm going to have a shutdown script delete them as well as implement the GPO for Temp Internet files. Thanks all for your suggestions! -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Paul Loonen Sent: Friday, October 03, 2008 9:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items You can actually delete temporary files when you close internet explorer by configuring group policy: The setting is configured in Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page (you have this both for users and computers) Paul. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Haralson, Joe (GE Comm Fin, non-GE) Sent: Thursday, 02 October, 2008 8:46 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items I would appreciate that also Christine if you don't mine. ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com Sent: Thursday, October 02, 2008 12:35 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Sure! Computer Configuration\Administrative Template\Windows Components/Internet Explorer/Internet Control Panel/Advanced Page -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh Sent: Thursday, October 02, 2008 12:35 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] GPO For deleting Temp Items Christine - would you mind sharing the GPO you found to clean Temporary Internet ? I was thinking about writing a script to clean them upon logoff but GPO would be nicer. On Thu, Oct 2, 2008 at 12:29 PM, <Christine.Allen@salemfive.com> wrote: Hello, Does anyone know if there is a GPO to clean out the C:\Documents and Settings\Profile\Local Settings\Temp? I found one for Temporary Internet. If not, does anyone have a way to implementing this globally they would be willing to share? TIA -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. ****************************************************************** This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport ICT, Business Services via email.query@stockport.gov.uk and then permanently remove it from your system. Thank you. http://www.stockport.gov.uk ********************************************************************

danholme

Posts:128

10/03/2008 10:30 PM
There are VERY good reasons for Bit9, and they revolve around the manageability of software restrictions. If you're interested in software restrictions or White List, check it out. It's pretty amazing. I have some clients who couldn't achieve pure whitelist environments without it, and I'd be surprised if many if any organizations can get to a pure whitelist environment without it. I say that because a MS muckety-muck told me flat out that they didn't believe customers could get to whitelist without third party tools. Dan From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Castineira, Jesus (ETSD) Sent: Friday, October 03, 2008 1:39 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Just a quick question... not trying to flame or flamebait... why would you use a 3rd party solution like Bit9 when you can block all software and create exemptions in AD with a GPO? Windows Server 2003 introduced Software Restriction policies. A number of software-restriction options are available, such as blocking files based on their hash value (which means renaming a file won't allow it to be run), and restricting based on code-signing levels: 1. Start the GPMC, and open a GPO to edit. 2. Right-click Software Restrictions, and select New Software Restriction Policies. 3. Two nodes will appear under Software Restriction Policies: Security Levels and Additional Rules. Select Security Levels. 4. Under Security Levels, three levels are displayed: Disallowed is for default blocking of all software, Basic User is for software that can run but will run without administrator credentials, and Unrestricted allows all software to run. Unrestricted is the default. Right-click on Disallowed and select the option to "Set as default". After you set Disallowed as the default, then add exceptions to Basic User/Unrestricted that can run. Thanks, Jesus ________________________________ From: ActiveDir-owner@mail.activedir.org on behalf of Christine.Allen@salemfive.com Sent: Fri 10/3/2008 12:47 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items First, I agree with all of you of the issue of corrupt profiles. I have not supported roaming profiles for that reason. Impatient users just shutting off their computers while logging off. No Bit9 does not delete, just alerts you and blocks the execution/installation of non approved software. Their methodology is to "whitelist" what you use, (i.e. word, excel, etc) and block everything else. So once we are in lock-down, only applications that are approved will be allowed to be executed. So, these polices are not going to be a daily thing. Just part of our due diligence of cleaning up the malicious stuff we have found. I don't plan on running this against everyone just those few that we have found with the code in their profiles. -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: Friday, October 03, 2008 12:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Dave- I tend to agree with what you are saying about giving users an opportunity to get frustrated enough to corrupt their profiles. Depending upon the environment, that risk is real and painful. Alternatives that mandate clearing out these files include using GP Preferences to distribute a Scheduled Task to these users that does the job on a semi-periodic basis, or relying on the user to do it. You can also configure TIF to be smaller to start with, so that the pain of deleting it on logoff is not so great. However, if the bottom line behind deleting the contents on a regular basis is to prevent bad code stored there from executing, then I tend to agree with the point you imply below that that is probably a band-aid. Users who explicitly choose to save code elsewhere, as opposed to just opening and running it from TIF or %temp% will not be prevented from anything unless you have a system in place that whitelists application code that you allow to run. I suspect that was Christine's motivation for a tool like Bit9 in the first place. Of course, maintaining whitelists is not trivial in any decent-sized organization, but certainly helps avoid many of the issues that might be caused by users indiscriminately downloading stuff. Darren From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dave Wade Sent: Friday, October 03, 2008 8:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items In the case of a logoff script, then its even worse because the users hit the switch while logging off and you will then certainly get a damaged profile. As for nastiest in there, yes that's where usually live, because thats where IE caches them. Any thing elsewhere is there because the user put it there. I was going to say if Bit9 detects them doesn't it delete them then? Dave Wade Business Services I.C.T. 0161 474 5456 ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com Sent: 03 October 2008 16:26 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items I meant a logoff script. Good point about the bandwidth. The reason for this is that we have implemented a new white listing application Bit9. We have found that most of the malicious content is found both in the temp and Internet temp directories. -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dave Wade Sent: Friday, October 03, 2008 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items If you want to avoid damaged profiles, can I strongly suggest that you test this on a "real" machine with a typical quantity of files in these folders. I would expect that the first time you run it, there will lots of files and it will be slow, and the users will get fed up waiting for the machine to shut down, and then force power down the machine by pulling the wall plug. I also wonder about its effect on external network bandwidth. By clearing the local cache folks will always retrieve the external page. Depending on the type of proxy you use the effect could be significant Dave Wade Business Services I.C.T. 0161 474 5456 ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: 03 October 2008 14:52 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Christine- Keep in mind that if you do this in a shutdown script, it may not have access to any user's %temp% at that point. In fact, it most likely won't, since the user has already logged off by the time shutdown scripts run. Instead, you probably want to use a logoff script, which is per-user and runs as the user is logging off. Darren ** Darren Mar-Elia CTO & Founder SDM Software, Inc. "The Group Policy Experts" www.sdmsoftware.com <http://www.sdmsoftware.com/> Automate Group Policy audits and changes with the GPExpert(tm) Scripting Toolkit http://www.sdmsoftware.com/group_policy_scripting From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com Sent: Friday, October 03, 2008 6:19 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Thanks, I found that. I was looking for a GPO to delete the temp directory in the user's profile. I'm going to have a shutdown script delete them as well as implement the GPO for Temp Internet files. Thanks all for your suggestions! -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Paul Loonen Sent: Friday, October 03, 2008 9:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items You can actually delete temporary files when you close internet explorer by configuring group policy: The setting is configured in Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page (you have this both for users and computers) Paul. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Haralson, Joe (GE Comm Fin, non-GE) Sent: Thursday, 02 October, 2008 8:46 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items I would appreciate that also Christine if you don't mine. ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Christine.Allen@salemfive.com Sent: Thursday, October 02, 2008 12:35 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO For deleting Temp Items Sure! Computer Configuration\Administrative Template\Windows Components/Internet Explorer/Internet Control Panel/Advanced Page -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. ________________________________ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh Sent: Thursday, October 02, 2008 12:35 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] GPO For deleting Temp Items Christine - would you mind sharing the GPO you found to clean Temporary Internet ? I was thinking about writing a script to clean them upon logoff but GPO would be nicer. On Thu, Oct 2, 2008 at 12:29 PM, <Christine.Allen@salemfive.com> wrote: Hello, Does anyone know if there is a GPO to clean out the C:\Documents and Settings\Profile\Local Settings\Temp? I found one for Temporary Internet. If not, does anyone have a way to implementing this globally they would be willing to share? TIA -Christine Christine N. Allen Sr. Systems Engineer Salem Five 210 Essex Street Salem, MA 01970 978-720-5928 christine.allen@salemfive.com This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message. ****************************************************************** This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport ICT, Business Services via email.query@stockport.gov.uk and then permanently remove it from your system. Thank you. http://www.stockport.gov.uk ********************************************************************

darren

Posts:160

danholme

Posts:128

You are not authorized to post a reply.

Page 2 of 2

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] GPO For deleting Temp Items

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads