[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.] Locking down IE - THE OFFICIAL BLOG OF THE SBS DIVA
Sun, Feb 20 2011 22:05 bradley

Locking down IE

Want to lock down your Internet Explorer browsers so that people in your office can't delete potentially good forensic evidence?

There's a setting inside of IE where you can delete IE history.  Conversely there's a group policy setting where you can set it so that a certain number of days are kept at all times.

To set this go into Group policy management console

User Configuration, Policies, Administrative Templates, Windows Components, then Internet Explorer

In that section you'll see lots of options that align with the menu options in IE.

Now before you say... well gee IE is the most attached browser, why are you still using that?  These days the bad guys are targeting ALL of the browsers as Alun points out in this blog post:  http://msmvps.com/blogs/alunj/archive/2011/02/06/1787759.aspx

Filed under:

# re: Locking down IE

Monday, February 21, 2011 12:28 AM by Bryan Price

I take it that that somebody in the know can, if they have admin access under Vista and Win 7, and not much else needed for XP, still delete those files.  Just not through IE.

# re: Locking down IE

Monday, February 21, 2011 12:45 AM by bradley

Two things... first assumption admin access, secondly even if you delete forensically unless you wipe the drive you don't really delete.

# re: Locking down IE

Monday, February 21, 2011 5:34 AM by Ben Krause

Unless they logon as another user and delete their index.dat file you could analyze that.  It holds history almost since the beginning of time. (of that user)