A friend of mine has Windows 2000 with two separate logins, one for himself, as admin, and one for his 13-year-old son, as a user. He is mildly concerned about what his son does on the internet, but doesn’t like any of the net nanny programs, since they are designed by people with a different understanding of what’s appropriate for a 13-year-old that he has. So what he wants to do keep a log of his son’s temporary internet files, just to be sure he’s following the guidelines they’ve discussed. He needs his son to be able to add to it, but not delete anything from it. Is there a simple way to do this?
No offense, but it’s been my experience that most 13 year old kids can manipulate computers better than their parents, so if he’s not saavy enough to clear his temp files I’d be very surprised.
That said, I’d write a batch file that would copy the contents of the ‘temp’ folder to another folder on the system, and set up that file to run automatically on startup or shutdown.
That idea won’t work very well for two reasons.
Reason 1. The listing you see when you go into IE’s “View Temporary Files” feature is synthetic. They aren’t really stored on disk that way.
You can see that by going to the subfolder Content.IE5 or Content.IE6. In there is a single file named index.dat, and a bunch of subfolders with names like “2DTURQH4”. Each of those subfolders in turn holds the actual files downloaded from a particular site path. The filenames themselves aren’t of much use, since the name is something like help_button[1].gif or ie5[1].css. In other words, the names do NOT include the URL from whence they came.
The index.dat file contains the encoded information to associate each subfolder (say “2DTURQH4”) with a specific URL (say www.google.com). When you use the IE “View Temporary Files” feature, it’s processing the index.dat file to provide the Internat Address column, which is the one the OP really needs to see.
Reason 2: Triggering a copy to a secret backup location at shutdown or logoff can be defeated by the kid manually clearing his temp files before shutdown. You’d need to set something up that made additive copies every minute or so to stop that.
Some possible solutions:
I spent a few minutes with the Windows file access audit facility, which is part of Windows’ massive built-in security feature set that nobody except pros even knows exists, much less uses. Unfortunately, it suffers from the same problem as the batch file backup: Knowing that a file named “help_button[1].gif” was created in folder “C:\Documents and Settings\KidsName\Local Settings\Temporary Internet Files\Content.IE5\2DTURQH4” at 09:53:01 doesn’t help you to know which URL it came from.
So that’s no good.
If they’re using a software firewall, and they darn well better be, that may provide the answer. At home I use Norton Internet Security 2004. I’ve also used the 2002 and 2000 versions. Every versiopn includes a feature that automatically logs every URL visited. You can set up parental controls (or simply using their differing Windows UserIDs) such that all URLs are logged but the kid’s account lacks the horsepower to turn off NIS or to clear the log. You can leave all the other “nanny” features off.
I bet that whatever firewall program they’re using has similar capabilities. The kid can bypass that by killing the firewall program’s processes, but if he’s that aggressive the parent will need a 6-month course in serious WinAdmin skills to lock the PC down to where the kid can’t run amok. And at that point we have more of a parenting issue than a technical one.
Sorry, I typed “copy the contents of the ‘temp’ folder” while I was thinking "copy the contents of the ‘cookies’ folder.
Doesn’t make it any harder to circumvent though.
To be honest, why doesn’t your friend buy some actual software. There has GOT to be something out there that keeps this kind of information. Hell, get a firewall that blocks certian sites, or at least some sort of reporting tool.
It’s actually my fault that he didn’t just buy some software. I was convinced there would be an easy way to do this. Using Properties, you can make just about any folder hidden, which my friend, as admin, would be able to see, but “users” could not. The internet folders’ properties don’t have that option, though. We didn’t even try using the firewall program. Perhaps that’s the next step.
since answers have been given, here MHO: software spys/nannies/whatever installed on your typical rebellious teenagers’ computer are just begging to be circumvented. education and placing the computer in a ‘public’ area is a better solution i think.
Why use Net Nanny when a perfectly good solution is built right in? Group Policy allows you to prevent users from changing or deleting their Internet History. No reason to bother with temporary IE files when you can always view a list of every site he visits! Under the son’s account, you’ll want to make sure IE history is enabled, and pages are kept in history for 99 days (for convenience).
Here’s what you do (under an account with Admin membership):
-Open Run
-Type ‘gpedit.msc’
-Expand ‘User Configuration’
-Expand ’ Administrative Templates’
-Expand ‘Windows Components’
-Click on ‘Internet Explorer’
-Double click on the entry in the right-hand pane labelled ‘Disable Changing History Settings’ - This may just be called ‘History Settings’ on Win2k…can’t remember
-Change the option to ‘Enabled’ and click ‘OK’
-Exit gpedit.
Now the son’s history can’t be deleted or changed, and you have a log of all the websites he’s visited for the past 99 days. Group Policy is very powerful, but I wouldn’t recommend fooling around in there unless you know what you’re doing. It’s very easy to get carried away making the ultimate locked-out profile for users :rolleyes:
Oh, and good luck finding a 13-year old that can bypass that 