Clean up Those Pesky Temporary Internet Files Using Group Policy Preferences

by [Published on 10 July 2008 / Last Updated on 10 July 2008]

One way to improve the protection of desktops and the network is by cleaning up Temporary Internet files. By cleaning up these files, you can protect the desktop and network from being invaded by malicious files.

I think we are all on the same page when it comes to understanding the issues that surround the problems that certain files that are obtained from the Internet can cause on a single system and the entire network. We try every possible configuration, firewall setting, phishing settings, malware, adware, and virus protection to stop these malicious attacks. Still, the Internet poses a risk that must be protected. One area of Internet Explorer that you can “aid” in protecting desktops and the entire network is in the area of cleaning up the Temporary Internet files that are downloaded during user browsing Web pages. By cleaning up these files, you can help protect the desktop and the network from being invaded by malicious files.

Default Location of Temporary Internet Files

When Internet Explorer launches for the first time, it starts to immediately store files that it puts into the browser interface for faster access time the next time the Web page is viewed. The default location for these Temporary Internet Files is under a different location depending on the version of Windows that you are using. Here is the breakdown of the file location per Desktop OS:

OS Version

Path to Temporary Internet Files

Vista

C:\Users\<name>\AppData\Local\Microsoft\Windows\Temporary internet Files

XP

C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files

2000

C:\Documents and Settings\username\Local Settings\Temporary Internet Files

Manually Controlling the Temporary Internet Folder Contents

When you are sitting at the console of your Windows desktop and you want to ensure that the files that you were just viewing are not stored on your computer anymore, you can clean those files up. Let’s say that you were just working away at your desk and remembered that you needed to book the hotel reservations for that vacation that is coming up. You head out to your favorite hotel reservation Web site, I prefer www.yahoo.com\travel, and do searching on that killer all-inclusive resort in Cancun, Mexico. After an hour of reviewing the resorts, tours, transportation, nightlife, and child care accommodations, you realize that your computer just stored nothing but paradise pictures and files on your work computer. You need to clean these up!

To clean these up, you can go into the Internet Explorer tools, which on my Vista computer running IE 7, is under the Tools dropdown list and select Internet Options. The Internet Options dialog box appears, as shown in Figure 1.


Figure 1: Internet Options dialog box is used to configure IE settings

On the default tab, the General tab, you will find an entire section on Browsing History. Here, you have a button labeled Delete, which will delete the history of the Internet Explorer. With the new versions of IE, you can control what is being deleted, such as Temporary Internet Files, Cookies, History, Form data, and Passwords. Obviously, we are mostly concerned about the Temporary Internet Files here. When you select the Delete Files button, you will initially be asked to confirm your selection, which upon clicking it, will delete the files in the Temporary Internet Files folder.

Using Group Policy Preferences to Delete Files

When you crack open a GPO in Windows Server 2008 or Windows Vista SP1, you will find a new set of GPO settings that fall under the Preferences node. The setting that we want to focus on can be found under either the Computer Configuration node or the User Configuration node. The path to our setting is the same under each node: Preferences\Windows Settings\Folders.

When you get to this node, right-click Folders, then select the New - Folder. This will open up the New Folder Properties dialog box, as shown in Figure 2.


Figure 2: Group Policy Preferences Folder Policy

Within this policy, you will need to configure the Action of the policy, as well as the path to the folder that you want to control initially. The action mode that you want to configure is Delete, obviously. Then, you will type in the path to the Temporary Internet Files based on the operating system that you are targeting. Finally, you will need to select the check box that is labeled Delete all files in the folder(s) to ensure that you remove all of the files in the Temporary Internet Files folder.

One of the great benefits of using the Group Policy Preferences via Group Policy is that it adheres to the background refresh that Group Policy possesses. This occurs every 90 minutes (give or take 30 minutes either way) on all computers that process Group Policy. Thus, the files will be deleted from all computers that the GPO targets within a two hour period!

Targeting the Correct Operating System

Now, you will need to have some solution in order to target Windows Vista computers versus Windows XP computers, since they have different paths to the Temporary Internet Files location. You could develop some elaborate OU design scheme which has your Windows XP desktops located under a WindowsXP OU and your Windows Vista desktops located under a WindowsVista OU. This would work, but consider that you would potentially have to redesign a portion of your Active Directory structure.

As an alternate solution, that fits into the Windows Server 2008/Vista Group Policy Preferences, you can use Item-level Targeting to ensure that the GPO setting “hits” the correct OS version. To set up Item-level targeting for your GPO settings to erase the files for XP and Vista, you will need to create two different Folder Policies. Then, for each policy setting, you will configure a “target”.

Item-level targeting is configured inside of the GPO setting, by clicking on the Common tab, as shown in Figure 3.


Figure 3: The Common tab allows you to configure an item-level target

When you click on the Targeting button, you will have the Targeting Editor dialog box open. To configure the operating system version for your policy, select the New Item dropdown list and select Operating System. Within the bottom pane, select the dropdown list for Product. Choose either Windows XP or Windows Vista, depending on the path you input for the policy setting, as shown in Figure 4.


Figure 4: Item-level targeting allows you to target computers running a specific operating system version

You can configure both Folder Policies in the same GPO if you , since the targeting action will delineate the correct path to the proper operating system version. After you configure each of your policy settings for Windows XP and Windows Vista, you will be cleaning up the Temporary Internet files on all desktops on an interval of every 90 minutes or so.

Summary

Cleaning up the Temporary Internet Files folder is important to all desktops on your network. This will protect the desktops from malicious files that want to attack the local system, as well as the entire network. The temporary files can be cleaned manually, but as a proactive network admin, you will want to clean these up for your users periodically. By using the Group Policy Preferences you can have this action done every 90 minutes or so. The settings are easy to configure and with item-level targeting, you can ensure that the correct path of the temporary files matches the correct operating system version.

Featured Links