PDA

View Full Version : Disabling History in Internet Explorer 6



sweetinnocence
31-07-2007, 03:42 PM
Hi People,

I am setting up some Kiosks for work that allow staff to login to a site and view their payslips, employment history and leave entitlement ,etc.

I need to disable the history in Internet Explorer through the use of Group Policys on our domains OU and i can't seem to work out how to disable this from the View -- Explorer Bar -- History or Ctrl + H.

I have already tested setting the History to 0 days, but the thing is it will remember history until you turn it off, these PCs are set to never be turned off as their is no 'Log Off' button.

Payslips are kept in a pdf so it makes it easy for users to view these through history after logging out of their account, which we don't want.

I've searched the internet, the closest i got was a registry edit for Internet Explorer 5.5, sadly the path it took me to didn't exist.

Help would be much appreciated, as this has me stumped.

winmacguy
31-07-2007, 04:09 PM
For something like that I would suggest Firefox due to it being a more secure browser especially were personal information is concerned.

wratterus
31-07-2007, 04:12 PM
I'd second that - IE6 has a few rather serious security issues. Im not sure about IE but FF has an option to "always clear private data when I close Firefox" You can also automatically delete cookies, saved form/passowrds etc etc on a daily basis, IE is not nearly that customizable.

winmacguy
31-07-2007, 04:15 PM
Failing that a simple script might be required to remove the browsing history once the person has logged out.

sweetinnocence
31-07-2007, 04:33 PM
one problem, our network doesn't really support FireFox, and the group policy is set to not allow Internet Explorer to be closed. We're in a corporate environment, so people squeal when it's not what's standard.

Speedy Gonzales
31-07-2007, 04:36 PM
What version of windows are we talking about?

2000? XP? Server?

Or are we talking about some other OS?

zqwerty
31-07-2007, 04:36 PM
Get rid of history:

http://www.tweakxp.com/article37141.aspx

then:

Disable History Modification:

http://malektips.com/internet_explorer_6_privacy_cookies_0009.html

Don't know if that will be enough but worth a try.

wratterus
31-07-2007, 04:38 PM
Hmm that makes things compliacted. FF will delete data every day without closing anything... IE on the other hand....I can't find an option to do that without manually clicking stuff. It loosk like winmacguy's idea of running a script might be the easiest...

Graham L
31-07-2007, 04:40 PM
How about setting up the kiosks on thin clients? Have the OS (including IE) downloaded from a server for each session. Your application is handling private information, so you don't want histories or files hanging around in caches. That should be pretty secure. ;)

sweetinnocence
31-07-2007, 04:53 PM
If only it was that simple, with thin client... we already have 6 new Fat PCs ;-)

i think the scripting solution would be the best answer at this stage, would need to get our guys who look after our website to edit this.

Thanks though

Speedy Gonzales
31-07-2007, 04:54 PM
I see IE 6 and 7 can use Kiosk mode.

Which by the looks of it, removes everything.

Would that fix it?

sweetinnocence
31-07-2007, 05:06 PM
possibly, how do i do this??

Speedy Gonzales
31-07-2007, 05:09 PM
Info here (http://support.microsoft.com/kb/154780\)

And here for IE 7 (http://samanathon.com/internet-explorer-7s-kiosk-mode/)

Which looks pretty similar to what u do in IE 6.

sweetinnocence
01-08-2007, 09:08 AM
this still gives them the option to press Ctrl + H to get to the History.

good thought tho!

Speedy Gonzales
01-08-2007, 10:21 AM
this (http://malektips.com/internet_explorer_6_privacy_cookies_0009.html)

Might fix that

Graham L
01-08-2007, 04:37 PM
It looks as if the Kiosk mode is designed for use in "public" mode, with access only to a particular web "site", with no particular security except that. That might be OK: the individual's information would be password protected; they should be able to access only their own, whatever's in the history files. Try it out. ;)

You don't have to have Windows installed on a PC's own disk. You can use it as a client, with the software coming from a server. Each user would have to log in, and they might accumulate their own history files, or you could have such things wiped as part of the logout procedure. This would be more work, but could be really locked down.

sweetinnocence
02-08-2007, 09:53 AM
We were thinking we might be able to get the script changed on the page so that the local history is deleted once the user logs out, as the user can not close Internet Explorer, they dont have access to anything other than the webpage, no buttons, but if they knew to hit Ctrl + H this brings up history. Payslips are in a pdf file, these are the only files which open from the history, this is the reason for concern.

The other thing we could look at is the disabling of Ctrl, Alt (shortcut keys), or if i could somehow change the Ctrl + H to something other than opening the History. Anyone know how to do this???


Cheers for your help.

Graham L
02-08-2007, 04:25 PM
Surely just deleting the history isn't sufficient security on the pdf files? If I can look at my pdf file, I can look at the address bar and make a good guess at the filename of your pdf file. And the boss's pdf file. ;) If they are in the same directory, I can see them. Security by obscurity doesn't work. It's not even very obscure. :(

I think what's needed is a password protected directory for each employee. Then most of the implementation and security problems will go away. You might not even need the kiosk computers. ;)

sweetinnocence
03-08-2007, 03:05 PM
Thank you everyone for all your help.

I have found the solution just by playing with the Registry:

To Disable History in Internet Explorer:
Browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\User Shell folder

and change both History and Cache entries to something different, i.e. C:\historydelete\.

Now when you open the History inside Internet Explorer when Ctrl+H is executed, nothing is displayed.

Graham L
03-08-2007, 03:33 PM
I still feel that the history should not matter. Noone should be able to access a file without the appropriate access privilege. Have you got enough security to maintain privacy?

What happens to cached files? Can you see those without access control?

sweetinnocence
04-08-2007, 05:33 PM
users dont have access to windows explorer or any drives. There are no shortcuts on the desktop other than a link back to webpage in kiosk mode if the browser ever crashes, the start menu also has nothing on it for them to access, so i have tided it down. Most things are restricted by group policy, so they don't have access to right clicking or the cmd prompt either.

so i think i have it locked down enough