Track Users IE History on a Domain

[DriftGrant]

Hi Guys,

 

Looking for some advice on where I'm going wrong! trying to 'track' users history on a 2008 domain with xp clients. I dont have access to the firewall as its located at our LEA, and the head has asked me to make it user specific.

 

I wrote this little script using IEHistoryView to record users history (to run on logoff) into a hidden share on my server, but when I test it on staff and student accounts it creates blank html documents!

 

@echo off
mkdir \\srv1\ielogs$\%username%
\\srv1\Apps\iehv\iehv.exe /shtml \\srv1\ielogs$\%username%\History.html -user %username%

 

Its not permissions as iehv.exe is in a location every user has read access too and the share 'ielogs$' users have modify permissions.

 

TL;DR need to track staff and student usage and be user specific

 

Thanks in advance

 

Grant

[Ric_]

This will never be as reliable as putting a proxy in between to record what is being requested. IE can have its history cleared easily and the magic of InPrivate browsing prevents the history being generated in the first place.

[DriftGrant]

This will never be as reliable as putting a proxy in between to record what is being requested. IE can have its history cleared easily and the magic of InPrivate browsing prevents the history being generated in the first place.

 

Thanks for the reply Ric_

 

I've gone nazi and put a GPO inplace to ban deleting history and disabling InPrivate browsing. Need to get this setup asap to track a naughty user

[featured_spectre]

why not have an ISA server put between your domain and the outside connection? you can see EVERY request then, and also set up a blacklist for sites you dont like but the LEA have allowed through?

[DriftGrant]

didn't really want to go down that route, I like the idea of html logs of the users history just cant seem to get it to work!

[featured_spectre]

see the thing with HTML logs, is that you have to spend ages getting it to work. With ISA, its just a separate box, can be disconnected if needed too, and you can view all requests from specific IPs if you wish! much faster than sifting through HTML logs, but hey, if its what works for you then go for it! good luck in your endeavour

 

(None of that was meant to sound sarcastic by the way!)

[3s-gtech]

We do this with a similar script - inprivate and history deletion is turned off. Works well, only fails when they pull the plug rather than log off. It's a rather lengthy .vbs script that we run, I can share it if needed - think it was sourced from here originally though.

[jmcdermott]

using the IEHistoryView process here in the same way, but having a web server scan the loggs and transfer all data to an mysql database. Works well.

[OutToLunch]

using the IEHistoryView process here in the same way, but having a web server scan the loggs and transfer all data to an mysql database. Works well.

 

Do you then print out the logs and tape them to a nice wooden table for photos?

[jmcdermott]

Do you then print out the logs and tape them to a nice wooden table for photos?

 

only occasionally, most the time just pull up a web page containing statics on one student when asked by student support staff which looks good but means nothing at all. With the way safeguarding is going having a good log which you do not have to do anything to maintain is a good idea.

[DriftGrant]

We do this with a similar script - inprivate and history deletion is turned off. Works well, only fails when they pull the plug rather than log off. It's a rather lengthy .vbs script that we run, I can share it if needed - think it was sourced from here originally though.

 

would be nice if you could share that please! :-)

[vttech]

Where you able to solve this issue? could you share this script please?

Thanks.

[qcomer]

I have an admin template for group policy that allows you to redirect all shell folders for users.

 

One of the techs from our county office of education uses this same setup to redirect students' history to a hidden network share and then gives the guidance councelor permission to view those files.

 

I could share the template with you if youd like.