5 replies to this topic

[xendrome]

So, either it doesn't exist or I am missing something. After installing the Google Chrome GPO into my Central Store and creating a policy to apply to users in the domain, everything is working fine. However I don't see any way to prevent the usage of "Clear all browsing data..." under history.

Anyone else have any experience with this, am I missing it or did they leave this option out for some reason. And if they did, any other ways to prevent it's usage?

[Charisma]

I *think* the workaround is to click "clear history" and then untick all the boxes, then click OK, so that nothing is actually ticked to delete and the button effectively does nothing. AFAIK it saves that setting.
Not sure how to disable it altogether.

[xendrome]

Charisma, on 15 January 2013 - 15:16, said:

I *think* the workaround is to click "clear history" and then untick all the boxes, then click OK, so that nothing is actually ticked to delete and the button effectively does nothing. AFAIK it saves that setting.
Not sure how to disable it altogether.

Right but in the group policy, none of those options exist, I need to deploy it across our network to all clients. That's the main issue.

[+sc302]

don't allow people to use chrome
use a webfilter so that they can pretend to delete their history all day long (they cant delete webfilter history, tying their history to their username regardless of where they sign on to)

I would strongly opt for #2. There are other things that you can do that will capture history that arent free and can't be deleted by the individual even if they choose to nuke their computer.

[xendrome]

sc302, on 15 January 2013 - 15:21, said:

don't allow people to use chrome
use a webfilter so that they can pretend to delete their history all day long (they cant delete webfilter history, tying their history to their username regardless of where they sign on to)

I would strongly opt for #2. There are other things that you can do that will capture history that arent free and can't be deleted by the individual even if they choose to nuke their computer.

Yeah I have considered blocking chrome domain wide, problem is over half of our systems are running XP with IE8, and that brings into play some issues with HTML5 sites not rendering correctly.

Any suggestions on a a web-filter/logger that either works locally as a client app with a central management console, or something that runs through like a proxy server. Network is all Windows Domain/OS based.

[+sc302]

proxy
squid proxy with squid guard (free)
pfsense with squid guard (free)
websense
barracuda webfilter
bluecoat webfilter
forefront threat management gateway
safesquid
gfi webmonitor
sonicwall with the webfilter addon

software
k9 (free for personal use)
spector

I have used websense, k9, sonicwall, and the barracuda. There are many more out there. The 2 appliances (sonicwall and the barracuda) and the software websense, can be set up as a pass through that integrate with active directory. They log who what where and when, they can be setup to just monitor or setup to block certain things like viruses, porn, gaming, as well as specific applications like skype and yahoo instant messenger. You can leave it as relaxed (no other options other than monitoring) or tighten your grip either on a specific user or group of users limiting them to 1 website during the times of 12:00 and 1:00 and denying them complete access to the internet at all other times and all they would be able to go to is basketweaving.com during those times or maybe hampsterdance.com. How you choose to implement is up to you.

All of these mentioned will integrate with active directory.