Tuesday, January 31, 2006

Logoff Script to delete Temporary Internet Files, History and Cookies

I've shown my wife on multiple occasions how to do IE maintenance on her computer. She just can't seem to grasp the concept. Her computer is not the fastest thing in the world (It's a PIII 800), but she only uses it for e-computing (Ebay, Email, E-Mule). So instead of just getting angry with her when she complains about her computer slowing down because she has a million files in her Temporary Internet Files folder, I wrote a logoff script and applied it to her computer. This is how I did it.

First of all, my Logoff Script includes the use of sdelete.exe from sysinternals.com. If you don't have this, download it and install the executable in your c:\windows\system32 directory.
The Logoff Script deletes everything in the temp folders, the Temporary Internet Files folder, purges the history, and deletes all cookies. It also creates a log file showing when the logoff script was last run. You can download my logoff script from HERE. This is basically the same script that I posted earlier in my Secure Desktop post.

Take the batch file and copy it in your %SystemRoot%\system32\GroupPolicy\User\Scripts\Logoff directory. You may not have the "Scrpts\Logoff" part of this path, if you don't, create these directories so you have this full path.

Now let's edit the Group Policy for this workstation.

1. Login as a local Administrator
2. Click on the start menu and select "Run"
3. Type "gpedit.msc" - this will open the Group Policy Editor
4. Under "User Configuration", expand the "Windows Settings"
5. Click on "Scripts"
6. In the right pane, double click "Logoff", this will open the "Logoff Properties"
7. Now we need to add the batch file, click on "Add", The "Add a Script" box will appear
8. Click "Browse" and select the batch file.
9. Hit OK and then close everything including the Group Policy Editor

Your logoff script in now set to run whenever you logoff the computer.
Now the problem is forcing her to logoff now and then. My wife doesn't do this, so I created a scheduled task that does it for her. I Create a new scheduled task. I put "C:\WINDOWS\system32\logoff.exe" in the run menu, I scheduled it to run weekly at about 4:00 AM. I also set the job to make sure that the computer has been idle for at least an hour before it tries to logoff.

Thursday, January 26, 2006

Installing the winexit screensaver using AD Group Policy

I was asked last week to create an install package that would enforce what my company calls an electronic clean desk policy. I work for a large Business Process Outsourcing company that does quite a bit of data entry – mostly outside the U.S. We have about 20,000 employee doing data entry. Most of the data entry is done from scanned images. Those scanned images can be health claims, insurance claims or credit card applications. We call the images/data PII or Personal Identifiable Information. If the image or data contains a first name, last name and identifying number, then it’s classified as PII.

Our electronic clean desk policy states that PII must be shredded from a workstation after the employee has finished their shift. It also states that the shred should be automatic, if a user fails to do it manually. Our data-entry is done using internet explorer, so the images and data is cached in the user’s profile. This is either in the temp folder or the Temporary Internet Files.

My solution was to create a logoff script that uses SDELETE.EXE from sysinternals.com. The logoff script will shred everything in the temp and Temporary Internet Files when a user logs off. Data Entry Operators are requested to logoff whenever they leave their workstations.

If a user forgets to logoff, then the computer must automatically logoff. The only way I found to do this was to use the Windows Logoff Screensaver that is included in the 2003 Server Resource Kit.

The screen saver has problems. For one thing, there is no good way to distribute it. It just comes as a .scr file. It would be impossible to copy it to every workstation. The other problem is that it has a significant bug. It requires read/write access to a registry key as described in KB Article 15677. I found a way to get around these issues. I created an MSI file that will create the required registry key, and then give all users access to it. The MSI file can be deployed as a package within AD.

I have supplied the installation package which includes the logoff script and install instructions and the screensaver HERE. Before you can deploy this in a domain, you have to edit the MSI file so that it includes your domain name within the MSI. Everything you need to deploy the Windows Exist Screensaver is in the package. It’s a little complicated, but it should only take about an hour to deploy.

The package also includes a group policy administrative template. The template originally came from David Carlin and posted on his blog at http://blog.case.edu/djc6/.

Let me know what you think.

Wednesday, January 25, 2006

Yahoo Mail bug = Yahoo Customer No Service!

I use my yahoo account soley for newsgroups. It's convenient because many of the groups and user lists I subscribe to are yahoo groups. I've decided to stop using my yahoo account for this after an unfortunate incident with yahoo mail yesterday.

I was going to respond to a post in the eventum users discussion list when I decided I would do it later. Instead of hitting the back button, I accidentally hit the "Send" button to the empty reply. I panicked! I quickly proceeded to hit the "Cancel" button as many times as possible. I hit that cancel button 17 times. I know this because my blank response was posted to the Eventum user discusion list 17 times. Hitting the cancel button in yahoo, after you have hit "send", will actually resend the email. And if you are like me and tend to hit cancel many times, yahoo will graciously send the email that many times for you.

I was really embarrassed. There are probably hundreds of people who belong to that list, each getting 17 emails. I probably produced 5000 emails are more by using the yahoo cancel button.

So I sent an email to yahoo customer support. They have a difficult to find web form that you fill out. Here is what I entered:

Mail-Id: 1138119877-295
> Name: Travis Pierce>
> Yahoo! ID: travispierce70>
> Type of feedback: Problem>
> Problem area: Composing and sending messages>
> Error message: Other... (included below)>
> How often this occurs: Once>
> Type your feedback here:
> I accidentally hit send from the compose email page while composing an email, and wanted to cancel. I then proceeded to hit the "Cancel" button on the compose email page. Every time I hit "cancel" Yahoo sent the email that I wanted to cancel. I ended up sending the email 17 times to a support group with over 300 members. This ended up generating 5100 emails. Remove the cancel button if it in fact does not cancel but re-initiate the sending of the email. This does not make any sense. A cancel button should in fact cancel the sending of the email.

I then got this response from "florence"

Hello Travis,
> Thank you for writing to Yahoo! Mail. We appreciate that you contacted us for assistance, and we would like to help. However, we are unable to understand exactly what the problem is.

1. Please describe all of the actions you took that led up to the problem.
2. Include the exact text of any error messages you receive. It is important that you include the entire error message as this help us to more accurately determine the cause of the problem.
3. Include how often this occurs and any other relevant information.

The more information we have, the better able we will be to investigate this issue.
Thank you again for contacting Yahoo! Customer Care.
Regards, Florence
Yahoo! Customer Care

So they want a better description. OK. I can do that. I'll do better. I'll show them what happened. I recreated the issue by sending myself an email. I screen captured the video and then sent Yahoo the link. Here was my reply:

In order for you to understand, I have created a video clip of the problem that I am reporting. You can view the video at http://web.qx.net/tpierce/Yahoo_Cancel_Button.wmv

I click on the "compose" button.
The compose box comes up.
I fill out my email.
I then hit send.
I immediately hit cancel, prior to the "sent emailscreen" coming up.
For each time I hit cancel, the email is sent 1 times.

In this example, I hit the cancel button nearly 20 times. I subsequently received 20 emails. I can somewhat understand that the cancel button does not work, but for it to send the email each time it is pressed is just down right wrong.

Surely, I thought that yahoo would admit that this was a problem. However, their final reply was the following. My only thoughts are that yahoo must be idiots. Here is "Herbert's" reply.

Hello Travis, Thank you for writing to Yahoo! Mail.

Once you click the "Send" button, your message is fed into our delivery system and cannot be retrieved. Unfortunately, there is no way for us to intervene in this process. Please use the "Cancel" button if you don't want to save/send a message after composing.Even if the message is sent to another Yahoo! Mail account, we cannot delete it for you.

Once a message arrives in your mailbox, it is yours. Likewise, email that arrives in others' mailboxes belongs to them and cannot be removed by us.In the future, if you are not entirely certain that you want to send a message, consider saving it as a draft. Clicking the "Save Draft" buttonwill save the message to your Draft folder without sending it, so that you can return to it later to make a final decision on whether or not tosend it.

Thank you again for contacting Yahoo! Customer Care.Regards,HerbertYahoo! Customer CareVisit our online help pages at:

I know that I don't communicate all that well, but surely someone with half a brain would be able to recreated what I'm doing without digging in the garbage for the form letter. I think this is a significant bug. How do you report a bug to yahoo if this is the response you get? Would Google treat it's users this way? I don't think so.

One other quick note. Google is not in the yahoo spell check. What's up with that?