Tech Line

Easy IE History Audits

With this tool, you can easily scan a user's Internet Explorer browsing history.

Chris: I was just asked to audit user internet history for a small office client. They don't have nor want a proxy server and connect to the Internet using a Linksys WRT54G router. I've tried to copy a user's Internet Explorer history and read the history data locally, but that only allowed me to read portions of a user's browsing history. Is there any script or tool that you can recommend to help?
--James

Tech Help—Just An
E-Mail Away

Got a Windows, Exchange or virtualization question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to the MCPmag.com editors at [email protected]; the best questions get answered in this column and garner the questioner with a nifty Redmond T-shirt.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message, but submit the requested information for verification purposes.)

James: Ideally, you want to implement a perimeter device that can audit user Internet activity in real time. Since the office connects to the Internet via a Linksys router, you could consider replacing the default Linksys firmware with OpenWrt. OpenWrt is open source and adds many more features to the standard Linksys router. For example, you can load the open source Squid proxy onto the router and add VPN functionality as well. Since users can clear their Web browsing history, auditing Web activity externally such as via a Squid proxy server will give you better control of monitoring Web abuse. Not too long ago, accountants and legal assistants, for example, could work without any external network access. Today, many small business network administrators don't need any monitoring tools for their Internet connections. Instead, they can always rely on their users to notify them within seconds of any Internet failure.

As a user, it's easy to see your Internet Explorer history by navigating to the C:\Documents and Settings\\Local Settings\History\History.IE5 folder. From there, you'll see history organized by day of the week for the current week, as well as by subfolders for previous weeks. When browsing other user profiles, Windows Explorer's view of the profile isn't as intuitive. Instead, you will see folders whose names are based on the historical dates that they represent. A folder named MSHist012007010220070103 contains historical data from Jan. 2, 2007 (20070102) to Jan. 3, 2007 (20070103). Within each folder is a file named index.dat. The index.dat file contains the actual history data. Viewing this file in a text editor such as Notepad will reveal much of the history information, but it is difficult to read. An easier way to read history data from any user's profile is by using the tool Index Dat Spy.

Index Dat Spy is free and installs in a few minutes. To use the tool, just copy the user's IE history folder (example: C:\Documents and Settings\dmcnabb\Local Settings\History\History.IE5) to a local folder on your system or to removable media such as a USB drive. Note that each user's Local Settings folder is hidden by default, so you will need to enable the hidden files view in order to see this folder. To see hidden files, in Windows Explorer click the Tools menu, select Folder Options, and then click the Show Hidden Files and Folders radio button.

One you have access to the user's History.IE5 folder, follow these steps:

  1. Open Index Dat Spy.
  2. In Index Dat Spy, click the File menu and select Open.
  3. Browse to the copied History.IE5 folder, select the Index.dat file located within that folder, and click Open.

You should now see the user's Internet history displayed. Without an external Internet usage auditing product such as a proxy server, Index Dat Spy can be a pretty handy tool for viewing a user's Internet Explorer history data. Now, the next time a user complains that “The Internet is down,” you can cleverly reply “Don't worry. You'll have your access to in no time!”

Happy New Year everyone! Please keep sending in your excellent questions. I'm looking forward to another year of working together solving problems.

About the Author

Chris Wolf is a Microsoft MVP for Windows --Virtual Machine and is a MCSE, MCT, and CCNA. He's a Senior Analyst for Burton Group who specializes in the areas of virtualization solutions, high availability, storage and enterprise management. Chris is the author of Virtualization: From the Desktop to the Enterprise (Apress), Troubleshooting Microsoft Technologies (Addison Wesley), and a contributor to the Windows Server 2003 Deployment Kit (Microsoft Press).learningstore-20/">Troubleshooting Microsoft Technologies (Addison Wesley) and a contributor to the Windows Server 2003 Deployment Kit (Microsoft Press).

comments powered by Disqus
Most   Popular