I had a user who was browsing inappropriate websites on a public workstation that somehow got around the content filter restrictions. Unfortunately, this occurred when I wasn't there to check what site(s) were visited.
Is there a best practice for retaining browser history so that I could go back and review it when something like this occurs?
Here's the general setup:
I have a handful of Windows 7 workstations for public use in a domain environment attached to a windows 2008 R2 server (separate VLAN and server than the office resources).
I have them locked down tight with group policy (can't install anything or get into any system settings). There is a content filter on the network firewall blocking inappropriate sites and proxies (among other things). There is also a hosts file on each workstation blocking various known malware/spyware domains.
The browser history for Chrome and IE9/10 are deleted when the browser is closed, and access to the tools/settings menus are blocked.