I'm trying to setup a GPO that will set IE to delete cookies when the browser is closed. I found the policy, "Empty Temporary Internet Files folder when browser is closed," but nothing for cookies specifically. The other requirement is that this GPO should apply only to members of a computer group (not to all PCs a user logs into). How do I accomplish this? Thanks.
After some research, AFAIK there's no setting to do so... Or at least, Ididn't find one that "deletes" cookies, but the other way (prevent fromdeleting).regards, Martin
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
I agree with Martin. There is not GPO setting specifically for cookies. We can only delete cookies along with other Temporary Internet Files.
In the meantime, I understand that you wish the GPO to apply only to members of a computer group.
To do this we can make the setting in a GPO which is linked with the computers' OU of the domain and use security filtering to make it only apply to the members of the specific group.
The setting shall be in Computer Configuration (not user Configuration): Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Empty Temporary Internet Files folder when browser is closed.
Here is an article regarding security filter:
Filter using security groups
TechNet Community Support
After researching, I find that it is possible that some cookies files remain even after we do the "Empty Temporary Internet Files folder" setting.
Emptying Temporary Internet Files Folder Leaves Cookies Files
In this situation, we can try using logoff script to delete cookies files as a workaround. (Cookies can be deleted after user logoff but cannot be deleted while closing IE.)
Here is another thread for your reference:
Delete cookies using GPO
We can also seek help regarding scripts from our script forum:
TechNet Community Support
I decided to create a GPP to delete the %userprofile%\appdata\roaming\microsoft...\cookies folder, in addition to the temporary internet files. Thanks.
You have to enable two options.
User Configuration -> Policies -> Administrative Templates
Windows Components/Internet Explorer/Delete Browsing History
Configure Delete Browsing History on exit - > Enabled
Configure each of the following settings. Enabled items WILL NOT be deleted. Disabled items WILL be deleted on exit.
Prevent Deleting Cookies -> Set to Disabled to delete cookies on IE exit.
Prevent Deleting Download History
Prevent Deleting Form Data
Prevent Deleting Passwords
Prevent Deleting Temporary Internet Files
Prevent Deleting Web sites that the User has Visited