IEHistoryView can allow an administrator to quickly see a user’s browsing history without extensive preparation and configuration.

——————————————————————————————

Tracking a user’s browsing history can be both an expensive and a daunting task, especially if you’re a one-man shop in a small company. For those that are blessed with users that behave while they’re online at work, you are lucky indeed. For the rest of us, there is IEHistoryView.

Created by Nir Sofer, owner and operator of NirSoft, IEHV is a simple, yet powerful, tool with a fairly small footprint (37 KB). Downloading and installing IEHV is as simple as getting the zip file from the Web site and extracting the three included files into the folder of your choice.

Included are the executable (with both GUI and command-line functionality), a compiled HTML (.CHM) help file, and a ReadMe file that contains version history and some quick-start instructions.

This blog post is also available in the PDF format in a TechRepublic Download, which includes all the code in a separate file for easy copying.

Initial look

The first thing you see when opening IEHV is a grid interface of the current user’s Internet Explorer history (Figure A). As we look around, there are several toolbar buttons and a few standard menus as well.

Figure A

Current user’s Internet Explorer history

As in most well-designed Windows programs, all the toolbar functions can be found in one of the standard menus. In these menus (Figure B) we see several familiar options as well as many more that we will either have to guess at or try out. (I edited the opened four menus together in the same image. The actual application does not function in this manner.)

Figure B

All the menu screens at the same time

Delving right in, scroll through the grid to get a nice reverse-order history of the user’s browser activity (Figure C, which is edited together from several screen shots).

Figure C

Scrolling through the history

Looking at this user, after they went through the Microsoft RunOnce wizard they first fired up XKCD.com (important things first) then went to TechRepublic and read several articles and blogs as well as viewed a photo gallery or two. After leaving TechRepublic, the user Googles the Google Headquarters and then checks out the headlines on MSN.com. Finally, this person Googles “crack WEP encryption” (must have gotten the idea from “Video: How to Spoof a MAC Address” viewed earlier) and then spent some time browsing a few sites on the topic before logging off.

Viewing other users, other folders, and subfolders

So, now we know what the logged-in user has done on the Internet. But, what if you wanted to look at another user’s history on the same machine, a different machine, or just wanted to look at a particular date or range of dates? IEHV has the ability to browse the list of user accounts on the local machine as well as give the user the ability to specify a history folder (useful for networked computers) or a history subfolder (to look at a shorter period of time), which can be seen in Figure D.

Figure D

Viewing different folders

Choosing either another user from the user accounts chooser or specifying a history folder will give the same type of information as we saw in the initial view. The main difference is in the history subfolder. As you can see in Figure E, the Hit counts are much smaller than in the main view. I was unable to find anything in the documentation to explain this, so I simply chalked it up to a functionality of Internet Explorer (perhaps the main view shows image hits as their own hit under the page they are loaded from).

Figure E

History subfolder of another user

Saving, deleting, exporting, and printing

By checking the boxes next to one or more of the entries in the grid, several of the menu options become usable.

Other functionality

So, what else can we do with it? Well, there are a couple of different Search functions. The first, “Find History Item,” is your traditional search dialog. Also available is “Select by URL,” which allows the user to input several carriage-return-delimited strings that are searched for and automatically selected in the grid.

One feature in the menus that stood out was “Show All Google Searches” (Figure F). This does exactly what it says: it shows all Google searches that haven’t been cleared from the browser.

Figure F

Showing all Google Searches

After pretty much exhausting the menus, the next thing to try is right-clicking on one of the records. Some of the same functionality that is in the menus and toolbars is also available via a right-click context menu (Figure G).

Figure G

Right-click context menu

Let’s look into the properties screen (Figure H). The properties screen shows the same information that is in the grid, just laid out in a traditional data form format.

Figure H

Properties screen

Command-line functionality

The command-line functionality is a little more difficult to jump right into, and a simple “iehv /?” just launched the GUI.

Here is the command-line syntax:

• Action: tells IEHV what type of file you would like to export to. Options are similar to the GUI Save function.
• Destination File: absolute or relative path and file name to store the exported data
• Source Type and Source: optional parameters used to redirect IEHV away from the currently logged-on user (similar to the functions above in Figure D)

Figure I shows the failed attempts at discovering command-line options as well as a simple implementation of the command line that exports all History for User “TRTest” to a tab-delimited text file named “export.tab.” While not as easy to use for simply viewing, the command line would be very useful for reporting and archiving.

Figure I

Command line

Aggregating cialis effectiveness and archiving

The following section is simply a “proof of concept” that should not be taken as a complete solution. I have used VB.NET 2005 to demonstrate these ideas.

The core to this concept is executing the command line, writing the data to a temporary file, and then reading that data into a VB.NET application for aggregation and archival. The challenge is to build the command line for each computer/user/folder you want to aggregate.

Executing a command line from Visual Basic is limited to a few options. I could use the Shell() command, but the outputs of that are very limited and Shell can be temperamental. The .NET Framework also has a Process class within the System.Diagnostics namespace that seems a bit more robust, so we’ll use that.

NOTE: Please refer to the documentation on System.Diagnostics.Process for more detail.

Among other things, the Process class has options for a File Name as well as Arguments. The File Name is the full path to the IEHV executable and the Arguments will be filled in dynamically with the custom-built string we’ll create later. The command line we will use is:

What this command does is create an output of a specified History folder to a temporary tab-delimited text file in the user’s temp folder. So, we first break off the “iehv” because that is being handled in the Process class’ File Name property. Next, we need to use the .NET Framework to get the user’s temp folder path and substitute that in for “%temp%”. Finally we need to ask the user to specify the path to import into our application.

Prompting the user for this information can be done in one of many ways, depending on how sophisticated you want the application to be and how many folders you want to import in a batch. For the purposes of this proof, we will assume that you want to gather usage for all users on one specified machine and load that information into a DataTable, which can be tied to a backend database.

Code Listing A shows a snippet of how to get the user’s temp folder as well as loop through the user directories gathering the Internet Explorer History and loading it into the DataTable.

Listing A

Considerations

IEHistoryView can allow an administrator to quickly see a user’s browsing history without extensive configuration and preparation. For more advanced archival needs, the command line can be used alongside some custom programming to create a simple, low-cost (time is money) Internet usage monitor.

Using IEHV to monitor Internet usage is dependent on users not deleting their browsing history through Internet Explorer. Fortunately, those rights can be controlled via Group Policy as discussed in this IT Dojo blog post.