Erasing Guest Data

Jackbox

Active Member
Jan 2, 2016
197
96
74
I thought I already posted this but maybe not. This batch assumes we are handling user "Guest". If for some reason we are handling another user, we could likely just use for example:
cd "C:\Users\%username%\AppData\Local\Google\Chrome\User Data"

Notice the %username% as opposed to "Guest". This would be a good startup script for the user, then logoff the user after inactivity. This was tested working on Windows 7. There is also %userprofile% to maximize efficiency, to dive even deeper, there is %appdata% going into roaming and %localappdata%.

Code:
@echo off
title Safehotel
cd "C:\Users\Guest\AppData\Local\Google\Chrome\User Data"
del /f /s /q * >nul 2>&1
start chrome -incognito
cd "C:\Users\Guest\Documents"
del /f /s /q * >nul 2>&1
cd "C:\Users\Guest\Downloads"
del /f /s /q * >nul 2>&1
REG DELETE "HKCU\Software\Microsoft\Terminal Server Client" /F >nul 2>&1
DEL /F /S /Q /A %UserProfile%\Documents\Default.rdp >nul 2>&1
DEL /F /S /Q /A %AppData%\Microsoft\Windows\Recent\AutomaticDestinations\1bc392b8e104a00e.automaticDestinations-ms >nul 2>&1
pause >nul 2>&1

I could clean this script up for enterprise type of use, I am sure. But in most cases this should work fairly well. Keep in mind if we were wanting to make this solution more secure, we could use specific software to overwrite the data once on logoff. Using discretion, this could do just fine for most cases. The likeliness of someone recovering data from a public machine is relatively low but erasing whatever data could be used for stalking for example a hotel member - that is reasonable. Being even more realistic, this shit should be "kiosked" with a proper logoff button.

I could wander in her, install whatever kinds of software (keylog Facebook accounts, bank accounts even are used). This stuff.. the security posture is straight AIDS.

I kind of want to talk to the manager and offer him a solution, I could code up in minutes that would secure browsing sessions and mitigate infection. This machine has clearly been infected in the past.
 
Last edited:
Top