Re: MSN Messenger Group Policy
- From: "Stuart Mackie [MCSE MCSA]" <newsgroups@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 12 Apr 2005 00:27:40 +0100
Hi Brian. Unfortunately using the group policy option (User
Configuration\Administrative Templates\System\'Do not run specified Windows
applications') is not necessarily secure and can be easy to circumvent
depending on the system configuration. The particular group policy option
is designed to stop the listed applications from being started by Windows
Explorer. It therefore does not block the listed applications from being
executed by the system or by another process.
If you have an environment where Users can open a cmd window they will be
able to run MSN messenger manually from the command line and the Group
Policy will have no effect. Similarly if the users have Administrative
privileges to their workstation(s) they can rename the MSN messenger
executable again the Group Policy will have no effect can round the Group
Policy option.
Unfortunately if you allow Administrative privileges it is very difficult to
disable MSN messenger at the local system level because the user has full
rights to execute it, rename it, or reinstall it if it was removed. There
are still some options left though :
- The safest way to block MSN messenger is to uninstall it from workstations
and do not give users administrative privileges.
- Another option, although I'm not sure if this is a current fix, is to
create some additional registry entries which disable MSN Messenger. The
link below is similar to what I remember, but it's quite an fix and I'm not
sure if this still applies to current Messenger versions (I'll test and post
back). If the registry entry is still applicable you could apply this using
Group Policy. Again though, if the user has Administrative privileges the
registry entry is not a secure method of blocking msn messenger.
- Finally if you have to give Administrative privileges to your users, or
the above solutions are still not adequate etc your next option would be
blocking using ISA.
Disable MSN Messenger via Registry
http://www.winguides.com/registry/display.php?id=981
--
Hth,
Stuart Mackie
www.stu.uk.com
MCSA: & MCSE: Security
"BrianMultiLanguage" <BrianMultiLanguage@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:672507E8-B725-4069-B53E-35BEF47C3A8E@xxxxxxxxxxxxxxxx
> Ok, can you post how you did it>?
>
> "Brett" wrote:
>
>> Thanks guys for your comments.
>>
>> In the end we found a policy that allows you to specify programs
>> (filenames)
>> that can't be run on the network. It was as simple as naming the
>> offending
>> items in the policy and no problems since.
>>
>> Thanks again for your help.
>>
>> Brett
>>
>> "Brett" <brett@xxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:%23WbohMACFHA.3596@xxxxxxxxxxxxxxxxxxxxxxx
>> > Hi Again
>> >
>> > Thanks Matt for your input. I have spoken with our IT Consultant who
>> > advised me that we are not running ISA on this server. We are only a
>> small
>> > network and he maintains that it is an unnecessary impost on the
>> > system.
>> >
>> > Given that we are not running ISA, is there another way of disabling
>> > MSN
>> > Messenger across the network, either through Group Policies or
>> > something
>> > else? The server is SBS 2003 Premium with 8 x XP Pro workstations.
>> > Let
>> me
>> > know if you require any further network information.
>> >
>> > Your comments appreciated.
>> >
>> > Brett
>> >
>> >
>> > "Brett" <brett@xxxxxxxxxxxxxxxxxxxx> wrote in message
>> > news:OVMizY2BFHA.3528@xxxxxxxxxxxxxxxxxxxxxxx
>> > > My apologies, yes we are using SBS Premium.
>> > >
>> > > Thanks for the posting, I am reviewing the link at present.
>> > >
>> > > Brett
>> > >
>> > > "Matt Gibson" <mattg@xxxxxxxxxxxxxxx> wrote in message
>> > > news:%232aTQv1BFHA.3504@xxxxxxxxxxxxxxxxxxxxxxx
>> > >> Hey Brett!
>> > >>
>> > >> You didn't say if you're using Premium or not. If you are, try
>> > >> this.
>> > >>
>> > >> http://support.microsoft.com/default.aspx?scid=kb;en-us;891598
>> > >>
>> > >> Matt Gibson - GSEC
>> > >>
>> > >> "Brett" <brett@xxxxxxxxxxxxxxxxxxxx> wrote in message
>> > >> news:OuDKGX1BFHA.2316@xxxxxxxxxxxxxxxxxxxxxxx
>> > >>> Hi all
>> > >>>
>> > >>> I'm resaonably new to SBS 2003 and to date am very pleased with its
>> > >>> functionality. I have a question however about the ability or
>> otherwise
>> > >>> to stop MSN Messenger from being used on workstations within the
>> domain.
>> > >>>
>> > >>> I know that within Group Policies in SBS there is the ability to
>> > >>> stop
>> > >>> 'Windows Messenger' from being used, however this does nothing to
>> > >>> 'MSN
>> > >>> Messenger'. As I have a few staff members using (abusing) this
>> facility
>> > >>> during work hours, I wish to have the use of this program stopped
>> > >>> via
>> a
>> > >>> group policy.
>> > >>>
>> > >>> Is anyone aware of how to do this?
>> > >>>
>> > >>> Many thanks in advance.
>> > >>>
>> > >>> Brett
>> > >>>
>> > >>
>> > >>
>> > >
>> > >
>> >
>> >
>>
>>
>>
.
- Follow-Ups:
- Re: MSN Messenger Group Policy
- From: BrianMultiLanguage
- Re: MSN Messenger Group Policy
- References:
- Re: MSN Messenger Group Policy
- From: BrianMultiLanguage
- Re: MSN Messenger Group Policy
- Prev by Date: RE: Sudden Chronic Password Challenges
- Next by Date: Re: Changed User Name: Sharepoint Shows Old Name - New Thread
- Previous by thread: Re: MSN Messenger Group Policy
- Next by thread: Re: MSN Messenger Group Policy
- Index(es):
Relevant Pages
|
