RE: msn messenger
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Thu, 01 Jun 2006 04:57:53 GMT
Hi param,
Thank you for posting in SBS newsgroup.
From the description, I understand that you want to block MSN Messenger. IfI am off base, please do let me know.
As I know, if you would like to prevent the internal users from using IM
Application to logon to Internet, I do not recommend you block ports or try
preventing the client users from using IM Application. This is because
more and more IM applications support going through HTTP protocol that we
must use and try limiting the clients to use application will lead to the
large administrative tasks.
Instead, we should disable the IM applications' login sites on the Internet
export. After that, even if a user can run the IM applications, he/she is
unable to sign in to the internet.
If you are using SBS 2003 Premium Edition with ISA Server 2000, we can
perform the following steps:
1. Open ISA Management
2. Point to Policy Elements | Destination Sets.
3. Create a Destination Set "Messengers Logon Sites", and then add the
following sites into it:
*.messenger.hotmail.com
Note: If you would like to disable other IM applications, you can also
include the following domains:
*.icq.com //for ICQ
*.screenname.aol.com //for AOL
*.messenger.yahoo.com //These 2 sites are for
*.msg.yahoo.com //Yahoo Instant Messenger
4. In Site and Content Rule, create a new Rule "Block Messengers" to deny
the access, and then apply this rule to the newly create Destination Set
"Messengers Logon Sites"
You can also refer to the following document:
http://www.isaserver.org/tutorials/How_to_Block_Dangerous_Instant_Messengers
_Using_ISA_Server.html
For ISA 2004, you can try the following steps:
1. Open ISA management console, navigate to Policy Elements, right click
Destination Sets and click New->Set.
2. Choose Network Objects, and click New->Domain Name Set.
3. Enter a descriptive name for the new domain name set. Click New, and
type the corresponding URL, then click OK.
For your convenience, I list the URLs as following:
*.messenger.hotmail.com //for Windows Messenger or MSN Messenger
*.screenname.aol.com //for AOL
*.messenger.yahoo.com //These 2 sites are for Yahoo Instant Messenger
*.msg.yahoo.com
4. Then right click Firewall Policy, choose New->Access Rule.
5. Type a descriptive name for the new rule, and click Next.
6. Choose Deny and click Next.
7. Select All outbound traffic, and click Next.
8. On the Access Rule Sources page, add "Internal" to the source and click
Next.
9. On the Access Rule Destinations page, add the domain name created before
to the destination and click Next.
10. On the User Sets page, apply this rule to the specified user groups.
For example: All Users.
11. Click Finish.
Then the corresponding IM traffic initiated from the workstations will be
blocked by the ISA.
In addition, in SBS 2003, you can also preventing users from using MSN
Messenger through configuring a Software Restriction in Group Policy:
1. Open the Default Domain Policy to edit in Active Directory Users and
Computers (dsa.msc).
2. Go to Computer Configuration/Security Settings/Software Restriction
Policies.
3. Right click Software Restriction Policies and click New Software
Restriction Policies.
4. Click Additional Rules.
5. Right click in the right pane and create a new Path Rule.
6. Add C:\Program Files\MSN Messenger to the list and select Disallow.
7. Click Security Levels.
8. Right click "Disallowed" in the right pane and click "Set as default".
9. Run GPUpdate on all domain controllers and client computers, then reboot
client computers.
I hope the above information helps.
Please feel free to let me know if you have any questions or concerns.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: <param@xxxxxxxxxxxxxxxx>
| Subject: msn messenger
| Date: Wed, 31 May 2006 13:57:27 -0500
| Lines: 7
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
| Message-ID: <OomERQOhGHA.4304@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: corp.appone.net 69.2.56.125
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:272048
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi all,
|
| How do I prevent users from using MSN Messenger? I have only enabled
| selected protocols on the SBS Internet Access Rule and MSN Messenger is
not
| selected. However, it still appears to be allowing access.
|
|
|
.
- Prev by Date: Re: Remote Web Workplace does not work after installing Trend Micr
- Next by Date: Questions on DNS and network
- Previous by thread: RE: Lost my outlook contact... :(
- Next by thread: Questions on DNS and network
- Index(es):
Relevant Pages
|
