Announcement

Collapse
No announcement yet.

Blocking MSN by GPO

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Blocking MSN by GPO

    Hi everybody!
    I have 145 workstations,in all workstation installed MSN Mesanger.In the recent past,the one of major type of connection between users inside of the company was mesanger.For me like a system administrator it is a huge problem.Now I successfull convinced my boss that this is a big risk for the company and he decided to bloch MSN Messanger to users,but he want to leave it to specific group of users.
    The quastion is how can I block for everybody,and leave it for specific users.
    *** One of the conditions to do so,is do not change the firewall settings.
    *** The company not ready to buy additional software and hardware
    I thought to do so by using GPO, becouse all users are part of the domain.
    Anybody who can help to solve this problem is wellcome.

  • #2
    Re: Blocking MSN by GPO

    Well, if you're talking about Windows Messenger, you have the settings in Computer Configuration -> Administrative Templates -> Windows Components -> Windows Messenger: Do not allow Windows Messenger to be run.
    If you're talking about MSN Messenger, it's a little bit tricky, since it is not a part of Windows. You need to use User Configuration -> Windows Settings -> Security Settings -> Software Restriction Policies. You can use the Additional Rules and define there that msnmsgr.exe should not be run (Disallowed).
    You forgot to tell us what OS are the clients and what kind of AD you have (2000? 2003?).
    And just for fun: what exactly is your
    huge problem
    and
    big risk for the company
    with MSN Messenger? Especially when you're talking about inside communication only?
    Hope this is what you were looking for. Good luck.

    Sorin Solomon


    In order to succeed, your desire for success should be greater than your fear of failure.
    -

    Comment


    • #3
      Re: Blocking MSN by GPO

      MSN Messenger cannot be limited to inside communication only. It is a worldwide product, and requires a connection to the Microsoft Messenger Servers at Redmond to work.

      Windows Messenger however is the product of choice for internal messaging. It is designed to allow the use of an internal server (I think you have to buy this from Microsoft) and does not require an Internet connection to function.


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: Blocking MSN by GPO

        Correction - it looks from a quick :Google: like the Instant Messaging Server function comes with Exchange...


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: Blocking MSN by GPO

          Originally posted by Stonelaughter View Post
          MSN Messenger cannot be limited to inside communication only. It is a worldwide product, and requires a connection to the Microsoft Messenger Servers at Redmond to work.
          Absolutely. I meant that if all the connected users are from inside the company, are you still in such a mess? As a matter of fact, what is the role of the servers? Are they in charge of the initial connection only, and afterwards the job is done in a peer-to-peer way? Or if I transfer a file to a colleague two floors bellow, it goes through MS servers?
          Hmmmmmm...

          Sorin Solomon


          In order to succeed, your desire for success should be greater than your fear of failure.
          -

          Comment


          • #6
            Re: Blocking MSN by GPO

            AD is 2003 clients all XP
            Everybody has internet, and sure they use mesanger to to communicate with contacts outside of the company. They transfer files, and execute it workstation.
            And the big problem is that this company has problem with ISP infrastruction and has only 128 Upload. So if suddenly someone decide to transfer big file to his friend, my exchange queue just blowing from outgoing mesages.

            Comment


            • #7
              Re: Blocking MSN by GPO

              Can't you block it at you're firewall?
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Blocking MSN by GPO

                Originally posted by kauf View Post
                AD is 2003 clients all XP
                Everybody has internet, and sure they use mesanger to to communicate with contacts outside of the company. They transfer files, and execute it workstation.
                And the big problem is that this company has problem with ISP infrastruction and has only 128 Upload. So if suddenly someone decide to transfer big file to his friend, my exchange queue just blowing from outgoing mesages.
                So use Windows Messenger and host it internally; it won't even be able to SEE the internet. Use the policy shown above in "Software Restrictions" to prevent msnmsngr.exe from being run. Also, you could (on your workstation build) create the key and set permissions to it (so that users can't even read) at HKCU (and HKLM) \Software\Microsoft\MSNMessenger

                That way even if they COULD install it (doubtful) they could not run it even if they got around the software restriction by renaming the EXE.

                Of course, the best way is as stated above; block it at the firewall...


                Tom
                For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                Anything you say will be misquoted and used against you

                Comment


                • #9
                  Re: Blocking MSN by GPO

                  Originally posted by Stonelaughter View Post
                  Correction - it looks from a quick :Google: like the Instant Messaging Server function comes with Exchange...
                  Used to come with Exchange 2000. In Exchange 2003 we don't have that anymore. Now it's called LCS - Live Communication Server.
                  Cheers,

                  Daniel Petri
                  Microsoft Most Valuable Professional - Active Directory Directory Services
                  MCSA/E, MCTS, MCITP, MCT

                  Comment

                  Working...
                  X