Block Messenger with XP SP2 firewall

[Leenie]

Does anyone know how to stop MSN Messenger 6.2 from working using the XP SP2 firewall. I took the tick out of MSN Messenger 6.2 and Windows Messenger in the Firewall Exceptions, but am still able to send instant messages, etc.
Thanks.

Colleen Lane
Milton Public Library

 

[bcastner]

Why not use Control Panel, Add/Remove Programs to remove MSN Messenger instead?

To remove Windows Messenger: Start, Run, and type on the command line (one line):
RunDll32 advpack.dll,LaunchINFSection %windir%\inf\msmsgs.inf,BLC.Remove

Done.

 

[Leenie]

I should better explain. It's for the pc's on the public floor of the library. Doesn't matter how many times we uninstall it, the patrons figure out a way to reinstall it.

Colleen Lane
Milton Public Library

 

[bcastner]

Messenger falls back to using tcp 80 if the standard 1863 is blocked or does not work. Unless you want to block web access you can't block it by blocking ports.

You might consider using gepedit.msc, and Group Policy to add both programs to the restricted list.

 

[Leenie]

Thanks for those suggestions. I'll look into them. Do you know why, though, when I take the tick out of messenger in the firewall execeptions it still works?

Colleen Lane
Milton Public Library

 

[bcastner]

IM clients are notoriously aggresive about finding an open port. MSN Messenger, for example, will revert to port 80 which is the port for all HTTP web traffic.

Some other thoughts for you:

. Third-party solutions:

http://blockmsn.port5.com/

. Use of Restricted Zones under IE:

Add: *.msgr.hotmail.com

This will bar MSN from logging in.

 

[Leenie]

Would that block hotmail as well?

Colleen Lane
Milton Public Library

 

[bcastner]

No. Do you need that as well?

 

[Leenie]

Nope. We want hotmail, but not messenger.

Colleen Lane
Milton Public Library

 

[jrbarnett]

for bcastner's post from yesterday, the filename should be gpedit.msc, not gepedit.msc

Somewhere around TT there's a post giving the IP address range that MSN uses, but I can't find it quickly. A way of blocking access to MSN messenger is to ban connections to the IP address range used by the servers at your firewall (which I hope the general public have no access to).
This will work even if they figure out a way of reinstalling the software. You can use the same approach to block other instant messaging software (AOL, Yahoo, ICQ etc).
Failing that, I'd also check the rights on the public user accounts: check that they are guests or ordinary users rather than power users or administrators, so won't be able to install software.

John

 

[bcastner]

John,

There are a lot of IPs involved, they are often country specific, and would interfere with any Passport protected Web service such as Hotmail. In the US the IPs (at the moment, and likely not an exhaustive list) that would need to be blocked:

64.4.13.0/24
194.130.106.0/24
195.33.103.0/24
205.188.213.0/24
207.46.104.0/24
207.46.110.0/24
207.68.178.0/24
213.249.102.0/24
213.199.154.0/24
216.166.74.0/24
216.178.160.0/24

This why I think the sanest approach is to block by URL.

 

[Marcs41]

info to all:

If you block messenger, user can still get on, you need to block access to a certain website too:

http://webmessenger.msn.com/

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do I Get Great Answers To my Tek-Tips Questions? [/sub]See faq222-2244

 

[gpalmer711]

MSN Messenger will be restarted each time you visit the Hotmail site. You can disable this by following the advice in

http://www.palmersoft.co.uk/support/messenger.htm

On my site there is a piece of software called P2P Killer which stops the use of Peer 2 Peer applications on computers. This could be extended to cover IM programs as well, it currently stops MIRC. If you are interested in this let me know and I will add the IM programs to the software.

Greg Palmer
Free Software for Adminstrators

http://www.palmersoft.co.uk

 

[bcastner]

It wll not start if you block its passport authentication, my earlier suggestion.

(It authenticates on a different URL than Hotmail)

 

[linney]

Securing a public computer.

http://www.google.com/search?source...oe=UTF-8&q="public+computer"+security+windows

http://groups.google.com/groups?sou...oe=UTF-8&q="public+computer"+security+windows

Disabling Downloads
thread779-800996

292504 - Policy Settings for the Start Menu in Windows XP

http://support.microsoft.com/default.aspx?scid=kb;en-us;292504&FR=1&PA=1&SD=HSCH

controling XP
thread779-814440

 

[bcastner]

One of the interesting Public Access computer security tools is the freeware released Public Access Computer Security Configuration Tool, developed as a special project of the Bill and Melinda Gates Foundation.

The Public Access Computing Security Tool creates user account profiles that provide protection against the user accidentally or intentionally making permanent changes to the system. It is also designed to take the profiles you create on one computer and copy them to your other computers. This can save significant time when dealing with multiple computers.

The profiles are customizable, and offer the rather unique feature that the entire tool and its changes can be removed with Add/Remove programs.

http://www.pacomputing.org/PACTool/pactoolhome.aspx

http://www.ous.edu/onlinenw/2003/executive/CrosbyExecSummary.pdf

http://galecia.com/weblog/mt/archives/H162_InsPACcon.htm

 

[Leenie]

Thank you all for your valuable suggestions. To start we'll probably just uninstall the software and then make sure the users aren't power users or administrators. Probably a good idea all around anyway.
Thanks again.

Colleen Lane
Milton Public Library

 

[letu27]

When I am using (trying to) Windows Instant Messaging (ver 7.5) and I try to open a voice conversation with another online person I get the message "messenger has encountered an error and must close now". Anybody have any experience with this problem? I am using XPPro operating system

 

[linney]

See if your firewall is interfering with Messenger.

You Cannot Make Phone Calls or Start Voice or Video Conversations with Windows Messenger

http://support.microsoft.com/default.aspx?scid=kb;en-us;324214&FR=1&PA=1&SD=HSCH

Audio conversation using Messenger in XP
thread779-751662

http://messenger.msn.com/Help/

 

[spongmonkey]

we had this same problem at the NHS Trust where I worked, in the end we used policies to actually block the MSN executable from running. As each version of MSN uses the same exe name this stops any versions running. Users can still use WEBMSN though