Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Block MSN Messenger or Live with GPO - How to? 2

Status
Not open for further replies.
bence8810

bence8810

IS-IT--Management
Jul 20, 2005
241
AE
Hi

I have been tasked to block MSN for a couple of people, and I found nothing on google strangely. I thought this was a much-required thing for many.

There are ways to disable Windows Messenger, but not MSN. Is there some trick to block it from Running?

Thanks

Ben
 
Sort by date Sort by votes
Look under this policy setting.

User Configuration\Administrative Templates\System

Find the policy "Don't run specified Windows applications", enable the policy and click Show by List of disallowed applications. Add the name of the executable. You will need to know the specific executable name of the application.

Or use the Software Restriction Policy. This is a more versatile policy.

- How To Use Software Restriction Policies in Windows Server 2003


- Using Software Restriction Policies To Keep Games Off Of Your Network


Joey
CCNA, MCP, A+, Network+, Wireless#
 
Upvote 0 Downvote
Hi

Thanks, your first "easy" solution worked like a charm. Of course I can still run messenger from the command line, but hope my users wont notice that.

They already complained this morning, but I had to put the blame on the boss :)

Thanks again wonderfully done,

Ben
 
Upvote 0 Downvote
Did you use software restriction to ban it? if so you shouldn't be able to run it from the command line either.
 
Upvote 0 Downvote
Hi

I used the easy-method, "Don't run specified Windows applications" and it works for now. I will deploy the Software restrictions once I manage to find the time.

Thanks again for all help,

Ben
 
Upvote 0 Downvote
Hi

So the first applied restriction was quickly demolished by one user suddenly appearing online, then went back offline. I knew something was wrong, and sure enough, they started it from command line.

What a bummer.

I am deploying Software Restrictions rule in GPO, but I can only bind it to the Path, so if the user moves the applications, msnmsgr.exe in this case, my rule is again overthrown.

What am I to do?

I cannot take admin access, as they have software which requires it....

Thanks for any help,

Ben
 
Upvote 0 Downvote
1. Talk to the person's manager/supervisor. If using IM is against company policy, have them written up.

2. Block access to the login server(s). From my understanding, the main login server is messenger.hotmail.com. But for good measure, block *.hotmail.com and *.live.com.

3. Rather than giving the users full Admin rights, try giving them full permissions on the folder that the program they use is installed in. I have to do this for a couple programs we use and it works perfect.
 
Upvote 0 Downvote
Hi

Thanks, good thinking on the Admin access to folders only.

Re blocking the Login servers, I am not sure it can be done on individual PCs, can it? We use IE only, so if there is a way, I would like it very much so.

The other way is to block it in Squid Proxy which is what we use, but I am not very experienced, and leaving tomorrow for a 3 week holiday, so no time.

Blocking it completely would surely be a breeze, but blocking it only for a few users takes a couple of ACL's well planned, etc.

If there is an IE setting you can think of for blocking a couple of sites, please let me know,

Thanks

Ben
 
Upvote 0 Downvote
There is an easy way to block MSN Messenger on just a few computers. Edit the hosts file in C:\WINDOWS\system32\drivers\etc. Add the following two lines:

127.0.0.1 messenger.hotmail.com
127.0.0.1 gateway.messenger.hotmail.com

I just tested it on my computer and it prevents me from logging in to messenger. However, being local admins, they can edit that file if they know about it.

This will work with any websites you want to block on a per PC basis. It's great if you need to do it on just a few computers, but can be a pain if you need to do it on a lot of them.
 
Upvote 0 Downvote
Using software restriction you can create a hash value of the .exe then ban it from being run anywhere on the system.
 
Upvote 0 Downvote
Hi

Yes, I suppose I could edit the hosts file, and that is something I didnt think of at all. Thanks.

I found a setting in GPO which allows me to block sites with Content Rating, so I added the live.com and all others I was able to find, plus a few local sites that draw a lot of traffic.

I also created the hash rule. Lets say MSN gets updated, will hash still work? I mean the file changes. Of course MSN should not be updated, as there is no way to start it, etc, but if someone else logs on and updates it?

I now have the path rule and the hash rule. Can they live as neighbours, or I need to kill the path, or hash rule?

Thanks

Ben
 
Upvote 0 Downvote
If there was a new version you would have to rehash it but your users can't install new versions can they?

I think you can use both path and hash rules together.
 
Upvote 0 Downvote
Thanks a lot, I believe I reached my goal.

Best regards,

Ben
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
432
Aquiles Vidal
Aquiles Vidal
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
774
gbaughma
gbaughma
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
216
technome
technome
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
370
DTGMI
DTGMI
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
464
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top