MSN Messenger 3

[shannanl]

I am trying to block my users from using MSN Messenger. I would like to do this from the server so that I don't have to physically touch each client (I have several off site machines). I went in to group policy and set it to not run MSMSGS.EXE. This works fine unless they already have it installed. There seems to be about 3 ways you can start messenger. The start, program way is now blocked. The IE way is now blocked. The icon in the lower right part of the screen is not blocked and launches normally. Any idea where this icon points to? I looked in the start up programs and its not listed there. The others point to the MSMSGS.EXE file which I blocked, this one does not appear to do so.

Thanks in advance for the help.

Shannan

 

[Code666]

Do you have access to the Firewall? If so, why not just shut the ports down?

Edward

http://www.petrelworkflow.com

 

[shannanl]

I tried blocking port 1863. That is what I though MSN ran on and it does not stop it. Any suggestions on the port?

Thanks,

Shannan

 

[fs483]

If I'm not mistaken MSN will run on port 80 as a last resort. I remembered trying to stop MSN by blocking different ports and somehow MSN would use a different port to re-authenticate and activate itself. One method (after reading a lot on the Internet) was creating a TEXT file to overwrite the MSMSGS.EXE, then put the file hidden/read-only. That way, when the user tries to install messenger, the program is unable to create/overwrite the file because it exists. I've tried these methods over a year ago so there might be new ways of blocking Messenger. BTW this wasn't in a workgroup environment.

 

[shannanl]

I cant block port 80 on our network so I am kind of out there. The text file is a possibility. I also read where a guy wrote a small VB application, named it MSMSGS.EXE with a version of 999999999 or something like that so that an install of Messenger would not overwrite the version. I thought about that, even making a message appear warning them that they had been reported as using illegal software, ha ha. I just want to avoid going to each workstation if at all possible.

Thanks for the info.

Shannan

 

[ReddLefty]

This might not be the perfect solution, but for now, it works for me. I simply ban the following address range on my firewall from going outbound:

207.46.106.0 - 207.46.110.255

All Microsoft sites that I use still work.. but you might want to do more extensive tests.



"In space, nobody can hear you click..."

 

[JillofAllTrades]

Group Policy > Administrative Templates > Windows Components > Windows Messenger

Christine

 

[shannanl]

I believe Windows Messenger and MSN Messenger are two different things. Am I correct?

 

[shannanl]

I think I found the trick. We seem to have clients that are running two different versions of MSN Messenger. One has an executable of msmsgs.exe and the other newer 6.1 version an executable of msnmsgr.exe. I went into group policy and told it not to run these windows components. I also added Ypager.exe for yahoo messenger. If I try a new install of MSN Messenger it will not work however if they have it running and an icon in the lower right of the screen they can sign in / out all they want. I suspect the program is running in the background and signing in/out does not hit the .exe file therefore it cant block it. If the user ever exits from the program then they are blocked from ever starting it again. So I guess for those users that are currently using it I will wait until they log off / reboot their computers and that will take care of that.

Thanks for all your help.

Shannan

 

[ReddLefty]

What if they rename the file... ?



"In space, nobody can hear you click..."

 

[JillofAllTrades]

Yep - I am wrong. Too bad there isn't a negative star.

Christine

 

[ReddLefty]

Actually, it's called a Red Flag, but your post was still good information for those who might of thought it WAS the same thing.



"In space, nobody can hear you click..."

 

[shannanl]

I am pretty sure none of my users could do that however I am sure some organizations do have users capable of that. I also blocked the port and the i.p. range that you guys gave me. Surely between all 3 items I can stop them but then again I guess the only really sure way is to write a policy and enforce it if they abuse it.

Thanks for all the info.

Shannan

 

[jjeffords]

Messenger uses port 1863, but if you block it then it can automatically switch to port 80.

I add the following registry key in my users' logon scripts:

HKLM\SOFTWARE\Policies\Microsoft\Messenger\Client\PreventRun=1

This will prevent Messenger from running, whether or not it is installed. Because this key isn't modified during a Messenger install/re-install/upgrade, and isn't removed if the software is uninstalled, this should work for you.

 

[shannanl]

MCSEnNC, that sounds great. Can you kind of walk me through adding this to the login script. This is all new to me and I dont want to mess something up. Is this script on the server?

Thanks,

Shannan

 

[desktoprat]

Out of curiosity, is the PreventRun=1 line specific to Messenger? Can I invoke this in other program's registry entries???

 

[ReddLefty]

Following up on MCSEnNC's nice registry hack, it's perfect for Windows NT and up, but you still can't stop the Linux clients. (A-MSN client).

Simply put, if you want to stop any pager/messenger service, whether MSN, Yahoo or ICQ, you GOT to do it from the firewall if you want to get everyone.



"In space, nobody can hear you click..."

 

[inticon]

Im not sure where I have seen it on the Microsoft site but im positive there is a tool you can install that will stop it from running avaliable for download. However I think it requires you to be running the workstations through Active Directory.

Best place to strat looking would be Microsoft Knowledge base or Microsoft Download Centre

Hope this helps.

Nick Brown

http://www.inticon.net

 

[minxca]

Hi,
Try this:

http://www.isaserver.org/pages/search.asp?query=msn