Question

How do I block aol, yahoo, msn from being accessed from my network?

Asked by: modriven

I have a client who is having a problem with her employees not doing enough work.  They are constantly on aol, yahoo, or msn.  How do I block them from accessing those programs/websites?  She also wants to see if there is a program to see what they are doing on their computer.  She said she can run a report telling her what her employees are accessing.  Is there a program that acts like big brother but she doesn't want her employees to find out.  
She is running XP Pro on 5 machines.  Server is Windows 2000 SP4

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2004-07-31 at 13:13:52ID21078118
Tags

block

,

aol

,

how

Topics

Operating Systems Miscellaneous

,

MS SharePoint

Participating Experts
12
Points
125
Comments
13

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Block MSN Messenger and Yahoo Messager
    Hi all, Can someone tell me how to block yahoo and MSN messenger on a firewall. I have tried to block the following ports: Yahoo Messenger = 5000 to 5010 and 5050 MSN Messenger = 1863 But all these blocking cannot works, For all these IMS, do I need to use the IP address. I...
  2. Permanately remove MSN and Yahoo Messenger Programs
    I have a PC that belonged to my brother. He had uninstalled MSN and Yahoo Messenger but when I try to get my own accounts on these two services I receive not the accounts I have newly established but his old accounts. How do I completely remove these from my PC so that MSN ...
  3. Block MSN & Yahoo messangers
    Can anyone help me to block MSN & Yahoo messengers. I am using Windows 2000 server, ISA server2000(with microsoft firewall client) as the server our clients are working on windows XP, 2000 & 98SE operating systems. What I want to do is to block all employees install...
  4. blocking yahoo and msn
    Dear expert I want to block yahoo as well as msn messenger in my squid proxy server and someone help me for that. I need concrete solution.

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: steveohPosted on 2004-07-31 at 13:21:42ID: 11685562


You didn't specify how you connect to the internet but more that likely you have some sort of routing device that is sharing your internet connection. To block these apps from working you need to close the ports they communicate over.  Find out what ports you need to block (for example AOL Instant Messenger is port 5190) and configure your routers firewall settings to block those ports.

Good Luck!

 

by: jarjarbinx1979Posted on 2004-07-31 at 13:36:48ID: 11685613

Te easiet way of doing this (I had to do this)...is to get a product like ANS (Active Net Steward) this is a firewall and surfcontrol software on where it can block applications this is useful as it can be controled centrally by an administrator.

See linkhttp://www.securitydesigners.com

You can also use applications like McAfee Internet suit installed on the workstation but can't be centrally controlled.

Just blocking ports is not always the soltion as users can use iqc's and configure the port to the proxy or internet port that you have set!!

Hope this helps.

JJB

 

by: net_sec_guruPosted on 2004-07-31 at 17:15:34ID: 11686229

From a previous EE posting:
http://www.experts-exchange.com/Security/Q_20968914.html

========================

Seeming all of these will tunnel through port 80 if all other ports are blocked, blocking port 80 isn't going to do much good, as you'll stop web browsing for everybody else....  
You need to block access to the AOL, MSN and Yahoo IP addresses directly.

from: http://infosecuritymag.techtarget.com/articles/february01/cover.shtml

Preventing IM traffic from leaving the network is also difficult. Like Napster, the major IM clients will work quite hard to find a port to exit your LAN, using HTTP if they have to. AIM needs to connect to the host login.oscar.aol.com in order to start up, so blocking traffic to this destination will effectively shut it down. However, at press time, the name login.oscar.aol. com points to the following IP addresses, according to a DNS lookup:

205.188.7.172
205.188.7.176
205.188.7.164
205.188.7.168

You'll need to block all of these and check for any new servers on a regular basis. Yahoo! Messenger can be blocked in a similar way, by killing off outbound access to the hosts answering to the following names:

msg.edit.yahoo.com
edit.messenger.yahoo.com
csa.yahoo.com
csb.yahoo.com
csc.yahoo.com

Each of the above names resolves out to multiple IP addresses-and, of course, Yahoo! can add new addresses at any time, making it an ongoing battle.

MSN Messenger can be blocked by blocking IP access to the Hotmail network range-64.4.0.0 through 64.4.63.255. Interestingly, this does not seem to totally block access to Hotmail's Web-based mail service.

========================


 

by: MaxterJFPosted on 2004-07-31 at 23:45:21ID: 11686934

Well... for accessing those web page he could simply modify the c:\windows\system32\drivers\etc\hosts file typing like
msg.edit.yahoo.com
edit.messenger.yahoo.com         0.0.0.0
csa.yahoo.com                          0.0.0.0
csb.yahoo.com                          0.0.0.0
csc.yahoo.com                          0.0.0.0

and stuffs like that... no?

But if you want real access restrictions and stuffs like that, you should buy a firewall.  I know that Norton Internet Security can restrict access to some sites.  Is it easy to manage... no idea.

 

by: evil-techPosted on 2004-08-01 at 03:18:40ID: 11687289

I would recommend WinGate (corporate proxy). I'm using it for almost a year now and I'm very happy with it.

Recently I wrote an app which looks for window captions and terminates the application. You need to feed it with keywords like "yahoo", though.

 

by: ashishdagaPosted on 2004-08-01 at 05:27:49ID: 11687632

Something of interest:

http://blockyahoo.port5.com/

 

by: DANNiEDPosted on 2004-08-02 at 11:49:17ID: 11696786

honestly since yahoo and aol/aim offer "in browser" buddy lists its very hard to block the use of the control module in the browser. for instance you go to each computer uninstall yahoo messenger and aol's aim and even MSN and then set all there user rights to not allow install of programs/applications once they find out this wont work they will just use the "in browser" version now as "steveoh" stated to actully prevent them from useing it all you will need to block the port the ip address host name whatever. what we do at our oganization is block all users from any kind of internet signal with our firewall and then assign users who actully need the internet for productivity a static IP address. Then for your look in tool you can use a freeware called VNC or remote desktop within XP. good luck locking down those users oh by the way there gonna hate you for it but someone has to do the job!

 

by: dllexportPosted on 2004-08-02 at 12:03:57ID: 11696919

Most of these IM programs can connect to their servers on an arbitrary port, so blocking ports isn't going to help. MSN can connect via HTTP as well (I'm sure others can as well). An easy way that doesn't require installing things on every workstation is to run a proxy server. Then you can block outgoing connections to all ports for everybody except the proxy server, and configure the proxy to disallow access to the IM login servers.

 

by: jeremytse19Posted on 2004-08-02 at 15:10:49ID: 11698930

hi modriven,

from a previous question i answered:
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21053930.html

Again I can't vouch for the software, as I have never used it.

-------------------
Hi Ridek,

The link that I sent you actually talks about blocking the ports / servers that are used to chat. Having said that, the user can simply use another chat program / server / port. So it will require maintenance on your part as servers / ports become usable for messengers. (eg. HTTP wasn't able to be used before .. but now it is).

Another user suggested for XP " run secpol.msc, go to software restriction policies, additional rules, add rules that block ypager.exe (for Yahoo), do the same for other programs like ICQ and so on. Uninstall the program. Even after reinstalled, it will not run.".

However, if the user is smart enough, they can either rename the program, or use other software (such as Miranda or Trillian).

I'm not sure why yahoo and msn are excluded when you disable installs.

If you can't find out why, maybe you might want to consider this or something similar?
I can't vouch for it as I have never used it.

http://www.shareup.com/spyware/chatblocker.html

this also might be of interest ...
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21016380.html

hope any of this helps in you finding a solution.

http://www.shareup.com/spyware/chatblocker.html

 

by: rightmiremPosted on 2004-08-02 at 18:18:31ID: 11699909

There are many programs which monitor program access and system usage.  Do some searches on the net to find the best ones.  Altiris, and even Microsoft SMS work well.

A firewall is what is necessary to prevent ports from being used, but AOL allows savvy users to change their connection port, even to use ones like 110, 21 and 23 (outgoing mail, incoming mail and telnet.)

The best course of action is a business policy.  Unless the employees are too many, or too daring, simply state that having AOL on the system is a terminatable offense.  Sucks to have to resort to any of the above, but one does what one must.

M

 

by: MaxterJFPosted on 2004-08-05 at 16:19:01ID: 11731693

I believe routers with integrated firewalls could be something good.  More, I'd have Win2K or WinXP installed on every PCs with restristions applied to every users.  So the only one that could install softwares would be the Admin and for the rest, they would need to ask the admin to install anything.   For sites that don't need installation, you block them in the firewal of the router so it's like invisible to the users.  

Jean-Francois Trepanier
Computer technician, Programmer, Network Admin
BCE Emergis

 

by: pimprichPosted on 2004-09-01 at 14:09:15ID: 11957999

Symantic has web filtering software that can filter out url's and file types that you may specify. it also enables a proxy that all users must route through in order to get to the web, so the users must login to access the internet. it disconnects the LAN option to disable proxy routing in IE. it works with active directory so you may put users that you want to monitor in a specific OU. you can process timely reports to track users web surfing history. check it out!

http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=60

 

by: DerekSchaulandPosted on 2004-09-04 at 07:52:44ID: 11980324

I have found one of the easiest methods for containing IM clients is to create a DNS entry on your network for each services authentication server.  For example, if Aol IM uses login.aim.com as its authentication server you could set up a record in your DNS server named login.aim.com and point it to a local IP address.

This will not allow the IM client to authenticate as it will not be able to find an actual IM server at 192.168.1.2 or whatever local ip address you have entered.  

Keep in mind though that this will cause an IM outage for all who use that particular DNS server, but to eliminate a particular IM client at your company this should do the trick.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...