Solved

Block Windows Media Player in Firewall

Posted on 2000-04-13
7
335 Views
Last Modified: 2013-12-23
Running a proxy server for my company LAN, trying to lock down some unruly users.  I've found the port to close to keep RealAudio from connecting, but WMP is like a cockroach.  If I block port 1755, WMP shifts to HTTP streaming if available.  Other than completely blocking access to the site, (high maintenance), does anybody know of a way to keep WMP from connecting?
0
Comment
Question by:Fonnie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 2715454
RealAudio can work over HTTP just like WMP can so I think you're going to find that you really can't block either one without blocking entire sites or the HTTP protocol itself.

How about a company policy statement issued by your management that says:

"Use of streaming audio players, including but not limited to RealAudio and Windows Media Player, from company computers and networks is prohibited.  Any employee found using such applications will be subject to disciplinary action."
0
 
LVL 1

Author Comment

by:Fonnie
ID: 2718070
Company policy statement is already in place.  Hasn't had an effect.  In addition, over the next year we will be reconfiguring the network to bring all users through VPNs and PVCs to the corporate network, then to the Internet.  We won't have the time to watch, and we all know that no user will turn in another.  They don't understand the amount of bandwidth being used.
  Blocking port 554 seems to have turned off RealAudio.  Got the info to try that from Real.Co in their setup instructions for firewalls.
  WMP is
0
 
LVL 2

Expert Comment

by:posivibe
ID: 2724274
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 2

Expert Comment

by:posivibe
ID: 2724279
Basically you can't:

Streaming ASF with HTTP
In/Out: TCP on Port 80

0
 
LVL 1

Accepted Solution

by:
johnsor2 earned 200 total points
ID: 2724497
Blacklist MSFTs download site so they can not reload/ or download, implement login scripts and polocies.

Then use Windows scripting host, KIX32, autouser.batch login file to modify the regristery for each user in a "login script update"
Modify the TCP, UDP ports, or even Disable them to include HTTP: or whatever you what.

HKEY_CURRENT_USER\Software\Microsoft\NetShow\Player\General

Another good one is to add a bad proxy
HKEY_CURRENT_USER\Software\Microsoft\NetShow\Player\Local\   Proxy Host 0.0.0.0


You can not block ports otherwise with WMP unless you can define the ports

Meanwhile test a broken WMP make sure it does not impact the rest of your compnay apps, then implement.

Good Luck

0
 
LVL 32

Expert Comment

by:jhance
ID: 2724549
>Company policy statement is already in place.  Hasn't had an effect.  

OK, so how many employees have been disciplined or terminated for failing to abide by the company's policies on this?

My guess?  Zero!  

Guess how many employees you need to make an example of to get everyone's attention?  One!

Obviously you don't have company management's support for this policy.

You're going to be fighting a lonely and uphill battle without their support.
0
 
LVL 1

Author Comment

by:Fonnie
ID: 2727991
Hadn't occurred to me to change the registry settings.  Thanks
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question