Solved

Block Windows Media Player in Firewall

Posted on 2000-04-13
7
331 Views
Last Modified: 2013-12-23
Running a proxy server for my company LAN, trying to lock down some unruly users.  I've found the port to close to keep RealAudio from connecting, but WMP is like a cockroach.  If I block port 1755, WMP shifts to HTTP streaming if available.  Other than completely blocking access to the site, (high maintenance), does anybody know of a way to keep WMP from connecting?
0
Comment
Question by:Fonnie
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 2715454
RealAudio can work over HTTP just like WMP can so I think you're going to find that you really can't block either one without blocking entire sites or the HTTP protocol itself.

How about a company policy statement issued by your management that says:

"Use of streaming audio players, including but not limited to RealAudio and Windows Media Player, from company computers and networks is prohibited.  Any employee found using such applications will be subject to disciplinary action."
0
 
LVL 1

Author Comment

by:Fonnie
ID: 2718070
Company policy statement is already in place.  Hasn't had an effect.  In addition, over the next year we will be reconfiguring the network to bring all users through VPNs and PVCs to the corporate network, then to the Internet.  We won't have the time to watch, and we all know that no user will turn in another.  They don't understand the amount of bandwidth being used.
  Blocking port 554 seems to have turned off RealAudio.  Got the info to try that from Real.Co in their setup instructions for firewalls.
  WMP is
0
 
LVL 2

Expert Comment

by:posivibe
ID: 2724274
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 2

Expert Comment

by:posivibe
ID: 2724279
Basically you can't:

Streaming ASF with HTTP
In/Out: TCP on Port 80

0
 
LVL 1

Accepted Solution

by:
johnsor2 earned 200 total points
ID: 2724497
Blacklist MSFTs download site so they can not reload/ or download, implement login scripts and polocies.

Then use Windows scripting host, KIX32, autouser.batch login file to modify the regristery for each user in a "login script update"
Modify the TCP, UDP ports, or even Disable them to include HTTP: or whatever you what.

HKEY_CURRENT_USER\Software\Microsoft\NetShow\Player\General

Another good one is to add a bad proxy
HKEY_CURRENT_USER\Software\Microsoft\NetShow\Player\Local\   Proxy Host 0.0.0.0


You can not block ports otherwise with WMP unless you can define the ports

Meanwhile test a broken WMP make sure it does not impact the rest of your compnay apps, then implement.

Good Luck

0
 
LVL 32

Expert Comment

by:jhance
ID: 2724549
>Company policy statement is already in place.  Hasn't had an effect.  

OK, so how many employees have been disciplined or terminated for failing to abide by the company's policies on this?

My guess?  Zero!  

Guess how many employees you need to make an example of to get everyone's attention?  One!

Obviously you don't have company management's support for this policy.

You're going to be fighting a lonely and uphill battle without their support.
0
 
LVL 1

Author Comment

by:Fonnie
ID: 2727991
Hadn't occurred to me to change the registry settings.  Thanks
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question