Solved

Block Windows Media Player in Firewall

Posted on 2000-04-13
7
319 Views
Last Modified: 2013-12-23
Running a proxy server for my company LAN, trying to lock down some unruly users.  I've found the port to close to keep RealAudio from connecting, but WMP is like a cockroach.  If I block port 1755, WMP shifts to HTTP streaming if available.  Other than completely blocking access to the site, (high maintenance), does anybody know of a way to keep WMP from connecting?
0
Comment
Question by:Fonnie
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 2715454
RealAudio can work over HTTP just like WMP can so I think you're going to find that you really can't block either one without blocking entire sites or the HTTP protocol itself.

How about a company policy statement issued by your management that says:

"Use of streaming audio players, including but not limited to RealAudio and Windows Media Player, from company computers and networks is prohibited.  Any employee found using such applications will be subject to disciplinary action."
0
 
LVL 1

Author Comment

by:Fonnie
ID: 2718070
Company policy statement is already in place.  Hasn't had an effect.  In addition, over the next year we will be reconfiguring the network to bring all users through VPNs and PVCs to the corporate network, then to the Internet.  We won't have the time to watch, and we all know that no user will turn in another.  They don't understand the amount of bandwidth being used.
  Blocking port 554 seems to have turned off RealAudio.  Got the info to try that from Real.Co in their setup instructions for firewalls.
  WMP is
0
 
LVL 2

Expert Comment

by:posivibe
ID: 2724274
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 2

Expert Comment

by:posivibe
ID: 2724279
Basically you can't:

Streaming ASF with HTTP
In/Out: TCP on Port 80

0
 
LVL 1

Accepted Solution

by:
johnsor2 earned 200 total points
ID: 2724497
Blacklist MSFTs download site so they can not reload/ or download, implement login scripts and polocies.

Then use Windows scripting host, KIX32, autouser.batch login file to modify the regristery for each user in a "login script update"
Modify the TCP, UDP ports, or even Disable them to include HTTP: or whatever you what.

HKEY_CURRENT_USER\Software\Microsoft\NetShow\Player\General

Another good one is to add a bad proxy
HKEY_CURRENT_USER\Software\Microsoft\NetShow\Player\Local\   Proxy Host 0.0.0.0


You can not block ports otherwise with WMP unless you can define the ports

Meanwhile test a broken WMP make sure it does not impact the rest of your compnay apps, then implement.

Good Luck

0
 
LVL 32

Expert Comment

by:jhance
ID: 2724549
>Company policy statement is already in place.  Hasn't had an effect.  

OK, so how many employees have been disciplined or terminated for failing to abide by the company's policies on this?

My guess?  Zero!  

Guess how many employees you need to make an example of to get everyone's attention?  One!

Obviously you don't have company management's support for this policy.

You're going to be fighting a lonely and uphill battle without their support.
0
 
LVL 1

Author Comment

by:Fonnie
ID: 2727991
Hadn't occurred to me to change the registry settings.  Thanks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now