Chuckbuchan
asked on
How to prevent a user to download or use Chat programs
I would like to know if there is a local or domain policy that prohibits a user from downloading or using Chat programs, like yahoo messenger.
Thanks
Thanks
you could always load up a firewall to block off the ports which are used by these chat mediums, and lock it with a password.
ASKER
how do you process this?
thanks
thanks
How do you find the ports you mean?!
1. The easy way / lucky way :: Go to the chat program web page, or look in google to find out wich ports are being used by the corresponding chat program
2. Use an application to listen on your ports so you find out which ports are being used when that chat app is loaded. You can use netstat or tcpview (freeware - you find it in google)
Cheers.
1. The easy way / lucky way :: Go to the chat program web page, or look in google to find out wich ports are being used by the corresponding chat program
2. Use an application to listen on your ports so you find out which ports are being used when that chat app is loaded. You can use netstat or tcpview (freeware - you find it in google)
Cheers.
More specific to your question ... the answer is: NO. There's no local/domain policy which prohibits you using chat programs.
Cheers.
Cheers.
Hi,
You could use a domain policy which prevents the apps from even launching.
I use this to great effect, with MSN, AIM, Yahoo!, ICQ, and IRC apps.
Launch ADUC, goto the appropriate OU, and right click, properties. The under the group policy yab create a new one.
Then edit this new policy and go to :
I personally add the policy against the PC, not the user (but that is your choice)
Windows Settings
Software Restriction Policies (richt click, and create new restriction policy)
Additional Rules (Richt Click, and select new hash rule)
Then browse to the app you want to block. In this case I would use MSN as an example. Find the .exe and select ok.
Make sure you set the policy to disallowed, and then you have the rule you need.
Basically this will take an MD5 hash of the exe file and so even if it is renamed it will not be executed.
You will need to get your hands on the exe that is used per app, and add a new rule per one.
All I can sugest is that you now, use a sperate test network, or if not possible use a test OU, and see if stops you from using the app. Fully test before you deploy to the LAN.
Tony
You could use a domain policy which prevents the apps from even launching.
I use this to great effect, with MSN, AIM, Yahoo!, ICQ, and IRC apps.
Launch ADUC, goto the appropriate OU, and right click, properties. The under the group policy yab create a new one.
Then edit this new policy and go to :
I personally add the policy against the PC, not the user (but that is your choice)
Windows Settings
Software Restriction Policies (richt click, and create new restriction policy)
Additional Rules (Richt Click, and select new hash rule)
Then browse to the app you want to block. In this case I would use MSN as an example. Find the .exe and select ok.
Make sure you set the policy to disallowed, and then you have the rule you need.
Basically this will take an MD5 hash of the exe file and so even if it is renamed it will not be executed.
You will need to get your hands on the exe that is used per app, and add a new rule per one.
All I can sugest is that you now, use a sperate test network, or if not possible use a test OU, and see if stops you from using the app. Fully test before you deploy to the LAN.
Tony
However, this feature is available in Windows 2003 server only.
Cheers.
Cheers.
ASKER
I guess it is available on WXP also
Hopefuly you are right. Though, I don't believe so.
Cheers
Cheers
ASKER
Wxp has this option
in GPO editor:
Computer configuration/windows setting/software setting\additional rules.
But Windows 2000 doesn't have it.
How can I find the executable of yahoo.messenger through search ? do you have its extension in mind?
thanks
in GPO editor:
Computer configuration/windows setting/software setting\additional rules.
But Windows 2000 doesn't have it.
How can I find the executable of yahoo.messenger through search ? do you have its extension in mind?
thanks
Just look at the shortcut in your computer ;)
This is not a solution however. You must be sure however that a hash is being generated from the binary exe file .. The windows 2003 server policy does that. Otherwise, one could just change the name of the executable file, right?
Cheers.
This is not a solution however. You must be sure however that a hash is being generated from the binary exe file .. The windows 2003 server policy does that. Otherwise, one could just change the name of the executable file, right?
Cheers.
ASKER
I know that enabling a policy in the local computer it's not a good idea. by the way is there any download for w2000 server so that it will have that feature of w2003 server? at least this feature for now?
thanks
thanks
I don't believe so! If there were downloads to add w2003 features to a w2000 DC, then what's the point on buying w2003?!
Cheers.
Cheers.
ASKER
I tried what ihotdesk suggested but didn't work for me.
in WXP machine with local admin account I set up a new hash rule and new path rule to Disallow for the yahoo messenger executable file, but I still can run it with a different user account which is not a local admin account.
in WXP machine with local admin account I set up a new hash rule and new path rule to Disallow for the yahoo messenger executable file, but I still can run it with a different user account which is not a local admin account.
OK. Let me try that at home on my winxp. I'll let you know ...
Cheers
Cheers
ASKER
I am waiting to find out about the results of the test you migh have tried home.
thanks
thanks
good to have reminded me ... Thanks. I'll start doing it now.
:)
Cheers
:)
Cheers
You said before ...
"Wxp has this option
in GPO editor:
Computer configuration/windows setting/software setting\additional rules."
Well ... I have winxp installed and it happens I just don't have it ... I'll try to install now an update or something like that
"Wxp has this option
in GPO editor:
Computer configuration/windows setting/software setting\additional rules."
Well ... I have winxp installed and it happens I just don't have it ... I'll try to install now an update or something like that
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I ran regedit, up to this level
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Messenge rService\
then there are 03 nodes:
Policies
session manager
Apps
there is nothing else about yahoo
HKEY_LOCAL_MACHINE\SOFTWAR
then there are 03 nodes:
Policies
session manager
Apps
there is nothing else about yahoo