How to prevent a user to download or use Chat programs

you could always load up a firewall to block off the ports which are used by these chat mediums, and lock it with a password.

how do you process this?

thanks

How do you find the ports you mean?!

1. The easy way / lucky way :: Go to the chat program web page, or look in google to find out wich ports are being used by the corresponding chat program

2. Use an application to listen on your ports so you find out which ports are being used when that chat app is loaded. You can use netstat or tcpview (freeware - you find it in google)

Cheers.

More specific to your question ... the answer is: NO. There's no local/domain policy which prohibits you using chat programs.
Cheers.

Hi,

You could use a domain policy which prevents the apps from even launching.
I use this to great effect, with MSN, AIM, Yahoo!, ICQ, and IRC apps.

Launch ADUC, goto the appropriate OU, and right click, properties.  The under the group policy yab create a new one.
Then edit this new policy and go to :

I personally add the policy against the PC, not the user (but that is your choice)

Windows Settings
         Software Restriction Policies  (richt click, and create new restriction policy)
             
                      Additional Rules  (Richt Click, and select new hash rule)

Then browse to the app you want to block.  In this case I would use MSN as an example.  Find the .exe and select ok.
Make sure you set the policy to disallowed, and then you have the rule you need.

Basically this will take an MD5 hash of the exe file and so even if it is renamed it will not be executed.

You will need to get your hands on the exe that is used per app, and add a new rule per one.

All I can sugest is that you now, use a sperate test network, or if not possible use a test OU, and see if stops you from using the app.  Fully test before you deploy to the LAN.



Tony
                                 

However, this feature is available in Windows 2003 server only.
Cheers.

I guess it is available on WXP also

Hopefuly you are right. Though, I don't believe so.
Cheers

Wxp has this option
in GPO editor:
Computer configuration/windows setting/software setting\additional rules.

But Windows 2000 doesn't have it.

How can I find the executable of yahoo.messenger through search ? do you have its extension in mind?

thanks

Just look at the shortcut in your computer ;)
This is not a solution however. You must be sure however that a hash is being generated from the binary exe file .. The windows 2003 server policy does that. Otherwise, one could just change the name of the executable file, right?

Cheers.

I know that enabling a policy in the local computer it's not a good idea. by the way is there any download for w2000 server so that it will have that feature of w2003 server? at least this feature for now?

thanks

I don't believe so! If there were downloads to add w2003 features to a w2000 DC, then what's the point on buying w2003?!
Cheers.

I tried what ihotdesk  suggested but didn't work for me.
in WXP machine with local admin account I set up a new hash rule and new path rule to Disallow for the yahoo messenger executable file, but I still can run it with a different user account which is not a local admin account.

OK. Let me try that at home on my winxp. I'll let you know ...
Cheers

I am waiting to find out about the results of the test you migh have tried home.

thanks

good to have reminded me ... Thanks. I'll start doing it now.
:)

Cheers

You said before ...
"Wxp has this option
in GPO editor:
Computer configuration/windows setting/software setting\additional rules."

Well ... I have winxp installed and it happens I just don't have it ... I'll try to install now an update or something like that

I ran regedit, up to this level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService\

then there are 03 nodes:
Policies
session manager
            Apps    

there is nothing else about yahoo