How do I block MSN Messenger using D-Link DI-624S Router

Hello there Experts...
I have a network using 3 PCs and one laptop.  All m/cs are using Win XP. All are connected to a D-Link DI-624 S wireless broadband router (with storage capabilities).  I use Trend Micro Internet Security 2006 on all m/cs.  I need to [selectively] block access to MSN Messenger on one m/c (daughter prefers MSN chat to Homework!). I have very little understanding of 'ports' etc. Can anyone help?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

While Microsoft's KnowledgeBase ( says that ports 1863 or 443 are used by MSN Messenger, and closing those down might be sufficient (though I don't know if you can shut down a port in the router for a single computer), the fact that you're not familiar with such settings suggests that might not be the best approach. There are relatively simple programs that put parental controls on a computer, including the ability to lock out programs like MSN Messenger and the various other chat programs. They can also be set up to permit time-of-day usage (i.e., daughter can message 8-9 PM or weekends only), without you having to constantly reset the system. Most such programs are $50 or less. They also typically have logging abilities, as well as abilities of varying quality to limit the places a user goes while surfing the Web.

A cheaper option, if cost is an issue, is old-fashioned parenting. Discuss with your daughter the problem, set out the rules, and if she disobeys, there are penalties.
you could also use GPEDIT.MSC when logged in as administrator of the selected machine and prevent access to msn messenger.

run gpedit.msc from command line, drill down in:

user configuration
--administrative templates


enable it and add the msnmessenger program located in:

C:\Program Files\Messenger

PeterNaglerAuthor Commented:
Thank you for your comments Elron and Craig.

My preference is to use the DI-624S router's port configuration capabilities. This allows the selected port(s) to be accessible at certain times.

Elron: I like the idea about old fashioned parenting - that's what we're doing at the moment -  but there always seems to be 'some excuse'.  I haven't given up yet... what I'm asking is a last ditch attempt if it gets that far. - I don't think it will - she's really a good girl.  I'm glad to see I'm not the only follower of Edward DeBono!

Additionally, I learn from these forays into the dark unknown of the hardware.

Thanks again and Cheers,
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

feptiasChief DudeCommented:
I'm certain you are not alone in looking for a solution to the daughter on MSN problem. Using your preferred solution, i.e. blocking certain ports in the Firewall section of the DI-624S, there could be some unintended side effects. Port 443 is the standard SSL port used for secure connections to web sites so a complete block on this would also prevent secure access when trying to do online shopping, banking, etc. Furthermore, I believe it is quite difficult to block MSN by port number alone and you may have to identify the IP addresses of the various MSN servers that it connects to - there's more than one. I have read also that it reverts to using port 80 (standard web browsing) as a last resort when others are blocked although I cannot confirm if this is correct. Here is a link to a long thread where the same question was asked - it contains some useful suggestions and may give you a little insight into the problem:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
You could always just remove messenger outright.  As long as your child does not have administrative rights on the computer, she will not be able to install it again later.  

If not, block at the router on port 1863 and sign-on should fail.  You might also have to block the following urls:

A side effect will be blocking Hotmail (which might be a good thing!)

This is the sort of battle I've fought with limited success.  Once you've plugged this hole, she'll start using AIM, or Jabber or some other piece of junk.  Perhaps put her computer in the middle of the living room?

Good luck.
PeterNaglerAuthor Commented:
Thanks kindly for your help, friends.  I can see it's not an easy task.  The combined help you have provided will go a long way to helping.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.