Blocking IM sofware without ISA

Posted on 2008-06-25
Last Modified: 2013-11-16
What is the best way to block IM software, e.g. MS Messenger, MSN Live, Yahoo IM, ICQ, from being used on a SBS network? Workstations are XP SP2, Firewall is on Vigor 2600+ router which is great for blocking web sites, but to block ports or IM clients, very hard to grasp.
Question by:sinisap
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Accepted Solution

pjnofrills earned 250 total points
ID: 21869533
You could block the port ranges but some of the new IM apps will just tunnel over port 80.
You could use OpenDNS or similar and block the following domains:

OpenDNS may have a category block for IM by now, I've been using them for a while now and it works great for small businesses to block certain types of traffic.

Expert Comment

ID: 21869565
I checked and OpenDNS has a category that will block those sites from resolving properly, which would in effect block use of the program or web based chat/IM.

Author Comment

ID: 21870105
Thanks a ton for suggestion.
I would give it a go, but further more, I'd like to know if it makes any difference where I define DNSs? E.G. I could go though DNS management or through the router (which requires restart of the same) and I'm hesitatnt to do that, since router is in London and I'm on the banks of the Danube :)

Expert Comment

ID: 21870751
if you are using active directory in your organization, then you will create one OU in active directory users and computers and add the users in to the OU which you want to block IMs then go to group policy for current OU.
expand the computer configuration, go to windows settings, then security settings expand software restriction policies, on additional rules right click and click on new path rule , for example i installed msn messenger on server and took the local path of msn messenger in path option and set the security level disallowed and click ok and then on client side computer go to start run and type gpupdate /enforce. the policy will update and test the msn messenger. it will blocked. so  you can block all IMs with same step as we block msn messenger.


Author Closing Comment

ID: 31470739
Not only was your answer just the right thing I was looking for, but it improved network speed in addition, too. So simple yet excellent solution!

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes we have such a need to use two Skype accounts, for example, you may have a personal and a business account that you want to keep separate. By default, Skype can be run only once. Attempting to start it a second time fails. However, we …
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question