Solved

A way to restrict the installation of Live Messenger

Posted on 2008-10-10
9
273 Views
Last Modified: 2012-06-21
Is there a way to restrict the installation of Windows Live Messenger and other programs like that?
Is there a registry entry that I can push down through a login script or gpo that would disable it?
0
Comment
Question by:johnbowden
  • 6
  • 3
9 Comments
 
LVL 31

Expert Comment

by:Paranormastic
Comment Utility
Written against Win2k, but still valid.  This will work for pretty much any program.
http://support.microsoft.com/kb/323525
0
 
LVL 31

Expert Comment

by:Paranormastic
Comment Utility
You might also want to look at your firewall to handle tricky users that use non-MS products that also use MSN services, such as trillain chat program.  Here's the down and dirty on what you need to now for that:
http://support.microsoft.com/kb/927847
You can google the app service name and "TCP AND OR UDP ports" (e.g. AIM TCP AND OR UDP ports) and that should get you in the right direction as well.  If people complain too much about not having a chat, a good internal-only app is Microsoft Communicator, which integrates with Office.
0
 
LVL 8

Expert Comment

by:TDKD
Comment Utility
You can disable it from running by way of GPO. I have not tried to disable installation though; I will work on that and get back to you. If I were to guess I would say it is possible through GPO as well.
DoNotAllowWindowsMessenger.JPG
0
 
LVL 8

Accepted Solution

by:
TDKD earned 125 total points
Comment Utility
If the computers in question are on a domain? Then you should set your DHCP server to forward the following:

Here is what you should add to the users host file, obviously I blocked a whole lot more then Messenger so you can remove the other entry's. At the firewall level I just added the ip addresses of all the pages I configured at the host file, in case user's try to open these pages using the direct address. The reason I configured at the host level is because these ip addresses sometimes change, so this will block the name and the ip)

127.0.0.1 www.e-messenger.net
127.0.0.1 www.iloveim.com
127.0.0.1 www.msnger.com
127.0.0.1 messenger.msn.com
127.0.0.1 messenger.yahoo.com
127.0.0.1 webmessenger.msn.com
127.0.0.1 mob.e-messenger.net
127.0.0.1 harare.e-messenger.net
127.0.0.1 wap.e-messenger.net
127.0.0.1 boston.e-messenger.net
127.0.0.1 hongkong.e-messenger.net
127.0.0.1 houston.e-messenger.net
127.0.0.1 bangkok.e-messenger.net
127.0.0.1 hongkong.e-messenger.net
127.0.0.1 e-messenger.net
127.0.0.1 start.e-messenger.net
127.0.0.1 macau.e-messenger.net
127.0.0.1 tokyo.e-messenger.net
127.0.0.1 chicago.e-messenger.net
127.0.0.1 washington.e-messenger.net
127.0.0.1 orlando.e-messenger.net
127.0.0.1 homer.e-messenger.net
127.0.0.1 www.hotmail.com
127.0.0.1 mail.yahoo.com
127.0.0.1 www.msn2go.com
127.0.0.1 www.msn2go.com
127.0.0.1 www.onlinemessenger.nl
127.0.0.1 www.wbmsn.net
127.0.0.1 www.e-messenger.cl
127.0.0.1 www.msnanywhere.com

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 8

Expert Comment

by:TDKD
Comment Utility
Sorry, the DHCP bit was confusing (I am very tired). I began to speak to DHCP but then went on about Host files and Firewall settings...lol
0
 
LVL 31

Expert Comment

by:Paranormastic
Comment Utility
Last I remember restricting Windows Messenger (the one listed in GPO by name) only handles the default installation if it was checkmarked to install with Windows.  I believe that this does not cover MSN Messenger or Live Messenger, even though they all connect to the same service.  Again, since there are so many 3rd party utilities, you might want to look into blocking at the firewall as well.
0
 
LVL 8

Expert Comment

by:TDKD
Comment Utility
I hate it when people use "Again" in statements, you just never know how to read them?? If you can work with the network Admin, I am sure he can block this traffic.
0
 
LVL 8

Expert Comment

by:TDKD
Comment Utility
I do like Paranormastic's first reply to this question. It seems that may be your best bet, if you can work with the Active Directory Admin to restrict this program by way of GPO, and possibly use of a logon script with certain registry entries.
0
 
LVL 8

Expert Comment

by:TDKD
Comment Utility
This way the user's laptops, when off site should hold the local policy settings that were changed by the GPO and of course the Registry settings remain intact regardless of location.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Let Bitmoji into your life. Now is the time to learn a new language of smartphone messaging with this brief introduction.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now