Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 285
  • Last Modified:

A way to restrict the installation of Live Messenger

Is there a way to restrict the installation of Windows Live Messenger and other programs like that?
Is there a registry entry that I can push down through a login script or gpo that would disable it?
0
johnbowden
Asked:
johnbowden
  • 6
  • 3
1 Solution
 
ParanormasticCryptographic EngineerCommented:
Written against Win2k, but still valid.  This will work for pretty much any program.
http://support.microsoft.com/kb/323525
0
 
ParanormasticCryptographic EngineerCommented:
You might also want to look at your firewall to handle tricky users that use non-MS products that also use MSN services, such as trillain chat program.  Here's the down and dirty on what you need to now for that:
http://support.microsoft.com/kb/927847
You can google the app service name and "TCP AND OR UDP ports" (e.g. AIM TCP AND OR UDP ports) and that should get you in the right direction as well.  If people complain too much about not having a chat, a good internal-only app is Microsoft Communicator, which integrates with Office.
0
 
TDKDCommented:
You can disable it from running by way of GPO. I have not tried to disable installation though; I will work on that and get back to you. If I were to guess I would say it is possible through GPO as well.
DoNotAllowWindowsMessenger.JPG
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
TDKDCommented:
If the computers in question are on a domain? Then you should set your DHCP server to forward the following:

Here is what you should add to the users host file, obviously I blocked a whole lot more then Messenger so you can remove the other entry's. At the firewall level I just added the ip addresses of all the pages I configured at the host file, in case user's try to open these pages using the direct address. The reason I configured at the host level is because these ip addresses sometimes change, so this will block the name and the ip)

127.0.0.1 www.e-messenger.net 
127.0.0.1 www.iloveim.com 
127.0.0.1 www.msnger.com 
127.0.0.1 messenger.msn.com
127.0.0.1 messenger.yahoo.com
127.0.0.1 webmessenger.msn.com
127.0.0.1 mob.e-messenger.net
127.0.0.1 harare.e-messenger.net
127.0.0.1 wap.e-messenger.net
127.0.0.1 boston.e-messenger.net
127.0.0.1 hongkong.e-messenger.net
127.0.0.1 houston.e-messenger.net
127.0.0.1 bangkok.e-messenger.net
127.0.0.1 hongkong.e-messenger.net
127.0.0.1 e-messenger.net
127.0.0.1 start.e-messenger.net
127.0.0.1 macau.e-messenger.net
127.0.0.1 tokyo.e-messenger.net
127.0.0.1 chicago.e-messenger.net
127.0.0.1 washington.e-messenger.net
127.0.0.1 orlando.e-messenger.net
127.0.0.1 homer.e-messenger.net
127.0.0.1 www.hotmail.com 
127.0.0.1 mail.yahoo.com
127.0.0.1 www.msn2go.com 
127.0.0.1 www.msn2go.com 
127.0.0.1 www.onlinemessenger.nl 
127.0.0.1 www.wbmsn.net 
127.0.0.1 www.e-messenger.cl 
127.0.0.1 www.msnanywhere.com 

0
 
TDKDCommented:
Sorry, the DHCP bit was confusing (I am very tired). I began to speak to DHCP but then went on about Host files and Firewall settings...lol
0
 
ParanormasticCryptographic EngineerCommented:
Last I remember restricting Windows Messenger (the one listed in GPO by name) only handles the default installation if it was checkmarked to install with Windows.  I believe that this does not cover MSN Messenger or Live Messenger, even though they all connect to the same service.  Again, since there are so many 3rd party utilities, you might want to look into blocking at the firewall as well.
0
 
TDKDCommented:
I hate it when people use "Again" in statements, you just never know how to read them?? If you can work with the network Admin, I am sure he can block this traffic.
0
 
TDKDCommented:
I do like Paranormastic's first reply to this question. It seems that may be your best bet, if you can work with the Active Directory Admin to restrict this program by way of GPO, and possibly use of a logon script with certain registry entries.
0
 
TDKDCommented:
This way the user's laptops, when off site should hold the local policy settings that were changed by the GPO and of course the Registry settings remain intact regardless of location.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now