Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 287
  • Last Modified:

A way to restrict the installation of Live Messenger

Is there a way to restrict the installation of Windows Live Messenger and other programs like that?
Is there a registry entry that I can push down through a login script or gpo that would disable it?
0
johnbowden
Asked:
johnbowden
  • 6
  • 3
1 Solution
 
ParanormasticCryptographic EngineerCommented:
Written against Win2k, but still valid.  This will work for pretty much any program.
http://support.microsoft.com/kb/323525
0
 
ParanormasticCryptographic EngineerCommented:
You might also want to look at your firewall to handle tricky users that use non-MS products that also use MSN services, such as trillain chat program.  Here's the down and dirty on what you need to now for that:
http://support.microsoft.com/kb/927847
You can google the app service name and "TCP AND OR UDP ports" (e.g. AIM TCP AND OR UDP ports) and that should get you in the right direction as well.  If people complain too much about not having a chat, a good internal-only app is Microsoft Communicator, which integrates with Office.
0
 
TDKDCommented:
You can disable it from running by way of GPO. I have not tried to disable installation though; I will work on that and get back to you. If I were to guess I would say it is possible through GPO as well.
DoNotAllowWindowsMessenger.JPG
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
TDKDCommented:
If the computers in question are on a domain? Then you should set your DHCP server to forward the following:

Here is what you should add to the users host file, obviously I blocked a whole lot more then Messenger so you can remove the other entry's. At the firewall level I just added the ip addresses of all the pages I configured at the host file, in case user's try to open these pages using the direct address. The reason I configured at the host level is because these ip addresses sometimes change, so this will block the name and the ip)

127.0.0.1 www.e-messenger.net 
127.0.0.1 www.iloveim.com 
127.0.0.1 www.msnger.com 
127.0.0.1 messenger.msn.com
127.0.0.1 messenger.yahoo.com
127.0.0.1 webmessenger.msn.com
127.0.0.1 mob.e-messenger.net
127.0.0.1 harare.e-messenger.net
127.0.0.1 wap.e-messenger.net
127.0.0.1 boston.e-messenger.net
127.0.0.1 hongkong.e-messenger.net
127.0.0.1 houston.e-messenger.net
127.0.0.1 bangkok.e-messenger.net
127.0.0.1 hongkong.e-messenger.net
127.0.0.1 e-messenger.net
127.0.0.1 start.e-messenger.net
127.0.0.1 macau.e-messenger.net
127.0.0.1 tokyo.e-messenger.net
127.0.0.1 chicago.e-messenger.net
127.0.0.1 washington.e-messenger.net
127.0.0.1 orlando.e-messenger.net
127.0.0.1 homer.e-messenger.net
127.0.0.1 www.hotmail.com 
127.0.0.1 mail.yahoo.com
127.0.0.1 www.msn2go.com 
127.0.0.1 www.msn2go.com 
127.0.0.1 www.onlinemessenger.nl 
127.0.0.1 www.wbmsn.net 
127.0.0.1 www.e-messenger.cl 
127.0.0.1 www.msnanywhere.com 

0
 
TDKDCommented:
Sorry, the DHCP bit was confusing (I am very tired). I began to speak to DHCP but then went on about Host files and Firewall settings...lol
0
 
ParanormasticCryptographic EngineerCommented:
Last I remember restricting Windows Messenger (the one listed in GPO by name) only handles the default installation if it was checkmarked to install with Windows.  I believe that this does not cover MSN Messenger or Live Messenger, even though they all connect to the same service.  Again, since there are so many 3rd party utilities, you might want to look into blocking at the firewall as well.
0
 
TDKDCommented:
I hate it when people use "Again" in statements, you just never know how to read them?? If you can work with the network Admin, I am sure he can block this traffic.
0
 
TDKDCommented:
I do like Paranormastic's first reply to this question. It seems that may be your best bet, if you can work with the Active Directory Admin to restrict this program by way of GPO, and possibly use of a logon script with certain registry entries.
0
 
TDKDCommented:
This way the user's laptops, when off site should hold the local policy settings that were changed by the GPO and of course the Registry settings remain intact regardless of location.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now