I believe at one time I was able to set up a group policy on a windows 2003 domain controller so that certain executables would not run on the work stations when they were logged into the domain. For example, if someone logged onto our 2003 domain on a windows xp workstation, and they had yahoo messenger installed, they would not be able to run the executable file on their worstation to run yahoo messenger due to the fact that I had denied it from running on our domain. It's been a long time since I have done it and totally forget how. Any help would be greatly appreciated. I don't want to have to block it through certain ports or ip addresses as I know that Yahoo, AIM etc. are always changing wich ones their programs run on.