Blocking MSN Messenger

Novell Cool Solutions: Tip
By Robert Deverill

Reader Rating from 41 ratings

Digg This - Slashdot This

Posted: 16 Jul 2003

For ideas about using PreventRun and MSN Messenger 5, see this article.

There are lots of articles and information on the Cool Solutions sites on how to block Instant Messenger programs (The lowest form of code in a school admin's eyes). A firewall provides most protection for most programs via its ability to block traffic on ports.

Problem:

The most widely used messenger in many locations is MSN Messenger. Therein lies the program:

If you block the main port that it uses (1683) using a firewall, MSN is smart enough to send data on port 80 (the standard HTTP port). So how do you stop all that chatting?

Answer:

1. In the registry, navigate to: \HKUR\Software\Microsoft\MessengerService\

2. Find the item named Server: messenger.hotmail.com;64.4.13.50:1863. Change this value to Null;0.0.0.0:0

That's it. Combine this with a program that can perform this change, put it on a force run, and No More Chatting!

Klaus Plantius

How to remove MSN messenger automatically (we didn't want our students to chat):

Put the following line in a login batch file or script:

if exist "c:\program files\messenger\*.*" 
RunDll32 advpack.dll,LaunchINFSection 
C:\WINDOWS\INF\msmsgs.inf,BLC.Remove,5
if exist "c:\program files\messenger\*.*" 
deltree /Y "c:\program files\messenger"

If you have any questions you may contact Klaus at klausito@zonnet.nl

Peter Schouten

If you have policies that prohibit the use of chat software etc., you'll want to put MSN in BorderManager also. However this doesn't work since hotmail uses the same server address. So on to the next option, putting port 1863 in your firewall, oops, MSN now uses port 80.

Here's the trick:

Put a line in your hosts file on the pc which tells the msn messenger to look for the MSN server on localloopback. Voila! 127.0.0.0 gateway.messenger.hotmail.com is the server address to use.

If you have any questions you may contact Peter at pschouten@hsbos.nl

Paddy Verberne

I've read the solutions stated, but the solution mentioned in the following url: http://nscsysop.hypermart.net/no_chat.html did the job for me. Simple, managable, effective!

Ruud Hanegraaf

If you have BorderManager, here's an easy way to block Messenger. Just deny access to the following URLs:

http://*.messenger.hotmail.com/*.*
http://*.msgr.hotmail.com/*.*

The first one blocks MSN 4.x and the second one MSN 5.

If you're really heartless, you could just deny access to http://*.hotmail.com/*.*, but that would also block the normal Hotmail pages. But that would be just plain mean!

Brent Olton

Much has been posted on this topic, but here's the three-minute solution.

We use DNS services from NetWare. I have set up 'fake' DNS entries for gtwy.messenger.hotmail.com and messenger.hotmail.com pointing to the loopback address 127.0.0.1 (Similar to Peter Schouten's tip).

This is easier to implement, and is not dependent on policies, logins or host files.

In less than 3 minutes I have 3000 workstations blocked - Linux included!

This could be locked down even further by combining with other Cool Solutions ideas, though I haven't yet found the need to do so.

If you have any questions you may contact Brent at beolton@tstt.co.tt

Kevin Buckley

This is my answer to block MSN Messenger 5.0. Works for me. I use NW51sp5, BM36C02, proxy authentication.

I added three rules.

1. Deny *://*messenger.hotmail.com/* This will deny its initial contact to port 1863. But then it changes the port.

2. Deny, Access type: Port, Service:HTTP, Origin Server Port:80, Transport: TCP & UDP, Source: ANY, Destination: 207.46.104.20.

3. Deny, Access type: Port, Service:HTTP, Origin Server Port:8080, Transport: TCP & UDP, Source: ANY, Destination: 207.46.104.20.

Reader Comments

I'm very interested in the PreventRun option in HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftMessengerClient but it doesn't work I have tried HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client and HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MessengerClient notice the slash difference between messenger and client. Please can someone tell me a solution that works. Thanks - david.gerrish@loweworldwide.com
good
very good
Perfect
A fairly poor use of language and a few typing errors makes for a less than adequate read.
Wonderful!!!! Thanks bunches!!!
Sorry, but it doesn't work (at least with the most recent version of MSN Messenger, 4.6.0082). What DOES work are some reg. entries provided by MS themselves under HKLM\Software\Policies\Microsoft\Messenger\Client. Create a DWORD value named PreventRun and set it to 1. Optionally, you can create another DWORD value named PreventAutoRun or create the key and value(s) under HKCU. Yours sincerely, Vincent O. van 't Zand Delft University of Technology, CiTG
A better way to block msn messenger is to add the registry DWORD: 'PreventRun', with a value of '1', in the key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\ This stops MSN Messenger from running AT ALL even if it is reinstalled. And if access to the registry is gained (god forbid) by the user, most people wont know where to find the key.-Simon G
There seems to be a problem with backslashes in the "rate this" comment field, so I'll retry with double backslashes. Set: HKLM\\Software\\Policies\\Microsoft\\Messenger\\Client PreventRun (DWORD) = 1 PreventAutoRun (DWORD) = 1 Or create and set the same values under: HKCU\\Software\\Policies\\Microsoft\\Messenger\\Client in user's roaming profile. If you do it like that, you can have people who are "more equal" ;-)
all ideas/workarounds work perfect
What is the Registry Hive "HKUR" mentioned in the article?

Like what you see?
Sign up for our weekly newsletter.

Want to contribute?
It could earn you a nano! Learn more.

Like Wikis?
Join the Cool Solutions Wiki.

Interested?
Request a sales call

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com