Host file question?

[branigan]

I need help with removing IM/chat from our network. I wanted to do this with
dns, and thought I would start here. Could anyone help with finding the
names for the different IM services ie. aol, microsoft? I appreciate your
help...

 

[Lanwench [MVP - Exchange]]

I need help with removing IM/chat from our network. I wanted to do
this with dns, and thought I would start here. Could anyone help with
finding the names for the different IM services ie. aol, microsoft? I
appreciate your help...

This is not a function of DNS.

You may be able to use group policies to deny access to the IM apps
themselves, as well as control outbound ports in your firewall (for your
workstation IPs deny all but outbound 80 and 443 - this will stop a lot, but
not all). A combination of locked down desktops/group policy/ISA would be
your best bet, though, honestly.

 

[Jeff Cochran]

I need help with removing IM/chat from our network. I wanted to do this with
dns, and thought I would start here. Could anyone help with finding the
names for the different IM services ie. aol, microsoft? I appreciate your
help...

You'll want to start Googling. Although it works, DNS isn't the best
method of restricting these apps. Eventually you need hun dreds, even
thousands of statically maintained entires.

Jeff

 

[branigan]

that is what I was afraid of. This looks like it will be some work. I would
prefer the GPO route less maintenance obviously...

Thank you for your input...

 

[Ace Fekay [MVP]]

In

that is what I was afraid of. This looks like it will be some work. I
would prefer the GPO route less maintenance obviously...

Thank you for your input...

Your better bet is to probably use ISA or some sort of Proxy server to
control access.


--
Regards,
Ace

G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Herb Martin]

I agree with Ace on using ISA or another firewall/filtering
system.

ISA is the best for such things IF you wish to selectively
allow some users to access such services as it can be
used to restrict base on users and groups which few if
any other program can do.

Regular firewalls/filters are fine if you just wish to stop
everyone -- or are willing to filter by IP address which is
not the same as by the actual user accounts and group
membership.

DNS is fine for preventing the resolution, but recognize
it will NOT actually prevent the connection, just make it
harder to establish (and sometimes practically impossible.)

I actually use the DNS filtering system for some things,
mostly for avoiding visiting unwelcome sites -- for instance
it is fairly easy to knock down a vast majority of rotation
and other ads without affecting the sites you visit in any
material way.

Group Policy can help with some of this, but it's not the
best tool for GENERAL denial of IM, since it is largely
based on Microsoft software* and you would have to work
much harder to knock down AOL and all of the other
possible client-server and peer IM systems.

* Recognizing however, that a GPO can contain an IPSec
policy and with Win2003 software restrictions which offer
both the filtering and another way to attack such problems.

You may end up with a combined solution but I would not
approach the basic problem with DNS nor probably with
the built-in entries of Group Policy either.