NEEDED: A policy to lockout chat

  • Thread starter Thread starter Dave Niemeyer
  • Start date Start date
D

Dave Niemeyer

I work in a school environment; we've filtered out the download sites for
some of the chat sites but the little darlings have found ways to install
anyway, probably from another site, and chatting all they want. We have a
written school policy against that for many reasons. I need a Group policy
to disallow certain software titles to run on the machines, like MSN
Messenger, AOL chat, Yahoo Chat, and ICQ. Is there a way? I thought we
could do it by locking out the typical chat ports on the router, etc. but
some of these chat sites now use port 80.

Dave Niemeyer
 
Dave

In response to your question about stopping the chat
programs, here is my suggetion.

Rather than trying to filter all the download sites or
block all of the ports, try this solution.

Create a group policy at the appropriate level (domain,
OU, etc) and then in the User Configuration portion of the
script, drill down to Administrative Templates - System
and look for "Don't run specified Windows applications".
Enable the policy and add the executeable names of
programs you wish to block to the list.

When the little 'darlings' logon, even if they have the
program installed and it was working, it will be blocked
and they will be notified that the administrator has
blocked the usage of that program. The beauty of this
solution is that as they obtain and install new chat
programs, all you need to do is update the list of blocked
programs in the policy.

Good luck staying ahead of the mob.

DJ
 
DJ made a great response and his method of blocking the
executable name is handy for simple users. But I'm
guessing based on your description that you have more
than simple users. The next step would be to block by
software hash, so that just renaming the executable
doesn't avoid the GPO. But then you have to hope you've
managed to block all possible executables. Then you get
to add in that some places have web interfaces, such as
AIM.

Blocking instant messaging today is a difficult task, and
one that is best solved with an appropriate user policy
in addition to whatever you can do programaticly. Go
with the hash gpo's but the sooner your school and/or
district starts enforcing the usage policy, the better
off you'll be. When enough students get detention or
suspension (in school or home) for violating the computer
usage policy, your problem will go away.

"Hmm.... instant messaging or a college career.... which
do I want?" It'll take time, but it will work.
Envording the usage policy.
 
Back
Top