RE: Restrict MSN Messenger to certain user groups

• From: "Peter Herbison" <pherbiso@xxxxxxxxxxxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Fri, 28 Mar 2003 02:04:57 -0700

William,

Interesting. During my investigation I tried to do just what you did and
it didn't work. MSN just went right around me and used port 80 instead of
1863. Tricky that!

Are your users on MSN Messenger 5? 

In my case IP addresses will change 'cause of DHCP and the fact that
different users use the same machines.

> This is a multi-part message in MIME format.
> 
> ------=_NextPart_000_0003_01C2F507.64D21160
> Content-Type: text/plain;
>       charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> 
> Hey Peter
> 
>  
> 
> I simply created a new Protocol Rule with the standard MSN Messenger
> protocol (TCP 1863 Outbound) and then applied it to a Windows 2000 Group
> wherein I have granted specific users access.
> 
>  
> 
> The only reason I can think of for your MSN clients going through the
> ISA as anonymous is if you do not have the FW Client installed on these
> workstations and they are in fact acting as straight SecureNAT clients.
> If this is the case then you will have to authenticate the MSN Messenger
> protocol rule on a Client address set containing the IP Addresses of the
> users you wish to grant access to.
> 
>  
> 
> Cheers
> 
> William R.
> 
>  
> 
> -----Original Message-----
> From: Peter Herbison [mailto:pherbiso@xxxxxxxxxxxxxxxxxx] 
> Sent: 28 March 2003 06:26 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Restrict MSN Messenger to certain user groups
> 
>  
> 
> http://www.ISAserver.org
> 
> Does anybody know how I could use ISA Server to restrict the use of MSN
> Messenger to certain users/groups? I want some users to be able to use
> it and others not.
> 
>  
> 
> I have seen various discussions about how to disable/uninstall MSN but I
> want to have it available to just selected users.
> 
>  
> 
> Watching MSN sessions through ISA I see that the username is anonymous.
> How can I get MSN to authenticate to ISA correctly?
> 
>  
> 
> My client machines are Win2000 and WinXPPro with the firewall client
> installed.
> 
>  
> 
> Thanks
> 
>  
> 
> Peter Herbison
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> robertson.william@xxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub') 
> 
> 
> ------=_NextPart_000_0003_01C2F507.64D21160
> Content-Type: text/html;
>       charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
> 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <html>
> 
> <head>
> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
> charset=3Dus-ascii">
> 
> 
> <meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">
> 
> <style>
> <!--
>  /* Font Definitions */
>  @font-face
>       {font-family:Tahoma;
>       panose-1:2 11 6 4 3 5 4 4 2 4;}
>  /* Style Definitions */
>  p.MsoNormal, li.MsoNormal, div.MsoNormal
>       {margin:0cm;
>       margin-bottom:.0001pt;
>       font-size:12.0pt;
>       font-family:"Times New Roman";}
> a:link, span.MsoHyperlink
>       {color:blue;
>       text-decoration:underline;}
> a:visited, span.MsoHyperlinkFollowed
>       {color:purple;
>       text-decoration:underline;}
> span.EmailStyle17
>       {font-family:Arial;
>       color:navy;}
> @page Section1
>       {size:612.0pt 792.0pt;
>       margin:72.0pt 90.0pt 72.0pt 90.0pt;}
> div.Section1
>       {page:Section1;}
> -->
> </style>
> 
> </head>
> 
> <body lang=3DEN-US link=3Dblue vlink=3Dpurple>
> 
> <div class=3DSection1>
> 
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>Hey Peter</span></font></p>
> 
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>
> 
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>I simply created a new Protocol =
> Rule with
> the standard MSN Messenger protocol (TCP 1863 Outbound) and then applied =
> it to
> a Windows 2000 Group wherein I have granted specific users =
> access.</span></font></p>
> 
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>
> 
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>The only reason I can think of for =
> your
> MSN clients going through the ISA as anonymous is if you do not have the =
> FW
> Client installed on these workstations and they are in fact acting as =
> straight SecureNAT
> clients. If this is the case then you will have to authenticate the MSN
> Messenger protocol rule on a Client address set containing the IP =
> Addresses of
> the users you wish to grant access to.</span></font></p>
> 
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>
> 
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>Cheers</span></font></p>
> 
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>William R.</span></font></p>
> 
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DTahoma><span
> style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
> Message-----<br>
> <b><span style=3D'font-weight:bold'>From:</span></b> Peter Herbison
> [mailto:pherbiso@xxxxxxxxxxxxxxxxxx] <br>
> <b><span style=3D'font-weight:bold'>Sent:</span></b> 28 March 2003 06:26 =
> AM<br>
> <b><span style=3D'font-weight:bold'>To:</span></b> [ISAserver.org =
> Discussion
> List]<br>
> <b><span style=3D'font-weight:bold'>Subject:</span></b> [isalist] =
> Restrict MSN
> Messenger to certain user groups</span></font></p>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>&nbsp;</span></font></p>
> 
> <p class=3DMsoNormal =
> style=3D'margin-right:0cm;margin-bottom:12.0pt;margin-left:
> 36.0pt'><font size=3D3 face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>http://www.ISAserver.org</span></font></p>
> 
> <div>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DArial><span
> style=3D'font-size:10.0pt;font-family:Arial'>Does anybody know how I =
> could use
> ISA Server to restrict the use of MSN Messenger to certain users/groups? =
> I want
> some users to be able to use it and others not.</span></font></p>
> 
> </div>
> 
> <div>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>&nbsp;</span></font></p>
> 
> </div>
> 
> <div>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DArial><span
> style=3D'font-size:10.0pt;font-family:Arial'>I have seen various =
> discussions
> about how to disable/uninstall MSN but I want to have it available to =
> just
> selected users.</span></font></p>
> 
> </div>
> 
> <div>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>&nbsp;</span></font></p>
> 
> </div>
> 
> <div>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DArial><span
> style=3D'font-size:10.0pt;font-family:Arial'>Watching MSN sessions =
> through ISA I
> see that the username is anonymous. How can I get MSN to authenticate to =
> ISA
> correctly?</span></font></p>
> 
> </div>
> 
> <div>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>&nbsp;</span></font></p>
> 
> </div>
> 
> <div>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DArial><span
> style=3D'font-size:10.0pt;font-family:Arial'>My client machines are =
> Win2000 and
> WinXPPro with the firewall client installed.</span></font></p>
> 
> </div>
> 
> <div>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>&nbsp;</span></font></p>
> 
> </div>
> 
> <div>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DArial><span
> style=3D'font-size:10.0pt;font-family:Arial'>Thanks</span></font></p>
> 
> </div>
> 
> <div>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>&nbsp;</span></font></p>
> 
> </div>
> 
> <div>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DArial><span
> style=3D'font-size:10.0pt;font-family:Arial'>Peter =
> Herbison</span></font></p>
> 
> </div>
> 
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>----------------------------------------------=
> --------<br>
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist<br>
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp<br>
> ISA Server FAQ: =
> http://www.isaserver.org/pages/larticle.asp?type=3DFAQ<br>
> ------------------------------------------------------<br>
> Exchange Server Resource Site: http://www.msexchange.org/<br>
> Windows Security Resource Site: http://www.windowsecurity.com/<br>
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com<br>
> ------------------------------------------------------<br>
> You are currently subscribed to this ISAserver.org Discussion List as:
> robertson.william@xxxxxxxxxxxxxx<br>
> To unsubscribe send a blank email to =
> $subst('Email.Unsub') </span></font></p>
> 
> </div>
> 
> </body>
> 
> </html>
> 
> ------=_NextPart_000_0003_01C2F507.64D21160--

Other related posts:

• » Restrict MSN Messenger to certain user groups
• » RE: Restrict MSN Messenger to certain user groups
• » RE: Restrict MSN Messenger to certain user groups
• » RE: Restrict MSN Messenger to certain user groups
• » RE: Restrict MSN Messenger to certain user groups
• » RE: Restrict MSN Messenger to certain user groups
• » Restrict MSN Messenger to certain user groups

1. Home
2. isalist
3. Archive
4. 03-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---