RE: Restrict MSN Messenger to certain user groups

  • From: "Peter Herbison" <pherbiso@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 29 Mar 2003 11:50:54 +1100

William,

I do not have the proxy settings set in MSN Messenger (I did try setting
them but couldn't get anything to work then). MSN is using the proxy
settings from Internet Explorer which ARE set. Proxy client IS installed so
I can remove settings from IE altogether. I will try that and let you know.

Thanks


-----Original Message-----
From: William Robertson [mailto:william.robertson@xxxxxxxxx]
Sent: Friday, 28 March 2003 8:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Restrict MSN Messenger to certain user groups


Hey Peter

I am using Messenger 5, but I have not configured any Proxy Settings.
This could be your problem because Messenger is Proxy-aware it is
capable of using Port 80 over 1863. Try removing the Proxy Settings
(again, only if the FW Client is installed) and it should still work and
you should see the connection appear under the name of the logged on
user.

Cheers
William R.

-----Original Message-----
From: Peter Herbison [mailto:pherbiso@xxxxxxxxxxxxxxxxxx]
Sent: 28 March 2003 11:05 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Restrict MSN Messenger to certain user groups

William,

Interesting. During my investigation I tried to do just what you did and
it didn't work. MSN just went right around me and used port 80 instead
of
1863. Tricky that!

Are your users on MSN Messenger 5?

In my case IP addresses will change 'cause of DHCP and the fact that
different users use the same machines.

> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0003_01C2F507.64D21160
> Content-Type: text/plain;
>       charset="us-ascii"
> Content-Transfer-Encoding: 7bit
>
> Hey Peter
>
>
>
> I simply created a new Protocol Rule with the standard MSN Messenger
> protocol (TCP 1863 Outbound) and then applied it to a Windows 2000
Group
> wherein I have granted specific users access.
>
>
>
> The only reason I can think of for your MSN clients going through the
> ISA as anonymous is if you do not have the FW Client installed on
these
> workstations and they are in fact acting as straight SecureNAT
clients.
> If this is the case then you will have to authenticate the MSN
Messenger
> protocol rule on a Client address set containing the IP Addresses of
the
> users you wish to grant access to.
>
>
>
> Cheers
>
> William R.
>
>
>
> -----Original Message-----
> From: Peter Herbison [mailto:pherbiso@xxxxxxxxxxxxxxxxxx]
> Sent: 28 March 2003 06:26 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Restrict MSN Messenger to certain user groups
>
>
>
> http://www.ISAserver.org
>
> Does anybody know how I could use ISA Server to restrict the use of
MSN
> Messenger to certain users/groups? I want some users to be able to use
> it and others not.
>
>
>
> I have seen various discussions about how to disable/uninstall MSN but
I
> want to have it available to just selected users.
>
>
>
> Watching MSN sessions through ISA I see that the username is
anonymous.
> How can I get MSN to authenticate to ISA correctly?
>
>
>
> My client machines are Win2000 and WinXPPro with the firewall client
> installed.
>
>
>
> Thanks
>
>
>
> Peter Herbison
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> robertson.william@xxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
>
> ------=_NextPart_000_0003_01C2F507.64D21160
> Content-Type: text/html;
>       charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <html>
>
> <head>
> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
> charset=3Dus-ascii">
>
>
> <meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">
>
> <style>
> <!--
>  /* Font Definitions */
>  @font-face
>       {font-family:Tahoma;
>       panose-1:2 11 6 4 3 5 4 4 2 4;}
>  /* Style Definitions */
>  p.MsoNormal, li.MsoNormal, div.MsoNormal
>       {margin:0cm;
>       margin-bottom:.0001pt;
>       font-size:12.0pt;
>       font-family:"Times New Roman";}
> a:link, span.MsoHyperlink
>       {color:blue;
>       text-decoration:underline;}
> a:visited, span.MsoHyperlinkFollowed
>       {color:purple;
>       text-decoration:underline;}
> span.EmailStyle17
>       {font-family:Arial;
>       color:navy;}
> @page Section1
>       {size:612.0pt 792.0pt;
>       margin:72.0pt 90.0pt 72.0pt 90.0pt;}
> div.Section1
>       {page:Section1;}
> -->
> </style>
>
> </head>
>
> <body lang=3DEN-US link=3Dblue
vlink=3Dpurple>http://www.ISAserver.org<BR>
<BR>

http://www.ISAserver.org<BR>
<BR>


>
> <div class=3DSection1>
>
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>Hey Peter</span></font></p>
>
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>
>
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>I simply created a new Protocol =
> Rule with
> the standard MSN Messenger protocol (TCP 1863 Outbound) and then
applied =
> it to
> a Windows 2000 Group wherein I have granted specific users =
> access.</span></font></p>
>
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>
>
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>The only reason I can think of
for =
> your
> MSN clients going through the ISA as anonymous is if you do not have
the =
> FW
> Client installed on these workstations and they are in fact acting as
=
> straight SecureNAT
> clients. If this is the case then you will have to authenticate the
MSN
> Messenger protocol rule on a Client address set containing the IP =
> Addresses of
> the users you wish to grant access to.</span></font></p>
>
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>
>
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>Cheers</span></font></p>
>
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>William R.</span></font></p>
>
> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
> style=3D'font-size:
> 10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DTahoma><span
> style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
> Message-----<br>
> <b><span style=3D'font-weight:bold'>From:</span></b> Peter Herbison
> [mailto:pherbiso@xxxxxxxxxxxxxxxxxx] <br>
> <b><span style=3D'font-weight:bold'>Sent:</span></b> 28 March 2003
06:26 =
> AM<br>
> <b><span style=3D'font-weight:bold'>To:</span></b> [ISAserver.org =
> Discussion
> List]<br>
> <b><span style=3D'font-weight:bold'>Subject:</span></b> [isalist] =
> Restrict MSN
> Messenger to certain user groups</span></font></p>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>&nbsp;</span></font></p>
>
> <p class=3DMsoNormal =
> style=3D'margin-right:0cm;margin-bottom:12.0pt;margin-left:
> 36.0pt'><font size=3D3 face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>http://www.ISAserver.org</span></font></p>
>
> <div>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DArial><span
> style=3D'font-size:10.0pt;font-family:Arial'>Does anybody know how I =
> could use
> ISA Server to restrict the use of MSN Messenger to certain
users/groups? =
> I want
> some users to be able to use it and others not.</span></font></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>&nbsp;</span></font></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DArial><span
> style=3D'font-size:10.0pt;font-family:Arial'>I have seen various =
> discussions
> about how to disable/uninstall MSN but I want to have it available to
=
> just
> selected users.</span></font></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>&nbsp;</span></font></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DArial><span
> style=3D'font-size:10.0pt;font-family:Arial'>Watching MSN sessions =
> through ISA I
> see that the username is anonymous. How can I get MSN to authenticate
to =
> ISA
> correctly?</span></font></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>&nbsp;</span></font></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DArial><span
> style=3D'font-size:10.0pt;font-family:Arial'>My client machines are =
> Win2000 and
> WinXPPro with the firewall client installed.</span></font></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>&nbsp;</span></font></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DArial><span
> style=3D'font-size:10.0pt;font-family:Arial'>Thanks</span></font></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
> style=3D'font-size:12.0pt'>&nbsp;</span></font></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 =
> face=3DArial><span
> style=3D'font-size:10.0pt;font-family:Arial'>Peter =
> Herbison</span></font></p>
>
> </div>
>
> <p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
> face=3D"Times New Roman"><span =
>
style=3D'font-size:12.0pt'>---------------------------------------------
-=
> --------<br>
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=3Disalist<br>
> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp<br>
> ISA Server FAQ: =
> http://www.isaserver.org/pages/larticle.asp?type=3DFAQ<br>
> ------------------------------------------------------<br>
> Exchange Server Resource Site: http://www.msexchange.org/<br>
> Windows Security Resource Site: http://www.windowsecurity.com/<br>
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com<br>
> ------------------------------------------------------<br>
> You are currently subscribed to this ISAserver.org Discussion List as:
> robertson.william@xxxxxxxxxxxxxx<br>
> To unsubscribe send a blank email to =
> $subst('Email.Unsub') </span></font></p>
>
> </div>
>
>
------------------------------------------------------<BR>
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist<BR>
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp<BR>
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ<BR>
------------------------------------------------------<BR>
Exchange Server Resource Site: http://www.msexchange.org/<BR>
Windows Security Resource Site: http://www.windowsecurity.com/<BR>
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com<BR>
------------------------------------------------------<BR>
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx<BR>
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------<BR>
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist<BR>
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp<BR>
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ<BR>
------------------------------------------------------<BR>
Exchange Server Resource Site: http://www.msexchange.org/<BR>
Windows Security Resource Site: http://www.windowsecurity.com/<BR>
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com<BR>
------------------------------------------------------<BR>
You are currently subscribed to this ISAserver.org Discussion List as:
pherbiso@xxxxxxxxxxxxxxxxxx<BR>
To unsubscribe send a blank email to $subst('Email.Unsub')
</BODY>
>
> </html>
>
> ------=_NextPart_000_0003_01C2F507.64D21160--




Other related posts: