Problem is most of these apps can tunnel over http. So blocking outbound http is not an option you will need to configure your http rules to block http traffic based on user-agents etc. There is also another way to do this. Simply don't allow your "users' the ability to install non business apps or any apps on their (sorry the company's) PC. This stuff should be done by a domain admin, i.e. the users shouldn't be given admin rights and they wont be able to install such programs and then the problem goes away. If you must give them local admin rights then clearly define your computer user policy and the consequences of breaking that policy, then they have no comeback. Jim has a bat if you need to use it! Greg Mulholland ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tue 24/01/2006 2:10 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: how to block KaZaa, Bit, and DAP in ISA2004 std. http://www.ISAserver.org Hi Joseph, Glad you asked! Least priviledge means that you give access only to what is required. In a perfect least priviledge environment, you never need to create a Deny Rule, since you create allow rules only to resources that users require access to. Since the ISA firewall blocks all traffic not explicitly allowed, you don't have to worry about Deny rules. Make sense? Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx] > Sent: Monday, January 23, 2006 8:57 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] how to block KaZaa, Bit, and DAP in ISA2004 std. > > http://www.ISAserver.org > > Tom: > > I am further interested in your answer - but I don't > understand what you > are trying to say. > > Could you give a little bit more detail? > > > Joseph Danielsen, MCSA-Messaging, MCP > > Network Blade Inc. > > 49 Marcy Street > > Somerset, NJ 08873 > > www.networkblade.com > > > > > > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Monday, January 23, 2006 8:52 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: how to block KaZaa, Bit, and DAP in > ISA2004 std. > > http://www.ISAserver.org > > If you're using least priviledge, then just don't allow it. > > HTH, > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Wittaya Lee [mailto:wittalee@xxxxxxxxxxxxxxxxxx] > > Sent: Monday, January 23, 2006 1:35 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] how to block KaZaa, Bit, and DAP in ISA2004 std. > > > > http://www.ISAserver.org > > > > Please help, Anyone know how to block KaZaa, Bit and DAP > > in ISA2004. > > If the client are only SecureNAT or Web Proxy. Thanks in Advance. > > > > Witt > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jdanielsen@xxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx