Blocking MSN/Windows Live on ISA Server 2006

MrClass

Hey all. I have been trying for the last 2 weeks to block MSN/Windows Live on ISA Server 2006; but no success. Microsoft did mention the steps in their technet site, I followed both ways, but ended up with ISA blocking http for good (no websites can load anymore). It is important to block it using ISA and not a group policy because our environment contains Windows, Mac, and mobile devices (like ipads and blackberry, and personal laptops). I did my research, but no website has a definite answer. Also the method should work to block other web chatting applications like ebuddy. So far I was able to block the small chatting module you see when you login to hotmail, it keeps refreshing without the ability to connect. I blocked messenger.hotmail.com and messenger.live.com, how the heck can windows live still work?? Any help is appreciated.

MrClass

God, what are the odds?? Finally blocked it!

MrClass

Bummer, ebuddy and iloveim still work. I can block these sites, but what about other sites similar to these?

xterm

You probably already know there are so many ways to access different IM protocols. I say, send a notice to all employee that all computers are now being monitored :-)

ali-koubeissi

As xterm suggested inform the employees or you'll enter a never ending loop of trying to block all possible ways.

MrClass

Well the problem is that we have lots of techie staff members. They don't buy the crap talk :P
For them, as long as it's working, they just use it. Only when they realize (after trying several hacks and antiproxies) that it cannot connect anymore, they stop trying. For now the windows live messenger for windows and mac cannot connect anymore, nor can the chatting module found in hotmail. Will see the staff reaction tomorrow :P
(hope they don't hang me from a tree or something; angry crowd hehe)

Tarek

you can block the ports and https ...also you should block wap

MrClass

what?? MSN and WLM use http aka port 80, so this port cannot be blocked. Also we cannot block https, staff members need to access their gmail, yahoo mail, hotmail, our website, and all of these use https during login.

Tarek

MSN messenger uses ports 443 and 1863.
If you want to block web based messenger just add this address to your list of blocked URL's: "http://*webmessenger.msn.com".

You may also want to block other portal sites such as "http://*ebuddy.com" & "http://*msn2go.com", etc.

Perhaps also create some signatures with words such as "msn messenger", "messenger", "IM", etc.

you can find the application signature to be blocked. For a sample list of application signatures, see Common Application Signatures at:

[url]http://www.microsoft.com/technet/prodtechnol/isa/
2004/plan/commonapplicationsignatures.mspx[/url]

d3ad

I have always found it best to use http://www.gfi.com/internet-monitoring-software/webmonfeatures.htm as it allows much much more control.