erd beer 
Phillipines
Member since
7/8/2006
Platinum Membership
Posts: 235
 |
| 10/10/2007 02:22 PM |
|
how do i block certain pc in the network not to use yahoo messenger?
thanks
|
|
|
|
|
|
robert pearman
United Kingdom
Member since
2/23/2007
Platinum Membership
Posts: 1770
|
| 10/10/2007 02:34 PM |
|
there are a few different approaches you can take.
firstly - find out the protocols that are in use for yahoo messenger, create a new ISA rule, that blocks this traffic for that particular pc.
secondly, you could create a software restriction policy that doesnt allow the application to run on that pc.
uninstall the application and instruct the user not to install it again. |
|
|
|
|
|
erd beer
Phillipines
Member since
7/8/2006
Platinum Membership
Posts: 235
|
| 10/11/2007 12:51 AM |
|
hi..
i would greatly appreciate guiding me step by step on how to find out what protocol is used in yahoo messenger and how to create an isa rule.. and also how do i create a software restricition?
thanks
|
|
|
|
|
|
robert pearman
United Kingdom
Member since
2/23/2007
Platinum Membership
Posts: 1770
|
| 10/11/2007 10:23 AM |
|
well the two things are seperate - software restriction policies are created and applied using Group Policy, you can create these using the GPMC from the admin tools.
in my opinion a software restriction policy would serve you better in this case.
here is a link from technet http://technet.microsoft.com/en-us/library/bb457006.aspx which explains in detail how they work and how to create them.
ALWAYS apply this type of GPO to a test OU and test machine first - because if you mess up it can cause big problems for you.
I would suggest creating a hash rule of the yahoo messenger EXE file - this is preferable to a path rule because the hash will stop users renaming the file and running it.
|
|
|
|
|
|
erd beer
Phillipines
Member since
7/8/2006
Platinum Membership
Posts: 235
|
| 10/15/2007 11:03 AM |
|
hi..
how do i create a hash rule in yahoo messenger exe?
would appreciate guiding me step by step
thanks
|
|
|
|
|
|
robert pearman
United Kingdom
Member since
2/23/2007
Platinum Membership
Posts: 1770
|
| 10/15/2007 02:55 PM |
|
| http://www.itauthority.co.uk/downloads/hashrule.pdf - i wrote you a small guide based on cmd.exe - if you substitute that for the yahoo messenger EXE file that should help. |
|
|
|
|
|
erd beer
Phillipines
Member since
7/8/2006
Platinum Membership
Posts: 235
|
| 10/18/2007 01:34 PM |
|
robert, thanks so much for your help and patience.. will be trying the hash rule this weekend
|
|
|
|
|
|
erd beer
Phillipines
Member since
7/8/2006
Platinum Membership
Posts: 235
|
| 10/20/2007 09:23 AM |
|
hi..
i tried creating a hash rule from the link you gave me and i followed step by step but to no avail it is not working. i exactly followed the setps including the sample cmd.exe, what could be the prob?
fyi:
am using a sbs 2003 prem ed, am on a domain,
should i browse the exe from the server itself? if yes thats what i did.. i gpupdate /force the pc on a domain and restarted the client pc and its still not working
pls help
|
|
|
|
|
|
robert pearman
United Kingdom
Member since
2/23/2007
Platinum Membership
Posts: 1770
|
| 10/20/2007 10:57 AM |
|
| did you add any user accounts to the ou where you linked the gpo? |
|
|
|
|
|
erd beer
Phillipines
Member since
7/8/2006
Platinum Membership
Posts: 235
|
| 10/21/2007 04:01 AM |
|
hi..
no i did not do anyhting with regards to user account as it did not say anything in the article, isnt it my existing user accounts will be used automativally which is my business, sbs user? thats where my user accounts are.
if i have to add user accounts to the newly created ou, how do i add it? pls guide me step by step
thanks
|
|
|
|
|
|
robert pearman
United Kingdom
Member since
2/23/2007
Platinum Membership
Posts: 1770
|
| 10/22/2007 10:19 AM |
|
what you need to do is create a test user account in the ou where you applied this new group policy. then logon to a pc as this test user and see if the policy works.
you can create a test user by opening up active directory users and computers, expanding the domain, find your new test OU, right click and select NEW - user, fill out this infomation, and finish the wizard. then go to a client pc, logon as this new test user and try to run yahoo messenger. |
|
|
|
|
|
erd beer
Phillipines
Member since
7/8/2006
Platinum Membership
Posts: 235
|
| 10/22/2007 11:18 AM |
|
hi..
so does that mean i cannot use an existing user, and needs to create a new user?
where do i have to put the new ou? can it be under my business?
and also do i have to restart my sbs machine or no more?
thanks
|
|
|
|
|
|
robert pearman
United Kingdom
Member since
2/23/2007
Platinum Membership
Posts: 1770
|
| 10/22/2007 11:29 AM |
|
i suggested you create a new user so you dont inconvinience any existing user - of course you can use any user account you wish.
you can apply the gpo to ANY ou, again i only suggested a new OU to test the policy before applying it.
no you dont need to reboot the sbs server.
when you logon to a client using an account that is effected by this policy, if you click start, run, type cmd, in the cmd window - type gpresult.
examine this readout and look for the policy name that you entred when creating the hash rule policy, you will see if the policy is applied or not. |
|
|
|
|
|
erd beer
Phillipines
Member since
7/8/2006
Platinum Membership
Posts: 235
|
| 10/22/2007 02:15 PM |
|
hi..
i tried running gpresult and i have seen the policy has been apllied..
Applied group policy objects
default domain policy
wsus
software Restriction Hash Rule :CMD.exe
but how come i could stillaccess the cmd on my client pc?
|
|
|
|
|
|
robert pearman
United Kingdom
Member since
2/23/2007
Platinum Membership
Posts: 1770
|
| 10/22/2007 02:20 PM |
|
i would assume because you have set the policy up to block access to the yahoo messenger EXE file not cmd.exe
|
|
|
|
|
|
erd beer
Phillipines
Member since
7/8/2006
Platinum Membership
Posts: 235
|
| 10/22/2007 02:45 PM |
|
hi
i tried restarting my client pc and tried running gpresult and the policy has just disappeared..
i am trying cmd.exe and not yahoo.exe as i was following exactly the sample you made..
in making a hash file, i browsed it cmd.exe under windows\system32 of the sbs machine. is that correct or it should be the directory of the client pc?
thanks
|
|
|
|
|
|
robert pearman
United Kingdom
Member since
2/23/2007
Platinum Membership
Posts: 1770
|
| 10/22/2007 03:01 PM |
|
it is possible there is a slight difference between the two files, if you can, i would try copying the cmd.exe file from a client pc to a folder on the server and using that as the basis for your policy.
also i would confirm if you have user accounts in the OU where you are applying the policy. and wether you are using the user configuration, or computer configuration part of the policy editor. |
|
|
|
|
|
erd beer
Phillipines
Member since
7/8/2006
Platinum Membership
Posts: 235
|
| 10/22/2007 03:08 PM |
|
hi..
i am using the computer configuration..
a check with gpresult under user settings, the following gpos were not applied because they were filtered out
software restriction has rule :CMD.exe
Filtering" Not Applied (empty)
but under computer settings:
Applied Group policy objects
Software Restriction Hash Rule :CMD.exe
is that okay?
a check with the version of cmd in xp and sbs , the version of sbs is more latest than the xp
should i copy the cmd of xp to SBS?
thanks
|
|
|
|
|
|
robert pearman
United Kingdom
Member since
2/23/2007
Platinum Membership
Posts: 1770
|
| 10/22/2007 03:11 PM |
|
ok, i think it might be a better idea to choose a different EXE file - as i really only used cmd.exe as an example in my document, i didnt think you would use that as the test, my mistake.
Lets delete that policy, create a new one, using the yahoo messenger exe file.
if you use the computer configuration portion of the gpo editor, you must ensure there are computer accounts in the OU where the policy is appled. |
|
|
|
|
|
erd beer
Phillipines
Member since
7/8/2006
Platinum Membership
Posts: 235
|
| 10/23/2007 01:04 PM |
|
hi..
i created a policy right under domain.local and created a hash rule with user configuration and its working..
BUT, whenever i create a new ou under adus and create a policy under group policy management then link that new policy the policy doesnt work..
so, i created directly under domain.local under group policy management, and it worked..
what could be the prob?
another concern is, when i choose the application (eg. yahoo.exe) and the version on some clients are older that what i chose , it doesnt work too.. does that mean i have to choose all the yahoo.exe one by one and create new hash rule?
thanks
|
|
|
|
|
|