Microsoft KB Archive/932486

From BetaArchive Wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Knowledge Base


How to configure Internet Security and Acceleration (ISA) Server 2000 to block Windows Live Messenger traffic

Article ID: 932486

Article Last Modified on 2/15/2007


APPLIES TO

  • Microsoft Internet Security and Acceleration Server 2000 Standard Edition


INTRODUCTION

This article describes how to configure Microsoft Internet Security and Acceleration (ISA) Server 2000 to block Windows Live Messenger traffic.

MORE INFORMATION

In later versions of ISA Server such as Microsoft Internet Security and Acceleration (ISA) Server 2004 or Microsoft Internet Security and Acceleration (ISA) Server 2006, you can use Request headers or Response headers to block Windows Live Messenger traffic. However, this functionality is not available in ISA Server 2000. To block Windows Live Messenger traffic in ISA Server 2000, follow these steps:

  1. Start the ISA Management tool.
  2. Create a destination set that includes Windows Live Messenger destinations. To do this, follow these steps:
    1. Expand Servers and Arrays, expand the particular server or array in which you want to create the destination set, expand Policy Elements, and then click Destination Sets.
    2. On the Action menu, point to New, and then click Destination Set.
    3. In the Name box, type a descriptive name such as Live Messenger Destinations.
    4. Click Add, leave the default Destination option selected, type *.live.com in the Destination box, and then click OK.
    5. Click Add, click IP addresses, type 207.46.108.35 in the From box, and then click OK two times.
  3. Create a content group that contains the following three content types:
    • application/x-msn-messenger
    • text/x-msmsgsprofile
    • text/x-msmsgsinitialmdatanotification

    To do this, follow these steps:

    1. Under Policy Elements, click Content Groups.
    2. On the Action menu, point to New, and then click Content Group.
    3. In the Name box, type a descriptive name such as Live Messenger Content.
    4. In the Available types list, type application/x-msn-messenger, and then click Add.
    5. In the Available types list, type text/x-msmsgsprofile, and then click Add.
    6. In the Available types list, type text/x-msmsgsinitialmdatanotification, and then click Add.
    7. Click OK.
  4. Create a protocol rule to deny the MSN Messenger protocol. This rule should deny outgoing requests on port 1863. To do this, follow these steps:
    1. Expand Access Policy, and then click Protocol Rules.
    2. On the Action menu, point to New, and then click Rule.
    3. In the Protocol rule name box, type a descriptive name, and then click Next.
    4. Click Deny, click Next, and then click Selected protocols in the Apply this rule to list.
    5. In the Protocols list, click to select the MSN Messenger check box, and then click Next.
    6. Leave the Always option selected in the Use this schedule list, and then click Next.
    7. Leave the Any request option selected, click Next, and then click Finish.
  5. Create a site and content rule to deny the Windows Live Messenger destination set. To do this, follow these steps:
    1. Under Access Policy, click Site and Content Rules.
    2. On the Action menu, point to New, and then click Rule.
    3. In the Site and content rule name box, type a descriptive name for the rule, and then click Next.
    4. Click Deny, click Next, click Deny access based on destination, click Next, and then click Specified destination set in the Apply this rule to list.
    5. In the Name list, click Live Messenger Destinations.

      Note If you used a different name when you created the Windows Live Messenger destination set in step 2, click that name in the Name list.
    6. Click Next, and then click Finish.
  6. Create a site and content rule to deny the Windows Live Messenger content group. To do this, follow these steps:
    1. Under Access Policy, click Site and Content Rules.
    2. On the Action menu, point to New, and then click Rule.
    3. In the Site and content rule name box, type a descriptive name for the rule, and then click Next.
    4. Click Deny, click Next, click Custom, click Next, click All destinations in the Apply this rule to list, and then click Next.
    5. In the Use this schedule list, click Always, and then click Next.
    6. Click Any request, click Next, and then click Only the following content types.
    7. In the Content type list, click to select the Live Messenger Content check box.

      Note If you used a different name for the Windows Live Messenger content group that you created in step 3, click to select the check box that corresponds to the appropriate content group.
    8. Click Next, and then click Finish.

For more information about how to use ISA Server 2004 or ISA Server 2006 to block Windows Live Messenger traffic, click the following article number to view the article in the Microsoft Knowledge Base:

925120 How to block MSN Messenger traffic and Windows Live Messenger traffic by using ISA Server


Keywords: kbfirewall kbhowto kbinfo KB932486



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/932486&oldid=227854
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki