Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Block Google talk
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Block Google talk - 14.Nov.2006 2:10:37 AM
|
|
|
bawer
Posts: 7
Joined: 13.Nov.2006
Status: offline
|
Hi:
I have been trying to block google talk software in ISA server 2004 but users are still able to use google talk. How can i disable google talk in ISA?
Any help is highly appreciated
thanks
|
|
|
|
|
RE: Block Google talk - 14.Nov.2006 4:18:41 AM
|
|
|
bawer
Posts: 7
Joined: 13.Nov.2006
Status: offline
|
Hi:
The mentioned links didn't help me, i want to block the googletalk.exe from running. any idea
|
|
|
|
|
RE: Block Google talk - 14.Nov.2006 4:45:34 AM
|
|
|
abarrote
Posts: 23
Joined: 4.Jan.2006
From: Portugal
Status: offline
|
hmmm... that's different and you don't need ISA to do that...
check out this article by Serdar Yegulalp:
http://searchwindowssecurity.techtarget.com/generic/0,295582,sid45_gci1163202,00.html?bucket=REF
you'll have to register (it's free) to read the whole article, so I'll just copy-paste the most relevant information:
If you're using Active Directory in a domain, you can configure a Group Policy to prevent specific applications from running -- a process described in detail in Microsoft Knowledge Base article 323525. This, however, requires that you have the exact name of the executable to block (such as MSMSGS.EXE for MSN Messenger). If someone's using a program that can simply be renamed to something else, this approach won't work, so it may only work with the most obvious programs.
Even better is a hash rule, which works not by blocking an executable by name but by creating a cryptographic hash of the file you want to block. This is far more precise and will withstand the file being renamed, but it will only work on one specific version of any given executable. If an update for the program comes out, you must create a new hash.
To create a hash rule on a given machine:
- 1. Type Start | Run | secpol.msc on the machine in question.
- 2. Under Software Restriction Policies, double-click and select Additional Rules. If you need to create a new policy by enabling Software Restriction Policies according to the instructions on the page, do that first.
- 3. Right-click Additional Rules and select New Hash Rule.
- 4. Click Browse to find the file you want to create a hash for and select "Disallowed" under Security Level. Fill in the rest of the boxes as needed.
- 5. Click OK to close all the forms.
To create a hash rule security policy for a domain or organizational unit rather than a single machine:
- 1. Type dsa.msc from Start | Run.
- 2. Right-click on the domain or OU to apply the policy to it and select Properties | Group Policy tab | New/Edit.
- 3. Drill down to User Configuration | Windows Settings | Security Settings | Software Restriction Policies and continue as above from step three.
|
|
|
|
|
RE: Block Google talk - 14.Nov.2006 5:34:41 AM
|
|
|
bawer
Posts: 7
Joined: 13.Nov.2006
Status: offline
|
if i block through GPO it will be blocked but i want it to be blocked through ISA.
I have added googletalk.exe in client configuration list in ISA will it work?
|
|
|
|
|
RE: Block Google talk - 14.Nov.2006 7:42:22 AM
|
|
|
bawer
Posts: 7
Joined: 13.Nov.2006
Status: offline
|
HI:
I tried to disable the googletalk.exe from client config and restarted the firewall services still it is the same,clients can run googletalk.exe and can have chat.any idea
thanks
|
|
|
|
|
RE: Block Google talk - 16.Nov.2006 2:51:11 AM
|
|
|
bawer
Posts: 7
Joined: 13.Nov.2006
Status: offline
|
I did added the mentioned link in " TO " tab of access rule. But still the users can even use mail chat sessions.
I removed .exe i don't know if it can effect the users as it is changed. So i will wait for it. If there is any other method kindly help me.
thanks
|
|
|
|
|
RE: Block Google talk - 16.Nov.2006 5:31:05 AM
|
|
|
abarrote
Posts: 23
Joined: 4.Jan.2006
From: Portugal
Status: offline
|
hi...
I still think the best solution is to block it through GPO...
I wonder how ISA would react if users change the exe filename... Would it still block the application afterwards?
|
|
|
|
|
RE: Block Google talk - 16.Nov.2006 6:10:36 AM
|
|
|
elmajdal
Posts: 5060
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
quote:
ORIGINAL: bawer
I did added the mentioned link in " TO " tab of access rule. But still the users can even use mail chat sessions.
make sure to put ur Deny rule ABOVE your allow rules !!
and include these urls in a URL Set.
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Block Google talk - 16.Nov.2006 6:11:16 AM
|
|
|
abarrote
Posts: 23
Joined: 4.Jan.2006
From: Portugal
Status: offline
|
quote:
ORIGINAL: elmajdal
why wonder ?? i already answered this
uups... sorry... my mistake... I missed it
so, the best solution is to block the URL, although that could also be changed someday...
I guess there's no perfect solution. We'll have to monitor the application and URL changes anyway...
|
|
|
|
|
RE: Block Google talk - 16.Nov.2006 6:30:48 AM
|
|
|
bawer
Posts: 7
Joined: 13.Nov.2006
Status: offline
|
that is fine but i want it to be blocked either by access rule or client config to disable application. Both of them are not working.
|
|
|
|
|
RE: Block Google talk - 20.Nov.2006 9:13:14 AM
|
|
|
bawer
Posts: 7
Joined: 13.Nov.2006
Status: offline
|
any idea
|
|
|
|
|
RE: Block Google talk - 21.Jun.2007 12:26:55 PM
|
|
|
elmajdal
Posts: 5060
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Hi zac,
Its been long time since i played with GTalk.
I will try your HTTP User Agent and report back on saturday.
Thanks,
Tarek
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
RE: Block Google talk - 29.Jun.2007 12:20:58 PM
|
|
|
manu
Posts: 2
Joined: 21.Jun.2007
Status: offline
|
Hi Majdalani,
Waiting for your reply. Did you get a chance to work on it?
_____________________________
Manu Zacharia
|
|
|
|
|
RE: Block Google talk - 29.Jun.2007 12:43:05 PM
|
|
|
elmajdal
Posts: 5060
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Hi manu,
it was a full load week ! like hell !!
I had Training sessions for me, Traveling, and lots me meeting.
Sorry for the delay, will try it this week for sure.
Thanks for the follow up
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Block Google talk - 1.Jul.2007 4:26:16 AM
|
|
|
ITEngineer
Posts: 256
Joined: 3.Feb.2006
Status: offline
|
This didnt block Gtalk , it is still connecting
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
