Add new entry as follow if you want to block multi msn.
Application = msnmsgr Key = KillOldSession Value = 1
By applying this if a user already signin on msn messenger then he try to make new session (open and try to signin multi msn) firewall client kills his previous session (signout) and signin on new session. This way only one session is allowed on MSN Msessenger simultaneously.
You can also block any other application like Yahoo Messenger,IRC,ICQ and also IE (MS Internet Explorer or any other browser). Like if you want to block Yahoo messenger then add following setting.
Application = YPager Key = KillOldSession Value = 1
This trick only applicable if user connecting thier messengers through Firewall Client (mostly), if he set any proxy setting in connection tab of application then (rarely) it will bypass firewall client hence no impact of setting that you made.
But limited to FWC Users only . We are also using it from long time to controll multi messenger But users are now getting smart. They tell each other settings on LOCAL LAN If user set proxy or connects via socks, this setting will not apply. still then good for normal basic cusers.
You are right. MSN dont use considerbale amount of bandith & people are happpy to use it, but is good for operators who have very limited amount of bandiwth like dialup in rural areas or you have such a policy where multi msn is to allowed. It is also a feature of iSA SERVER which was described that IT IS POSSBILE IN ISA.
Hello all, Well it is possible to allow an application to communicate freely to some users and block it to all others. I'm doing it at my network as KAZAA is opened for VIP users and blocked for others ! with FWC mind it. So, the bottom line is IT IS POSSIBLE !
------------------------------ Hunaid Haroon Al Qureshi NetCommunications email@example.com
From: The Netherlands
All ideas in this post are nice and interesting. But isn't it true that a lot of questions on this message board are on how to ALLOW MSN through ISA. So why worry about file transfer and things like that, if it needs special configuration to make it work ?
It's easy as sin:
SNAT Clients: Open port 1863 outbound for the users/ip's you want. Leaves only the chat.
Firewall Clients: Same as above, DON'T add secondary connections, cause this will make things like file transfer work
If chat is all you want to allow, let the users use the ISA web proxy in the MSN configuration.
Socks/Web proxy WILL allow chat to all if no authentication is required.