disabling AIM
 

okay, i want to prevent AIM from being installed and used on a computer.... i tried blocking out the site using security, but it still lets you download it with max security... is there anything i can do to restrict AIM from being installed or opened on windows XP???


...it's for a school classroom, to prevent students from putting it on

get the system admin to block all aol websites? Thats all i can think of. Or if you catch the students installing "unauthorized" programs on the computers at school you can always send them to detention.

that wouldn't quite work, i use aim on my computer :D

try setting access rights to the user profiles.. disable downloading or installing..

I have no idea how my school admin did it but they had this setup:
We had several accounts created on our school laptops:
Home (unrestricted), School (restricted), and Administrator (administrator).
On the school account, WMP, AIM, KaZaA Lite, any non-school; program was denied from opening with some message like "Your account has been restricted from opening this program."

There has to be a way to limit certain programs individually.

Once the machine is configured to the spec wanted by the school, edit the permissions. Create a list of the currently installed products and their associated program files folders. Gives these folders and programs usual access rights. Set rules to deny all others.
Unless a student was crafty enough to install aim into say the photoshop folder in program files, you've killed it's access.

The problem is, kids are crafty enough to do that. I would think you'd want to deny program installation rights to their login group, since you never want them installing anything.

That was the first thing that went through my head in figuring out how to get around it. I was one of those "crafty" students in high school :thumbsup:

i'll see if theres anyway to deny rights to that folder


lol, the one person keeps installing it and hiding the files, by renaming the start menu folder to names that resemble educational software, but i know the computer like the back of my hand soo that doesn't work, and they also hide the installer in random places like programfiles and my documents

what perms do the students have, they dont have full admin do they?

if they dont, instal aim, then remove the perms for the folder it is installed to. that should stop it from running and they.

is it xp home or pro?

ill toy around with it and ill get back to you.

Why not just set a group policy at the domain to disallow the AIM executable file from being run? You could do it per machine if you wanted, providing you're using XP pro.

keep in mind aim express.....they have blocked all usage of yahoo, msn, and aim where I work....but aim express (I guess since its web based) has no problem at all working

Good point ShaniFaye. Maybe an ACL at the firewall to disallow all traffic to and from the AIM port ranges. Unless AIM express runs over port 80. In which case, restrict the site. I'm sure there will always be a way to get around it but hopefully the kids would give up after being met with such resistance.

On another note, take a look at <a href="http://www.faronics.com/">Deep Freeze</a>. If they install AIM, walk up behind them and restart the computer. Bye bye AIM.

awsome awsome, i've seen a computer lab that reset itself like that alll the time, nothing would ever hold on it, i just never knew how they managed it



i know its XP, not sure if it's pro or not... most likely it's not pro... i forget! there is only one acess level and you can do anything on it

deep freeze is great. we are starting to use it where i work, even with administrative privliges i cant screw up the system with out the password for deepfreeze.

Im 99% positive it runs over port 80

hehe, soo many things to do, only think about deep freeze is that it will still let them do it, they will still end up upstalling it just as much as before, since i removed it all the time before

AIM actually runs over any port that you tell it to. For a while, I ran mine over port 13 (daytime port), or the finger port - just for fun. AIM is built to get around any and every firewall you have set up. Short of flat out blocking all traffic to AOL's netblock, you'll be very hard-pressed to stop AIM.

The best solution is an operating system/active directory solution, restricting the user's rights to install programs. Unless you're running in an Active Directory/XP Professional or Win2000 Professional environment, you'll be hard-pressed to set up effective policies. A user can always install AIM onto a USB memory stick at home and bring it in, plug in the memory stick, and off he goes.

But wouldnt the web based client run off port 80? I know the program itself can be configured for any port...

Is there a problem with that? :hmm:

Create a second user account for the students, make them just be a user, and not an administrator.

Right click on my computer and click manage

On the left side of the window look for the local users and groups, it is under system tools. Expand it and click on users.

In the right pane, it will show the user accounts on the system.

Right click and click new user.

Give it a name, like Student
Don’t give it a password, deselect 'user must change password...'
Select user cannot change password
And select password never expires

Click creates and then click done.

Next open the control panel and open user accounts

Click change the way users log on and off
Make sure the use the welcome screen is not selected.

Lastly for each of the other accounts on the computer besides the student one, give them a password.

Click on them and select create a password.


This will give them access only as a user which can not install programs.

You could also try Fortres 101. One of my old schools had this on the computers. Kept the kids from ripping the computers apart, but still let us do work. Keep your computer normal, and run AIM whenever.

Fortres 101 is damn near impossible to crack. Believe me, I tried. ;) I do, however, have some workarounds (somewhere) that you might be interested in.

something you might look at is X-setup Pro, it's a free windows tweak program, and you can use it to block access to a lot of programs. I've used it to give my little bro an account on my system that can keep him off of the 'net

The problem is that there are so many other programs that run AIM, like trillian, gaim, etc....

What I did (before we got a layer 7 filter) was block AIM using Snort. You can set it up to send a RST packet every time it sees an AIM packet, therefore never allowing it to fully connect (PM me if you want to know how to set this up). Unfortunately, this blocks the whole network, so if you want to allow other people, this may not be the way to go (unless you want to set up SSH tunnels for those people).