I want to protect my Windows XP workstations from Windows Messenger exploits, but XP insists on starting the program when users log on. I deleted the executable, but it keeps coming back. How can I get rid of it?
You're right to consider the risks of Windows Messenger and other Instant Messaging (IM) tools. (See the Windows & .NET Magazine article "Protect Your Instant Messaging," http://www.winnetmag.com, InstantDoc ID 25669 for more information about these risks and potential solutions.) Deleting the program's executable doesn't work because Windows File Protection (WFP) replaces system files when you delete them. However, you can use Group Policy to disable the indomitable Windows Messenger. Run gpedit.msc on an XP computer, go to Computer Configuration\Administrative Templates\Windows Components\Windows Messenger, open the Properties dialog box for the Do not allow Windows Messenger to be run policy, and select Enabled. Now Windows Messenger won't start when users log on, they can't start it manually, and programs such as Microsoft Outlook Express won't start it, either.