Our company has many offices spread throughout the world, with each office having its own IT support staff. Our CTO sent an email about one of the offices getting a virus through IM. He wanted to make sure that every office had a way to block IM because all the offices are on the same WAN, which means they can infect each other. For various reasons, not all the offices wanted to use their firewalls to block IM. Because all the offices use Active Directory (AD), I suggested they use Group Policy to stop their users from running IM. Blocking IM for everyone or for just one person is easy.
If you want to stop everyone from using IM, you can set a Group Policy Object (GPO) for the entire domain. Follow these steps:
If you want to stop an individual user from using IM, you can set a GPO for one specific machine. Follow these steps:
Note that if a domain-level GPO is defined, it might override this local GPO.
The steps I've outlined work well for most users. However, if you have extremely savvy users, they can still run the program by renaming the blocked executable or by executing it from a command prompt.