1. To ban kazaa, make it company policy and tell why. Some education that Kazaa is SPYWARE and may leak company private information which means "your job depends on you!" may help. To kill it off, configure the ISA to only allow the bare minimum of port numbers. Such as TCP port 80 and allow just the email ports for the email server and no one else.

This could stopper up the works for most unwanted use.

2. About Java. Many are in .JAR files which you could, on your logon script rename to .CAN files to kill it off. There are others that you can research. You can also alter the IE registry setting to not run javascript/java.

Bob