I don't know of a great way to do this. One not-so-great way is to configure your users with fixed IP address (i.e., not DHCP-assigned) and to implement source-IP address filtering for messenger and Real Player.
Another option is to allow access to those applications from all IP addresses, but use group policies to "lock-down" the desktop environment. In other words, stop your users from running those applications at all.
Sorry I don't have a better answer -- those protocols weren't designed for use with authentication to a proxy server.
This was first published in August 2002