Category Archives: Internet

General items involving online tools and useful sites.

How to block Ultrasurf at the workstation level in Windows

Some time ago, I discovered students were using a program called Ultrasurf to get around our internet filter.  The app is portable and so can run off a USB key or from a cloud drive. (As of writing this, the latest file name is u1403.exe. You can recognize it is running by a yellow gold lock icon on the screen and usually in the lower right corner)

Apparently it was designed for citizens of China to get around “The great firewall of China.”  The app sets itself up as a proxy.  Ultrasurf then changes Internet Explorer to use this new proxy to surf. Behind the scenes the app works by connecting to an IP overseas from a wide-range of choices. From what I saw, it connects using https and the port can be varied by users. Blocking it is a daunting task.

Blocking the app itself via group policy is tough as well. The checksum is a moving target.   Ultrasurf often has a new version out plus old versions can be found everywhere.

You might think that blocking proxy access in IE via GPO would help. It really doesn’t. All the GPO does it block being able to put in the settings via Internet Options.  Policies still allow changing the actual proxy value in the registry.

What I discovered is that to block Ultrasurf, you need to prevent the users from being able to edit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings.

This is where IE stores it’s proxy information. As long as the user has write access, Ultrasurf can work.

Introducing UltraFin!

I have created a script that works at the user level. I deploy it via a policy that will run as the user for anyone who is a member of our student user group.  I called it UltraFin as a play on UltraSurf. A surfers day is ruined if they see a Fin in the water 🙂

What the script does is use a tool called regini.exe to set the part of the registry I mentioned above as read-only. This essentially locks them out from making any changes to their proxy settings. To undo the permissions settings, an admin would have to mount their profile hive (ntuser.dat) and correct the permissions.

Once this is done, launching Ultrasurf says it is connected but will go nowhere. Ultrasurf normally launches IE once it connects but this won’t happen anymore.

I keep both my script and regini.exe in the netlogon folder of our DC’s.

You get regini.exe as part of the  Windows Server 2003 Resource Kit Tools.

Here is my script and please note, you will need to rename it from ultrafin.txt to ultrafin.vbs

In the GPO I create, here is where I place it:

User Configuration->Policies->Windows Settings->Scripts->Logon

Name:%LOGONSERVER%\NetLogon\UltraFin.vbs

I use the logonserver variable to reduce network traffic and to prevent a workstation from hanging up on logon if X server is down.

One important note, I still keep a policy in place for this group that prevents them from changing their proxy settings in IE.  The main reason for this is so my users in question can’t manually set a different browser to use the Ultrasurf proxy address. Ultrasurf thrives on IE but there is the potential to workaround it.

To ensure this, I also have imported policy templates for the other popular browsers such as Chrome and Firefox. I enable settings to force these browsers to use IE proxy settings.

I hope this helps someone as I haven’t found many good ways so far on how to block Ultrasurf.

Where google hides their cache

I always liked google’s cached page feature. It serves me well for those times when my searches finally yield that holy grail page I’ve been looking for. Only I go to click on it and the link is dead!

I hadn’t used the cache feature for awhile and couldn’t find it. I thought I’d share that it is still there and how to find it. It used to be that you could hover over the search result and get double (>>) arrows beside it. It’s now in a new spot.

Look at the link in the search result and click the green down arrow on the right. You will see cached option, as well as Similar and Share.

One stop to install them all

One of my favorite web sites has to be ninite.com. Whenever I do a new install of a computer, it’s my first stop after completing windows updates. If you haven’t been to ninite, it’s worth checking out. Ninite is one of those sites I would have loved to build. Pretty much any of the common apps you want on a new build is available through them. Simply browse through their list of apps and select all the ones you want.  (I should point out ninite isn’t just useful for new builds. You can also have it update your apps for you as well.)

You then download one custom app which will go and get the latest of each of your choices. So if you want the latest Adobe reader, Java, .Net, etc you will easily get them through Ninite. This saves me a lot of time by not having to visit each company’s site and figure out how to get the free version (ie quicktime). One caveat is if you select Chrome and want the system for multiple users. The ninite version is the web installer good for one login profile only. For chrome, I get the stand alone installer from Google.

Ninite also has a pro version for corporate use. I haven’t gotten a chance to try it but it certainly looks promising. Either way, give their site a try and you may have a new preferred site as well.