To Protect Your PC Disable the Windows Scripting Host by Stephen
Total Page:16
File Type:pdf, Size:1020Kb
To Protect Your PC Disable the Windows Scripting Host By Stephen Bucaro The Windows Scripting Host (WSH) is a feature that enables VBScripts to run on W indows operating systems. VBScripts contain instructions that can modify almost anything on your computer without your knowledge. hey are frequently used by system administrators to automate PC administration t asks. Scripts are plain text files and VBScript is a very simple progamming language, so anyone can use Windows Notepad to create a script to read, modify, create, or delete files on your PC, including the registry and other configuration files. A script can be executed by clicking on the name of the script within an email m essage. Hackers can use the WSH to infect or cause damage to your PC. You can increase the security of your PC by disabling the WSH; however, this pre vents you from taking advantage of its powerful capabilites, and some legitimate applications use the WSH. In this article, you'll learn a technique to quickly enable the WSH, use it to perform administration tasks, and disable it again. Disclaimer: This article involves editing the registry. Incorrectly editing the registry can cause your computer to fail to start. The use of this information i s entirely at your own risk. To be safe, you should backup your computers regist ry before using this information. In no event shall Bucaro TecHelp be liable for any damages whatsoever arising out of the use of or inability to use the inform ation in this article. The first step is to export the registry key that controls whether the WSH is en abled or disabled. 1. Select Start | Run... and in the Run dialog box that appears, type regedit an d click on the [OK] button. 2. In the Registry Editor, navigate to and highlight the following key. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\Enabled 3. In the Registry Editor "Registry" menu select "Export Registry File...". 4. In the "Export Registry File" dialog box that appears, in the "File name:" t ext box enter a file path and name, for example "c:\wshkey". Make sure "Registra tion files" is selected in the "Save as type:" drop down list. 5. Make sure the "Selected branch" radio button is set in the bottom section of the "Export Registry File" dialog box. 6. Click on the [Save] button. The Registry Editor will have created the file wshkey.reg in the root of the c: directory. You can open the file in Windows Notepad and see that it contains the following information (or something similar to it). Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings] "DisplayLogo"="1" "ActiveDebugging"="1" "SilentTerminate"="0" "TrustPolicy"=dword:00000000 "LogSecurityFailures"="1" "LogSecuritySuccesses"="0" "Remote"="0" "Enabled"="1" "IgnoreUserSettings"="0" Note that the "Enabled" key is set to "1", indicating that the WSH is enabled. I f this key is set to "0" on your machine, then the WSH is disabled. In order to run scripts on your computer, you'll need to edit this setting and import the ke y back into the registry. To see if the WSH is actually running and enabled, open Windows Notepad and crea te a new file by typing in the following lines. Set wshShell = Wscript.CreateObject("Wscript.Shell") MsgBox("Hello from WSH!") Save the file with the name test.vbs (you may need to save it as test.txt and th en change the file extension). When you double-click on the file name, a message box should appear. Open Windows Notepad and create a new file by typing in the following lines (or just cut and paste the lines below). If MsgBox("Disable WSH?", vbQuestion + vbYesNo, "Windows Scripting Host") = vbYes Then Dim WshShell, RegKey Set WshShell = CreateObject("WScript.Shell") RegKey = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\Enabled" WshShell.RegWrite Regkey, "0" End If Save the file with the name disable.vbs. When you double-click on the file name, a message box will appear asking if you want to disable the WSH. Click on the [ Yes] button. Now when you execute test.vbs, the little box with the message box "Hello from W SH!" will not appear. Instead, Windows will display the message "Windows Script Host access is disabled on this machine". Inspecting the key again in the Regist ry Editor will verify that its value has been set to "0". Your PC is now better protected from hackers. 1. In the Registry Editor "Registry" menu select "Import Registry File...". 2. In the "Import Registry File" dilaog box that appears, select the file wshke y.reg, then click on the [Open] button. Inspecting the key again in the Registry Editor will verify that its value has b een set to "1". You are now able to use the powerful capabilites of the WSH. Now when you execute test.vbs, the message "Hello from WSH!" will appear. Keep the wshkey.reg and disable.vbs files in a convenient place so that when you need to run a script you can quickly import wshkey.reg into the registry to ena ble the WSH, execute your script, then execute disable.vbs to protect your syste m. Or you could easily include, at end of your script, the three lines from disa ble.vbs that disable the WSH (you don't really need the message box). With this technique, you can quickly enable the WSH, run a program that uses the WSH or use a script to perform administration tasks, and disable it again..