win script host_1
TRANSCRIPT
-
7/28/2019 Win Script Host_1
1/3
To Protect Your PC Disable the Windows Scripting Host
By Stephen Bucaro
The Windows Scripting Host (WSH) is a feature that enables VBScripts to run on Windows operating systems.VBScripts contain instructions that can modify almost anything on your computerwithout your knowledge.hey are frequently used by system administrators to automate PC administration tasks.
Scripts are plain text files and VBScript is a very simple progamming language,so anyone can use Windows Notepad to create a script to read, modify, create, ordelete files on your PC,including the registry and other configuration files.A script can be executed by clicking on the name of the script within an email message.Hackers can use the WSH to infect or cause damage to your PC.
You can increase the security of your PC by disabling the WSH; however, this prevents you from taking advantage of its powerful capabilites, and some legitimate
applications use the WSH. In this article, you'll learn a technique to quicklyenable the WSH, use it to perform administration tasks, and disable it again.
Disclaimer: This article involves editing the registry. Incorrectly editing theregistry can cause your computer to fail to start. The use of this information is entirely at your own risk. To be safe, you should backup your computers registry before using this information. In no event shall Bucaro TecHelp be liable forany damages whatsoever arising out of the use of or inability to use the information in this article.
The first step is to export the registry key that controls whether the WSH is enabled or disabled.
1. Select Start | Run... and in the Run dialog box that appears, type regedit and click on the [OK] button.2. In the Registry Editor, navigate to and highlight the following key.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\Enabled
3. In the Registry Editor "Registry" menu select "Export Registry File...".4. In the "Export Registry File" dialog box that appears, in the "File name:" text box enter a file path and name, for example "c:\wshkey". Make sure "Registration files" is selected in the "Save as type:" drop down list.5. Make sure the "Selected branch" radio button is set in the bottom section ofthe "Export Registry File" dialog box.6. Click on the [Save] button.
The Registry Editor will have created the file wshkey.reg in the root of the c:directory.You can open the file in Windows Notepad and see that it contains the followinginformation (or something similar to it).
-
7/28/2019 Win Script Host_1
2/3
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsScript Host\Settings]
"DisplayLogo"="1""ActiveDebugging"="1""SilentTerminate"="0""TrustPolicy"=dword:00000000"LogSecurityFailures"="1""LogSecuritySuccesses"="0""Remote"="0""Enabled"="1""IgnoreUserSettings"="0"
Note that the "Enabled" key is set to "1", indicating that the WSH is enabled. If this key is set to "0" on your machine, then the WSH is disabled. In order torun scripts on your computer, you'll need to edit this setting and import the key back into the registry.
To see if the WSH is actually running and enabled, open Windows Notepad and create a new file by typing in the following lines.Set wshShell = Wscript.CreateObject("Wscript.Shell")MsgBox("Hello from WSH!")
Save the file with the name test.vbs (you may need to save it as test.txt and then change the file extension). When you double-click on the file name, a messagebox should appear.
Open Windows Notepad and create a new file by typing in the following lines (orjust cut and paste the lines below).If MsgBox("Disable WSH?", vbQuestion + vbYesNo,"Windows Scripting Host") = vbYes ThenDim WshShell, RegKeySet WshShell = CreateObject("WScript.Shell")RegKey = "HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsScript Host\Settings\Enabled"
WshShell.RegWrite Regkey, "0"End If
Save the file with the name disable.vbs. When you double-click on the file name,a message box will appear asking if you want to disable the WSH. Click on the [
Yes] button.
Now when you execute test.vbs, the little box with the message box "Hello from WSH!" will not appear. Instead, Windows will display the message "Windows ScriptHost access is disabled on this machine". Inspecting the key again in the Registry Editor will verify that its value has been set to "0". Your PC is now betterprotected from hackers.
1. In the Registry Editor "Registry" menu select "Import Registry File...".2. In the "Import Registry File" dilaog box that appears, select the file wshke
-
7/28/2019 Win Script Host_1
3/3
y.reg, then click on the [Open] button.
Inspecting the key again in the Registry Editor will verify that its value has been set to "1". You are now able to use the powerful capabilites of the WSH. Nowwhen you execute test.vbs, the message "Hello from WSH!" will appear.
Keep the wshkey.reg and disable.vbs files in a convenient place so that when youneed to run a script you can quickly import wshkey.reg into the registry to enable the WSH, execute your script, then execute disable.vbs to protect your system. Or you could easily include, at end of your script, the three lines from disable.vbs that disable the WSH (you don't really need the message box).
With this technique, you can quickly enable the WSH, run a program that uses theWSH or use a script to perform administration tasks, and disable it again.