Menu
To Protect Your PC Disable the Windows Scripting Host


Learn more at amazon.com

The Windows Scripting Host (WSH) is a feature that enables VBScripts to run on Windows operating systems. VBScripts contain instructions that can modify almost anything on your computer without your knowledge. They are frequently used by system administrators to automate PC administration tasks.

Scripts are plain text files and VBScript is a very simple progamming language, so anyone can use Windows Notepad to create a script to read, modify, create, or delete files on your PC, including the registry and other configuration files. A script can be executed by clicking on the name of the script within an email message. Hackers can use the WSH to infect or cause damage to your PC.

You can increase the security of your PC by disabling the WSH; however, this prevents you from taking advantage of its powerful capabilites, and some legitimate applications use the WSH. In this article, you'll learn a technique to quickly enable the WSH, use it to perform administration tasks, and disable it again.

Disclaimer: This article involves editing the registry. Incorrectly editing the registry can cause your computer to fail to start. The use of this information is entirely at your own risk. To be safe, you should backup your computers registry before using this information. In no event shall Bucaro TecHelp be liable for any damages whatsoever arising out of the use of or inability to use the information in this article.

The first step is to export the registry key that controls whether the WSH is enabled or disabled.

1. Select Start | Run... and in the Run dialog box that appears, type regedit and click on the [OK] button.
2. In the Registry Editor, navigate to and highlight the following key.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\Enabled

3. In the Registry Editor "Registry" menu select "Export Registry File...".
4. In the "Export Registry File" dialog box that appears, in the "File name:" text box enter a file path and name, for example "c:\wshkey". Make sure "Registration files" is selected in the "Save as type:" drop down list.
5. Make sure the "Selected branch" radio button is set in the bottom section of the "Export Registry File" dialog box.
6. Click on the [Save] button.

The Registry Editor will have created the file wshkey.reg in the root of the c: directory. You can open the file in Windows Notepad and see that it contains the following information (or something similar to it).

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
   Script Host\Settings]
"DisplayLogo"="1"
"ActiveDebugging"="1"
"SilentTerminate"="0"
"TrustPolicy"=dword:00000000
"LogSecurityFailures"="1"
"LogSecuritySuccesses"="0"
"Remote"="0"
"Enabled"="1"
"IgnoreUserSettings"="0"

Note that the "Enabled" key is set to "1", indicating that the WSH is enabled. If this key is set to "0" on your machine, then the WSH is disabled. In order to run scripts on your computer, you'll need to edit this setting and import the key back into the registry.

To see if the WSH is actually running and enabled, open Windows Notepad and create a new file by typing in the following lines.

Set wshShell = Wscript.CreateObject("Wscript.Shell")
MsgBox("Hello from WSH!")

Save the file with the name test.vbs (you may need to save it as test.txt and then change the file extension). When you double-click on the file name, a message box should appear.

Open Windows Notepad and create a new file by typing in the following lines (or just cut and paste the lines below).

If MsgBox("Disable WSH?", vbQuestion + vbYesNo,
 "Windows Scripting Host") = vbYes Then
Dim WshShell, RegKey
Set WshShell = CreateObject("WScript.Shell")
RegKey = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows 
  Script Host\Settings\Enabled"
WshShell.RegWrite Regkey, "0"
End If

Save the file with the name disable.vbs. When you double-click on the file name, a message box will appear asking if you want to disable the WSH. Click on the [Yes] button.

Now when you execute test.vbs, the little box with the message box "Hello from WSH!" will not appear. Instead, Windows will display the message "Windows Script Host access is disabled on this machine". Inspecting the key again in the Registry Editor will verify that its value has been set to "0". Your PC is now better protected from hackers.

1. In the Registry Editor "Registry" menu select "Import Registry File...".
2. In the "Import Registry File" dilaog box that appears, select the file wshkey.reg, then click on the [Open] button.

Inspecting the key again in the Registry Editor will verify that its value has been set to "1". You are now able to use the powerful capabilites of the WSH. Now when you execute test.vbs, the message "Hello from WSH!" will appear.

Keep the wshkey.reg and disable.vbs files in a convenient place so that when you need to run a script you can quickly import wshkey.reg into the registry to enable the WSH, execute your script, then execute disable.vbs to protect your system. Or you could easily include, at end of your script, the three lines from disable.vbs that disable the WSH (you don't really need the message box).

With this technique, you can quickly enable the WSH, run a program that uses the WSH or use a script to perform administration tasks, and disable it again.


Learn more at amazon.com

More Windows Administration Information:
• Network Security Through the Principle of Least Privilege
• Introduction to Windows PowerShell
• Windows PC Performance Troubleshooting and Optimisation
• Understanding Windows 7 Security Center
• Top Ten RAID Tips
• Check Your Version of PowerShell
• NTFS Permissions
• The Different Types of Virtualization
• Windows Server 2019 and PowerShell All-in-One For Dummies
• Configure Windows Indexing Service for Performance