Restricting the Ability to Run Scripts

Microsoft® Windows® 2000 Scripting Guide

microsoft windows 2000 scripting guide

« Previous | Next »   

By default, double-clicking a .VBS file will immediately run the script. If you modify the registry, however, you can prevent the script from running immediately; instead, a warning box (complete with a customized message) will be displayed.

This does not prevent the user from running the script; he or she can click Open With, locate Wscript.exe or Cscript.exe, and then run the script. Alternatively, the script can be started from the command line by specifying the script host:

wscript.exe DeleteFiles.vbs

cscript.exe DeleteFiles.vbs

However, this approach does provide an extra layer of protection by giving users the option to cancel a script before it runs. Without this option, a script that is double-clicked will run without warning.

The following batch file can be used to modify the registry and force a warning box to appear whenever a user double-clicks a .VBS file. This batch file:

  1. Uses Reg.exe (found in the Windows 2000 Support Tools) to copy the registry tree HKEY_CLASSES_ROOT\VBSFile\Shell to HKEY_CLASSES_ROOT\VBSFile\bkupShell. Backing up this key rather than deleting it enables you to easily restore standard functionality if necessary.
  2. Deletes HKEY_CLASSES_ROOT\VBSFile\Shell.
  3. Adds a new entry (NoOpen) to HKEY_CLASSES_ROOT\VBSFile, and sets the value of the entry to the desired warning message. In this sample script, the message which is limited to 140 characters is "Do not run this file unless it has been approved by Information Services."
reg copy HKCR\VBSFile\Shell HKCR\VBSFile\bkupShell /s /f reg delete HKCR\VBSFile\Shell /f reg add HKCR\VBSfile\ /v NoOpen /t REG_SZ /d "Do not run this file unless it has been approved by Information Services." 

To restore standard functionality, use this batch file:

reg copy HKCR\VBSFile\bkupShell HKCR\VBSFile\Shell /s /f reg delete HKCR\VBSFile\bkupShell /f reg delete HKCR\VBSFile /v NoOpen /f 

Similar steps can be undertaken to restrict the use of other scripting file types, including .VBE, .JS, .JSE, and .WSF files.

Important

  • Configuring scripts to display a message box when started could create problems with logon or logoff scripts. Instead of running each time a user logs on, your logon script will display the message box instead. To work around this problem, call the logon script from a batch file instead.

send us your feedback Send us your feedback « Previous | Next »   


Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 635

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net