How can I disable Windows Scripting Host (WSH)? (and should I?)

  • Thread starter Thread starter Colin Higbie
  • Start date Start date
C

Colin Higbie

First, let me say I'm not actually sure I should do this. I'm asking on
behalf of a colleague who believes he must disable WSH. He was told that
they should disable WSH on their Windows 2000 and Windows XP systems as a
general matter of security. It occurred to me that this might be one of
those Windows urban legends, especially when I couldn't find anything
supporting it on the web or in MS Knowledgebase.

Is WSH a security threat (in Win2k or WinXP)?

Second, if it is a threat, how would someone go about turning it off? I
didn't see it listed in the Services MMC. What are the other consequences of
disabling it?

Thanks,
Colin
 
Install SP2 and other critical updates from the Windows Update
web site. The install a good antivirus program and there would be
no need to disable Windows Scripting Host.

How to disable or remove the Windows Scripting Host
http://www.symantec.com/avcenter/venc/data/win.script.hosting.html

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.mspx

------------------------------------------------------------------------------

:

| First, let me say I'm not actually sure I should do this. I'm asking on
| behalf of a colleague who believes he must disable WSH. He was told that
| they should disable WSH on their Windows 2000 and Windows XP systems as a
| general matter of security. It occurred to me that this might be one of
| those Windows urban legends, especially when I couldn't find anything
| supporting it on the web or in MS Knowledgebase.
|
| Is WSH a security threat (in Win2k or WinXP)?
|
| Second, if it is a threat, how would someone go about turning it off? I
| didn't see it listed in the Services MMC. What are the other consequences of
| disabling it?
|
| Thanks,
| Colin
 
Colin Higbie said:
First, let me say I'm not actually sure I should do this. I'm asking on
behalf of a colleague who believes he must disable WSH. He was told that
they should disable WSH on their Windows 2000 and Windows XP systems as a
general matter of security. It occurred to me that this might be one of
those Windows urban legends, especially when I couldn't find anything
supporting it on the web or in MS Knowledgebase.

Is WSH a security threat (in Win2k or WinXP)?

Second, if it is a threat, how would someone go about turning it off? I
didn't see it listed in the Services MMC. What are the other consequences of
disabling it?
Click to expand...

The Windows Script Host allows scripts, launched by the end-user, to run on the computer. I can't think of a single good reason to disable the WSH unless your friend is working at a place with an incompetent system administrator. Disabling the WSH will prevent login scripts from running on the machine.

If your friend is the type of person who immediately double-clicks on all attachments named EnlargeMyPenisNow.vbs, then, yes, I would disable the WSH on his machine. Otherwise, just ask your friend to not double-click AlyssaMilanoTotallyNude.vbs attachments.

Here is as site that describes how to disable the WSH:
http://www.sophos.com/support/wsh.html

Here is a site where you can start automating some of your computing tasks, like backing up files, tracking newly installed applications, etc.:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/scriptinga.asp

Good luck,

carl
 
Back
Top