Limit WSH to a particular folder?

G

Gordon Price

Is there a way to limit WSH to executing scripts from a particular folder
only, and ideally manage this with GP over the domain? Seems like a good way
to make use of scripts while also minimizing script based virus risk.

Thanks,
Gordon
 
L

Larry(LJL269)

Dont know but Symantec has app to turn them ON/OFF at
will but Globally. $0 too. URL by request.

HTH - Larry

On Mon, 13 Oct 2003 08:54:32 -0700, "Gordon Price"

|Is there a way to limit WSH to executing scripts from a particular folder
|only, and ideally manage this with GP over the domain? Seems like a good way
|to make use of scripts while also minimizing script based virus risk.
|
|Thanks,
|Gordon
|


Any advice given is my attempt to show appreciation for all
the excellent help I've received here but I'm no MVP so it
may only apply NUGS. Personal attacks, nitpicking & criticism
of anything but content will NOT be responded to. Those
posters should spend their time taking the test @
http://www.nimh.nih.gov/publicat/ocdtrt1.htm
 
L

Larry(LJL269)

On Mon, 13 Oct 2003 08:54:32 -0700, "Gordon Price"

|Is there a way to limit WSH to executing scripts from a particular folder
|only, and ideally manage this with GP over the domain? Seems like a good way
|to make use of scripts while also minimizing script based virus risk.
|
|Thanks,
|Gordon
|
Its at
http://securityresponse.symantec.com/avcenter/venc/data/win.script.hosting.html

Any advice given is my attempt to show appreciation for all
the excellent help I've received here but I'm no MVP so it
may only apply NUGS. Personal attacks, nitpicking & criticism
of anything but content will NOT be responded to. Those
posters should spend their time taking the test @
http://www.nimh.nih.gov/publicat/ocdtrt1.htm
 
G

Gordon Price

Larry(LJL269) said:
Dont know but Symantec has app to turn them ON/OFF at
will but Globally. $0 too. URL by request.
Click to expand...

In this case I don't want to turn them off. Ideally I would like to put all
my scripts in a folder and make that the only place scripts can execute
from. Much less expensive, and a lot easier, than buying a certificate and
signing all my scripts. As for simply turning them off, I think WSH has a
registry setting to either allow execution, allow with warning, or disallow.
I could go that route but that would annoy users and most wouldn't know what
to allow and what not to.

Best,
Gordon
 
T

Torgeir Bakken (MVP)

Gordon said:
Is there a way to limit WSH to executing scripts from a particular folder
only, and ideally manage this with GP over the domain? Seems like a good way
to make use of scripts while also minimizing script based virus risk.
Click to expand...

Hi

Yes, if you sign your scripts with a certificate.

The Scripting Clinic article context is XP but also applies to systems
running WSH 5.6...

Providing a Secure eXPerience
http://msdn.microsoft.com/library/en-us/dnclinic/html/scripting10082001.asp

Windows Script Host 5.6 (see section "Authentication/Security Advances")
http://msdn.microsoft.com/library/en-us/dnclinic/html/scripting11132000.asp


And related newsgroup threads...

Google Search: TrustPolicy group:*.scripting
http://groups.google.com/groups?q=TrustPolicy group:*.scripting&num=100&scoring=d
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

MPV - versitile fast lean player. 3
using WSH scripts in vb.net 3
MS Website plays havoc on older browsers 30
Software Restriction Policy Path Rules to enable scripts from one folder only, no code signing neede 1
Using WSH to populate a pivot cache with an ADO recordset 4
Using wsh to control offline files 7
Setting a time Limit to a user account 3
Character limit to Shortcut Target? 0

Top