How to disable Windows Script Host

Page 1 of 2 12 LastLast

  1. Posts : 356
    windows 10 pro x64 21H1
       #1

    How to disable Windows Script Host


    Is there a good way in registry or group policy to disable wscript.exe? Does it apply to all users?
    Purpose is to prevent users from accidentally running malicious scripts.
    I could just delete it or rename it, but it might come back after a Windows update.
      My Computers


  2. Posts : 5,442
    Windows 11 Home
       #2

    You can use this per user (HKCU) or per PC (HKLM).
    Code:
    reg add "HKCU\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    Another option, per user based.
    Code:
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "wscript.exe" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "2" /t REG_SZ /d "cscript.exe" /f

    Symantec used to recommend it, but they have realized, that preventing malware does not really help them.
    VBS.Downloader.Trojan is written using the Visual Basic Scripting language (VBS). For VBS scripts to execute, Windows Scripting Host (WSH) is required. WSH is installed by default on most Windows systems. However, it is possible to disable the WSH. Read the instructions on disabling the WSH.
      My Computer


  3. Posts : 356
    windows 10 pro x64 21H1
    Thread Starter
       #3

    Thanks!
      My Computers


  4. Posts : 356
    windows 10 pro x64 21H1
    Thread Starter
       #4

    Does it also disable cscript?
      My Computers


  5. Posts : 5,442
    Windows 11 Home
       #5

    Unfortunately no. DisallowRun works only for the local user, so admin or system probably might still run it.

    By the way, Norton's tool is still around, when run as admin, it disables jse, jsf, vbe, vbs, wsf, wsh.
    Code:
    http://www.symantec.com/avcenter/noscript.exe
      My Computer


  6. Posts : 356
    windows 10 pro x64 21H1
    Thread Starter
       #6

    TairikuOkami said:
    Unfortunately no. DisallowRun works only for the local user, so admin or system probably might still run it.

    By the way, Norton's tool is still around, when run as admin, it disables jse, jsf, vbe, vbs, wsf, wsh.
    Code:
    http://www.symantec.com/avcenter/noscript.exe
    But what about the first reg key you gave, HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    Does that one work also for cscript?

      My Computers


  7. Posts : 5,442
    Windows 11 Home
       #7

    It seems it does, though cscript.exe can still run.
    Attached Thumbnails Attached Thumbnails How to disable Windows Script Host-capture_11172018_182207.jpg  
      My Computer


  8. Posts : 356
    windows 10 pro x64 21H1
    Thread Starter
       #8

    TairikuOkami said:
    It seems it does, though cscript.exe can still run.
    Thanks bro!
      My Computers


  9. Posts : 3
    Windows 10
       #9

    If you're really just worried about users running a script by double clicking on it, there's an easier way to do this. You simply alter the settings to make script files open in Notepad anytime someone double clicks on them. You still have the option of running scripts when you want to by right clicking on them, and scripts can be run by any programs that need them, so you avoid the problems that can be created by disabling scripts entirely. Just pick which script files you want to alter from the following choices:

    Code:
    Windows Registry Editor Version 5.00
    
    ; Makes vbs files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\vbsfile\shell]
    @="edit"
    
    ; Makes vbe files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\vbefile\shell]
    @="edit"
    
    ; Makes ws files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\wsfile\shell]
    @="edit"
    
    ; Makes wsh files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\wshfile\shell]
    @="edit"
    
    ; Makes js files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\jsfile\shell]
    @="edit"
    
    ; Makes jse files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\jsefile\shell]
    @="edit"
    As always, it's best to back up these registry keys before altering them, but you can always restore the original functionality to any of those files by just replacing @="edit" with @="Open"
      My Computer


  10. Posts : 3
    Windows 10
       #10

    Oops! that wsh file entry (fourth one down) should be [HKEY_CLASSES_ROOT\wshfile\shell]. Sorry.

    EDIT: I fixed it in my original post, so it's good now. Apologies again.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:07.
Find Us




Windows 10 Forums