How to disable Windows Script Host

Page 1 of 2 12 LastLast
  1. shmu26's Avatar
    Posts : 346
    windows 10 pro x64 20H2
       #1

    How to disable Windows Script Host


    Is there a good way in registry or group policy to disable wscript.exe? Does it apply to all users?
    Purpose is to prevent users from accidentally running malicious scripts.
    I could just delete it or rename it, but it might come back after a Windows update.
      My Computers

  2. TairikuOkami's Avatar
    Posts : 4,681
    Windows Home Dev 21xxx x64
       #2

    You can use this per user (HKCU) or per PC (HKLM).
    Code:
    reg add "HKCU\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    Another option, per user based.
    Code:
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "wscript.exe" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "2" /t REG_SZ /d "cscript.exe" /f

    Symantec used to recommend it, but they have realized, that preventing malware does not really help them.
    VBS.Downloader.Trojan is written using the Visual Basic Scripting language (VBS). For VBS scripts to execute, Windows Scripting Host (WSH) is required. WSH is installed by default on most Windows systems. However, it is possible to disable the WSH. Read the instructions on disabling the WSH.
      My Computer

  3. shmu26's Avatar
    Posts : 346
    windows 10 pro x64 20H2
    Thread Starter
       #3

    Thanks!
      My Computers

  4. shmu26's Avatar
    Posts : 346
    windows 10 pro x64 20H2
    Thread Starter
       #4

    Does it also disable cscript?
      My Computers

  5. TairikuOkami's Avatar
    Posts : 4,681
    Windows Home Dev 21xxx x64
       #5

    Unfortunately no. DisallowRun works only for the local user, so admin or system probably might still run it.

    By the way, Norton's tool is still around, when run as admin, it disables jse, jsf, vbe, vbs, wsf, wsh.
    Code:
    http://www.symantec.com/avcenter/noscript.exe
      My Computer

  6. shmu26's Avatar
    Posts : 346
    windows 10 pro x64 20H2
    Thread Starter
       #6

    TairikuOkami said:
    Unfortunately no. DisallowRun works only for the local user, so admin or system probably might still run it.

    By the way, Norton's tool is still around, when run as admin, it disables jse, jsf, vbe, vbs, wsf, wsh.
    Code:
    http://www.symantec.com/avcenter/noscript.exe
    But what about the first reg key you gave, HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    Does that one work also for cscript?

      My Computers

  7. TairikuOkami's Avatar
    Posts : 4,681
    Windows Home Dev 21xxx x64
       #7

    It seems it does, though cscript.exe can still run.
    Attached Thumbnails Attached Thumbnails How to disable Windows Script Host-capture_11172018_182207.jpg  
      My Computer

  8. shmu26's Avatar
    Posts : 346
    windows 10 pro x64 20H2
    Thread Starter
       #8

    TairikuOkami said:
    It seems it does, though cscript.exe can still run.
    Thanks bro!
      My Computers

  9. Omahabob's Avatar
    Posts : 3
    Windows 10
       #9

    If you're really just worried about users running a script by double clicking on it, there's an easier way to do this. You simply alter the settings to make script files open in Notepad anytime someone double clicks on them. You still have the option of running scripts when you want to by right clicking on them, and scripts can be run by any programs that need them, so you avoid the problems that can be created by disabling scripts entirely. Just pick which script files you want to alter from the following choices:

    Code:
    Windows Registry Editor Version 5.00
    
    ; Makes vbs files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\vbsfile\shell]
    @="edit"
    
    ; Makes vbe files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\vbefile\shell]
    @="edit"
    
    ; Makes ws files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\wsfile\shell]
    @="edit"
    
    ; Makes wsh files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\wshfile\shell]
    @="edit"
    
    ; Makes js files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\jsfile\shell]
    @="edit"
    
    ; Makes jse files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\jsefile\shell]
    @="edit"
    As always, it's best to back up these registry keys before altering them, but you can always restore the original functionality to any of those files by just replacing @="edit" with @="Open"
      My Computer

  10. Omahabob's Avatar
    Posts : 3
    Windows 10
       #10

    Oops! that wsh file entry (fourth one down) should be [HKEY_CLASSES_ROOT\wshfile\shell]. Sorry.

    EDIT: I fixed it in my original post, so it's good now. Apologies again.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 16:10.
Find Us




Windows 10 Forums