Get a glimpse inside Don Jones' book "Managing Windows with VBScript and WMI" with this series of book excerpts. Below is an excerpt from Chapter 28, "Scripting Security." Click for the complete book excerpt series or purchase the book.
It's so simple for users to launch unauthorized scripts from e-mail attachments that many administrators disable scripting altogether. But you shouldn't avoid this administrative tool -- lock it down and reap the benefits instead.
Scripting has two primary security issues associated with it. First, the Windows Script Host (WSH) is included with just about every version of Windows since Windows 98. Second, WSH associates itself with a number of filename extensions, making it very easy for users to click an e-mail file attachment and launch unauthorized scripts. The knee-jerk reaction of many administrators is to simply disable scripting altogether, which also removes a beneficial administrative tool from the environment. This chapter focuses on ways to address the two primary security issues associated with scripting, which will help you configure a safer scripting environment.
Chapter 28 excerpts: 'Scripting Security'
Why scripting can be dangerous
2. Security improvements in Windows XP and Windows Server 2003
3. Digitally signing scripts
4. Running only signed scripts
5. Ways to implement safe scripting
To download the complete chapter, click for the .pdf.
Click here to return to the SearchWindowsSecurity.com Book Excerpts Library.
Dig Deeper on Endpoint security management tools