Securing your environment by enforcing and utilizing digitally signed

scripts is easy with the features built into Windows and Windows

Scripting Host (WSH).

It has been a few months since I wrapped up my 19-part series on Visual

Basic Scripting Edition (VBScript). If this is your first time joining

us, you may want to take a look at the series for an introduction or

refresher to this powerful capability for Windows administrators. The

beginning of the series can be found here:


This week we discuss digitally signing your scripts within VBScript.

Digitally signing scripts allows you to verify who authored a script as

well as ensure that the script has not been altered since the script was

originally signed. By enforcing the use of digital signatures within

your scripts, you can increase the security of your environment and add

an additional layer of protection from many of the script-related

attacks that are common today.

When you digitally sign a script, you create a "hash". A hash is

basically a fixed-size string that is created using a specialized

computational function. The function takes a variable-size input and

returns the fixed-sized string known as a hash value. This "hash"

becomes the digital signature. To read an easy to understand

explanation of digital signatures, check out


After you digitally sign a script, your script will be appended with a

signature that may look like the following:

------------------- Begin Sample Signature -------------------

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon