Securing your environment by enforcing and utilizing digitally signed
scripts is easy with the features built into Windows and Windows
Scripting Host (WSH).
It has been a few months since I wrapped up my 19-part series on Visual
Basic Scripting Edition (VBScript). If this is your first time joining
us, you may want to take a look at the series for an introduction or
refresher to this powerful capability for Windows administrators. The
beginning of the series can be found here:
This week we discuss digitally signing your scripts within VBScript.
Digitally signing scripts allows you to verify who authored a script as
well as ensure that the script has not been altered since the script was
originally signed. By enforcing the use of digital signatures within
your scripts, you can increase the security of your environment and add
an additional layer of protection from many of the script-related
attacks that are common today.
When you digitally sign a script, you create a "hash". A hash is
basically a fixed-size string that is created using a specialized
computational function. The function takes a variable-size input and
returns the fixed-sized string known as a hash value. This "hash"
becomes the digital signature. To read an easy to understand
explanation of digital signatures, check out
After you digitally sign a script, your script will be appended with a
signature that may look like the following:
------------------- Begin Sample Signature -------------------