Securing your environment by enforcing and utilizing digitally signed

scripts is easy with the features built into Windows and Windows

Scripting Host (WSH).

Last week we discussed how to enable the enforcement of digitally signed

scripts within your Windows environment. This week we review how to

programmatically sign your VBScripts.

Windows Script Host (WSH) version 5.6 added the ability to

programmatically sign your VBScripts. This feature can be taken

advantage of by using the Scripting.Signer object in WSH. To use the

Scripting.Signer object within your script, you need to create an

instance of the object and then invoke the object using the SignFile


Let's step through an example. Let's sign our script using a

certificate called "Company Script Certificate". Our script is located

at c:\scripts\signedScript.vbs.

First we need to obtain a valid certificate. This can be obtained from

VeriSign at www.verisign.com. After you have your certificate, we need

to invoke the Scripting.Signer object and invoke the SignFile method.

Create a file called c:\scripts\signer.vbs and copy/paste the following

code snippet into the file. Then save the file and create another

sample file called c:\scripts\signedScripts.vbs

What’s wrong? The new clean desk test
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies