Securing your environment by enforcing and utilizing digitally signed
scripts is easy with the features built into Windows and Windows
Scripting Host (WSH).
Last week we discussed how to enable the enforcement of digitally signed
scripts within your Windows environment. This week we review how to
programmatically sign your VBScripts.
Windows Script Host (WSH) version 5.6 added the ability to
programmatically sign your VBScripts. This feature can be taken
advantage of by using the Scripting.Signer object in WSH. To use the
Scripting.Signer object within your script, you need to create an
instance of the object and then invoke the object using the SignFile
Let's step through an example. Let's sign our script using a
certificate called "Company Script Certificate". Our script is located
First we need to obtain a valid certificate. This can be obtained from
VeriSign at www.verisign.com. After you have your certificate, we need
to invoke the Scripting.Signer object and invoke the SignFile method.
Create a file called c:\scripts\signer.vbs and copy/paste the following
code snippet into the file. Then save the file and create another
sample file called c:\scripts\signedScripts.vbs