MSN Home  |  My MSN  |  Hotmail
Sign in to Windows Live ID Web Search:   
go to MSNGroups 
Groups Home  |  My Groups  |  Language  |  Help  
 
Windows-Scriptwindowsscript@groups.msn.com 
  
What's New
  Join Now
  Home  
  Windows XP  
  Getting Started  
  
  My First Script  
  
  Running Scripts  
  
  Logon Scripts  
  
  Learning VBScript  
  
  Script Editors  
  
  About Security  
  Advanced Stuff  
  FAQ  
  Downloads  
  Recommendations  
  MS Newsgroups  
  Upload  
  Old Homes  
  
  
  Tools  
 

About Security

A COM object can be used to perform many operations that assume a level of trust. I.E allows a user to enforce some basic security requirements by differentiating between COM objects that can be considered 'safe for scripting' and those that are not.
Microsoft provides a mechanism for developers to mark a component as 'safe for scripting' which should only be used for components that don't access the file system, registry, memory or network. What's left? Things that display something on the screen.
This is why Internet Explorer is not an ideal host for programs written in Windows Script that rely on COMponents. Microsoft provides the Windows Script Host (WSH) and HTML Applications (HTA) for this reason. Neither of these hosts enforce any security so you can use any COM object in your application without warnings or errors (unless the component has OS dependencies)
Sometimes you still want to use a non safe COM object with IE, say as part of your Intranet, as this is the most convenient way of interacting with the user (or their PC). The following article describes the security modes with IE.

Description of Internet Explorer Security Zones Registry Entries

My advice to organisations rolling out IE is to add the Intranet to the Trusted Sites Zone, allow downloading and running of all signed and unsigned ActiveX controls and prevent users from being able to add sites to this zone. This has the added advantage of not having to sign your IEAK components if they are distributed from within the Intranet site. If your intranet includes FrontPage server extensions the dissable the ability for users to upload executables.

You can also define a security zone for HTML pages on your local hard disk. Here is the code for a small script to enable this zone to be displayed in the IE security tab.

set shell = createobject("wscript.shell")

shell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows" _
   &"\CurrentVersion\Internet Settings\Zones\0\" _
   & "Flags", 1, "REG_DWORD"

shell.RegWrite "HKCU\SOFTWARE\Microsoft\Windows" _
   &"\CurrentVersion\Internet Settings\Zones\0\" _
   & "Flags", 1, "REG_DWORD"

For information on new security features added to WSH 5.6 read this article

http://msdn.microsoft.com/msdnmag/issues/01/04/WSH/WSH.asp

There is some confusion over the use of script signing support on Windows XP which includes a new policy type called Software Restriction Policy (SRP). You must dissable this feature if you want to use the backward compatible Script Trust Policy. All settings can be found in this registry key...

\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy

 - If "UseWINSAFER" is set to 1, then the SRPs will be used, and "TrustPolicy" will be ignored completely.

  - If "UseWINSAFER" is set to 0 or not present, then the "TrustPolicy" setting will be used.

 
Notice: Microsoft has no responsibility for the content featured in this group. Click here for more info.
  Try MSN Internet Software for FREE!
    MSN Home  |  My MSN  |  Hotmail  |  Search
Feedback  |  Help  
  ©2005 Microsoft Corporation. All rights reserved.  Legal  Advertise  MSN Privacy