Compartir a través de


Signature Verification Policy

In WSH, administrators have the choice to turn signature verification either on or off. If an administrator turns signature verification on, then the machine will only run scripts signed by trusted authorities. With signature verification turned on, there are two possible scenarios:

Scenarios

  • If the trust can't be determined, then the user is prompted to confirm that the script should run.

  • If the trust can't be determined, then the script does not run.

If an administrator turns signature verification off, the machine permits users to run any script.

In Windows 2000, the signature verification policy is set through the Local Security Policy editor. For more information on the Local Security Policy Editor and WSH settings, see the online Windows help system.

The signature verification policy registry key is located in the following hive:

\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy

The key is set to one of the following REG_DWORD values:

  • 0 Run all scripts

  • 1 Prompt user if script is untrusted

  • 2 Run only trusted scripts

See Also

Concepts

Signing a Script (Windows Script Host)

Verifying a Script

CryptoAPI Tools

Other Resources

Security and Windows Script Host