Wer heute halbwegs vernünftig denken kann disabled Windows Scripting Host (32 Bit Knoten mit selbem Namen gibts auch, also nicht vergessen) – damit kann man zwar CSCRIPT/WSCRIPT/Doppelklick auf .VBS/.JS unterbinden aber ein paar ziemlich nützliche COM-Objekte bleiben übrig und können z.B. von einem Office Makro aus sehr wohl für sehr böse Dinge benutzt werden.
MS hat es gut gemeint und ja seit Windows Vista (vermutlich) alles dem TrustedInstaller übergeben und selbst die Administratoren von ganz schön vielen Teilen des Betriebssystems (etwas halbherzig) ausgeschlossen – d.h. einfach SCRRUN.DLL (Home of Scripting.FileSystemObject, etc.) bzw. WSHOM.OCX (WScript.Shell, etc.) deregistrieren geht nicht mehr (lustigerweise liefert erstere Fehler und macht nix, letztere liefert OK macht aber auch nix).
Wie jeder weiß kann man als Admin den Besitz der TrustedInstaller-owned Files/Registrykeys übernehmen – daher ist eine Deregistrierung der entsprechenden Keys durchaus möglich, ich benutze SetACL für die Besitzübernahme (Script ist für ein 64 Bit System gedacht, deregistriert werden beide Varianten der Objekte):
SetACL.exe -on "HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_LOCAL_MACHINE\WOW6432Node\Classed\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_LOCAL_MACHINE\WOW6432Node\Classed\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\Scripting.Encoder" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\Scripting.Encoder" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\Scripting.FileSystemObject" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\Scripting.FileSystemObject" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\Scripting.Dictionary" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\Scripting.Dictionary" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\HTML.HostEncode" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\HTML.HostEncode" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\ASP.HostEncode" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\ASP.HostEncode" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\JSFile.HostEncode" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\JSFile.HostEncode" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\VBSFile.HostEncode" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\VBSFile.HostEncode" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
c:\windows\system32\regsvr32 /u /s c:\windows\system32\scrrun.dll
c:\windows\syswow64\regsvr32 /u /s c:\windows\syswow64\scrrun.dll
SetACL.exe -on "HKEY_CLASSES_ROOT\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WScript.Shell" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WScript.Shell" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WScript.Shell.1" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WScript.Shell.1" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WScript.Network" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WScript.Network" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WScript.Network.1" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WScript.Network.1" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}" -ot reg -actn setowner -ownr "n:Administrators" -rec yes
SetACL.exe -on "HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes
c:\windows\system32\regsvr32 /u /s c:\windows\system32\wshom.ocx
c:\windows\syswow64\regsvr32 /u /s c:\windows\syswow64\wshom.ocx