When you run a Windows script using wscript.exe or cscript.exe, error Windows Script Host access is disabled on this machine may pop-up. However, in systems affected by malware, the error appears at regular intervals, without any script invocation by the user.
So the key questions are:
- Which script is being run that causes the error message?
- How do I enable Windows Script Host access in the machine?
This post address those questions.
If the message “Windows Script Host access is disabled” appears at every startup or in regular intervals without you doing anything, then a malware script (.vbs, .js or .wsf) may be trying to run in the background, and is prevented by Windows Script Host restriction in effect in your system, which is very good. In such cases, your aim should be to eliminate the malware from the system completely rather than fixing the script host error message.
Run a thorough malware scan in your system first. Until every trace of malware is removed, do not lift the script host restriction. The restriction is only protecting your system.
If the error appears without you manually launching a script, then it’s possible that a malware script is trying to run in the background, probably as a scheduled task.
Use Task Manager to find the script file name
You can use a simple tool like Task Manager to find out the script file name that’s being executed. Use these steps:
- Let the script error window be on the screen. Don’t dismiss it yet.
- Disconnect your computer from the internet.
- Open Task Manager (Ctrl + Shift + Esc) and click the Details tab.
- Right-click the column header, click Select Columns.
- Enable the Command line checkbox and click OK.
RELATED: Check out post Configure Task Manager to display full path of running processes for more information and screenshots.
This shows the complete path and file name of the script file which is trying to run silently. In this example, a script file named protect.vbs is trying to run from the %TEMP% folder of the user profile.
Related: Process Explorer from Windows SysInternals can be used to find the process name, path and full arguments. Check out post How to Find Which Program Caused An Unknown Error Message? for details.
Use Advanced Troubleshooting Tools
Further, you can use Autoruns, another excellent tool from Microsoft Windows SysInternals to find the startup launch-point (Startup or Task Scheduler) used by that malware script.
Start your investigation from there. If you’re an advanced user, you can even edit the script file using Notepad and see what code is being executed. Ransomware usually employs .vbs, .js, .wsh or .hta files to download the crypto-ransomware payload from a remote server, run it on your local system and encrypt your data or erase them completely.
First of all, if someone could drop a malware script in your TEMP directory and launch it, then there exists some really serious vulnerability in your system. Antivirus and anti-malware protection may not always help if your system is vulnerable to an exploit. You should make sure that your system is up to date in terms of Windows Update patches, as well as updates for the programs you’re using in your system.
Do a thorough checkup using a reputed anti-malware tool such as Malwarebytes.
If your system is not connected to a domain, here are the steps to remove the error “Windows Script Host Access is Disabled”. This procedure will enable running Windows Scripts (.vbs or .js) on your system.
Enable Windows Script Host access using the Registry Editor
- Press WinKey + R to bring up the Run dialog.
- Delete the value named Enabled in following keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings
If a key doesn’t exist, ignore and check the next key.
- Exit the Registry Editor.
Enable Windows Script Host access using command-line
To do this using command-line, execute these commands from elevated Command Prompt:
REG DELETE "HKCU\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled /f REG DELETE "HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled /f
With the Windows Script Host restrictions lifted, you should only run scripts from trusted sources and if you’re sure they are safe to run.
That’s it! This enables Windows Scripting host on your computer.
One small request: If you liked this post, please share this?One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!