Microsoft never supported VBScript in Microsoft Edge, which meant it was limited to Internet Explorer 11. Now, on any supported Windows system with the latest updates installed, VBScript will be disabled by default. Microsoft released a similar update for Windows 10 on July 9, 2019. This way you gain all the benefits of blocking rogue scripts from running while still keeping everything manageable.On August 13, 2019, Microsoft disabled VBScript by default in Internet Explorer on Windows 7, 8, and 8.1 systems via a Patch Tuesday update. Instead, this policy must be replaced with a more reasonable one that requires all scripts to be signed and that uses Group Policy to allow only signed scripts to run on client machines. But the solution itself is wrong - you just can't block VBScript from running on Windows machines and expect to have a manageable network. Still, what this company was demanding isn't that unreasonable since running scripts on clients could be positioned as a possible security risk in some circumstances. Otherwise you could end up with a network or machines that are totally unmanageable. It's a good idea before implementing or revising your corporate security policy to run a reality check on each restriction you're going to make, especially those relating to client computers. And I'm sure there would be more consequences as well. It means some Microsoft applications and many third-party applications that use scripts as part of their setup routines couldn't even be installed on your clients.
It means network quarantine wouldn't work, so your network will actually end up being less secure rather than more if this policy is implemented. It also means that you'd lose a lot of logon script functionality since you'd be restricted to using only batch files. And it means that you couldn't use BDD to deploy clients. Well, it would mean you couldn't use SMS or MOM to manage your clients.
0 kommentar(er)
