Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

file extentions trhough logon scripts

Status
Not open for further replies.
Overdoos

Overdoos

IS-IT--Management
May 31, 2000
79
BE
I have logon scripts on my servers that map the drives and updates virusdefinitions when users log on, but now I want to assign file-extentions to applications using this script.
(More specific, I want to set notepad as default to .VBS-files)

Does anybody have any idea if this is possible and how it can be done?
I know I can alter a registry-key to do this, but I would prefer not having to do this on every client seperatly.
 
Sort by date Sort by votes
Sadly, I do not remember who sent this to me, but we are looking into implementing this as well.
THIS HAS NOT BEEN TESTED So use at your own risk.
Kudos to the person that put this out and whoever sent it my way.



The attack was based on the assumption that typically an e-mail attachment is opened by double-clicking on it. This invokes a default behavior determined by attachment's extension, which in turn executes an application chosen to perform this action, usually with appropriate arguments. For VBScript and JScript files (with extensions *.vbs, *.vbe, *.js, *.jse, or *.wsh), double-clicking, by default, executes wscript.exe, which calls appropriate scripting engine and interprets and executes the attached script - including a malicious one like the LOVE-LETTER-FOR-YOU.txt.vbs

This can be changed - either indirectly by modifying File Type options from View menu in Windows Explorer or directly by editing the registry. For example, instead of script execution, default action will launch Notepad with the script in it.

One caveat though - remember that from this point on, every single time you want to run the script, you have to type the full command line from the Command Prompt or Run menu, e.g. "wscript.exe myscript.vbs"

How to implement this change on a couple of hundred machines at once? Well, how about using VBScript... The following alters the default behavior and creates association with Notepad.exe.

1. Create a file with *.vbs extension (e.g. LoveUNot.vbs), modify your logon script so it includes the line
"wscript.exe LoveUNot.vbs".

2. Place both in Repl$ share on your directory replication source, make sure they replicate to all NetLogon shares on all domain controllers and once users log on, problem is resolved.

This can also be done by using System Policies, but it would require creating a custom template (*.adm) file.

And here is the content of the LoveUNot.vbs script (this is for Windows NT machines, for Windows 9x, you'd have to modify the location of the Notepad.exe, and change the type of the registry Data Type to REG_SZ):


On Error Resume Next

Set WShell=CreateObject("WScript.Shell")

VBKey = "HKCR\JSEFile\Shell\Open\Command\"
WShell.RegWrite VBKey, "%SystemRoot%\system32\NOTEPAD.EXE ""%1""", "REG_EXPAND_SZ"
VBKey = "HKCR\JSEFile\Shell\Open2\Command\"
WShell.RegWrite VBKey, "%SystemRoot%\system32\NOTEPAD.EXE ""%1""", "REG_EXPAND_SZ"
VBKey = "HKCR\JSFile\Shell\Open\Command\"
WShell.RegWrite VBKey, "%SystemRoot%\system32\NOTEPAD.EXE ""%1""", "REG_EXPAND_SZ"
VBKey = "HKCR\JSFile\Shell\Open2\Command\"
WShell.RegWrite VBKey, "%SystemRoot%\system32\NOTEPAD.EXE ""%1""", "REG_EXPAND_SZ"
VBKey = "HKCR\VBEFile\Shell\Open\Command\"
WShell.RegWrite VBKey, "%SystemRoot%\system32\NOTEPAD.EXE ""%1""", "REG_EXPAND_SZ"
VBKey = "HKCR\VBEFile\Shell\Open2\Command\"
WShell.RegWrite VBKey, "%SystemRoot%\system32\NOTEPAD.EXE ""%1""", "REG_EXPAND_SZ"
VBKey = "HKCR\VBSFile\Shell\Open\Command\"
WShell.RegWrite VBKey, "%SystemRoot%\system32\NOTEPAD.EXE ""%1""", "REG_EXPAND_SZ"
VBKey = "HKCR\VBSFile\Shell\Open2\Command\"
WShell.RegWrite VBKey, "%SystemRoot%\system32\NOTEPAD.EXE ""%1""", "REG_EXPAND_SZ"
VBKey = "HKCR\WSFFile\Shell\Open\Command\"
WShell.RegWrite VBKey, "%SystemRoot%\system32\NOTEPAD.EXE ""%1""", "REG_EXPAND_SZ"
VBKey = "HKCR\WSFFile\Shell\Open2\Command\"
WShell.RegWrite VBKey, "%SystemRoot%\system32\NOTEPAD.EXE ""%1""", "REG_EXPAND_SZ"
VBKey = "HKCR\WSHFile\Shell\Open\Command\"
WShell.RegWrite VBKey, "%SystemRoot%\system32\NOTEPAD.EXE ""%1""", "REG_EXPAND_SZ"
VBKey = "HKCR\WSHFile\Shell\Open2\Command\"
WShell.RegWrite VBKey, "%SystemRoot%\system32\NOTEPAD.EXE ""%1""", "REG_EXPAND_SZ"


Of course, your workstations must have wsh with VB Scripting Engine installed, but if they hadn't you probably wouldn't be too concerned about VBScript based viruses in the first place.




Good Luck!
>:):O>
anongod@hotmail.com

"Drawing on my fine command of language, I said nothing."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
193
ADB100
ADB100
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
378
microsGuy16
microsGuy16
JScannell
  • Locked
  • Question
File saving from browsers
Replies
1
Views
135
DrB0b
DrB0b
shmoes
  • Locked
  • Question
Delegating file admin permission
Replies
3
Views
144
SamBones
SamBones
DrB0b
  • Locked
  • Question
RDWeb server getting hit with odd logon requests....
Replies
1
Views
192
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top