In WSH, administrators have the choice to turn signature verification either on or off. If an administrator turns signature verification on, then the machine will only run scripts signed by trusted authorities. With signature verification turned on, there are two possible scenarios:
If an administrator turns signature verification off, the machine permits users to run any script.
In Windows 2000, the signature verification policy is set through the Local Security Policy editor. For more information on the Local Security Policy Editor and WSH settings, see the online Windows help system.
The signature verification policy registry key is located in the following hive:
\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy
The key is set to one of the following REG_DWORD values:
Security and Windows Script Host | Signing a Script | Verifying a Script | WinTrust