Is there anyway that this script can be undone?

[JEG78]

A programming "genius" from another message board I frequent posted a hardening script to "protect" the users from IE exploits etc. Little did he tell everyone they will lose a ton of functionality in IE.

Is there any way, by looking at this script, to tell if it could be undone?

**Begin Script**

Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7

On Error Resume Next

intFoo = MsgBox("Do you want to harden Internet Explorer's security settings?" & vbCRLF & "This will block many known exploits and disable third party toolbars. You will have to reinstall any browser helper objects that you want to keep.", vbYesNo + vbInformation + VBFaultButton2, "Internet Explorer Security Settings")
If intFoo = 7 Then
'MsgBox "Hardening disabled, exiting.", vbOKOnly, "Exiting"
WSCript.Quit
End If

Set objWShell = WScript.CreateObject("WScript.Shell")

objWShell.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1001", 3, "REG_DWORD"
objWShell.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1004", 3, "REG_DWORD"
objWShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1001", 3, "REG_DWORD"
objWShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1004", 3, "REG_DWORD"
objWShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions", "no", "REG_SZ"
objWShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page", "about:blank", "REG_SZ"
objWShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page", "about:blank", "REG_SZ"
objWShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Start_Page", "about:blank", "REG_SZ"
objWShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL", "about:blank", "REG_SZ"
objWShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions", "no", "REG_SZ"
objWShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page", "about:blank", "REG_SZ"
objWShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page", "about:blank", "REG_SZ"
objWShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Start_Page", "about:blank", "REG_SZ"
objWShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL", "about:blank", "REG_SZ"
objWShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main", "No", "REG_SZ"

objWShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Compatibility Flags", 1024, "REG_DWORD"
objWShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}\Compatibility Flags", 1024, "REG_DWORD"

objWShell.RegDelete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-its"
objWShell.RegDelete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss"
objWShell.RegDelete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\its"
objWShell.RegDelete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mk"

KillAll HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Internet Explorer\Extensions"
KillAll HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Internet Explorer\Toolbar"
KillAll HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Internet Explorer\Explorer Bars"
KillAll HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks"

KillAll HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\Toolbar"
KillAll HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\Toolbar\Explorer"
KillAll HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser"
KillAll HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\Toolbar\WebBrowser"
KillAll HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\URLSearchHooks"

KillAll HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
KillAll HKEY_CURRENT_USER, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

For Each Process in GetObject("winmgmts:{impersonationLevel=impersonate}").ExecQuery("select * from Win32_Process")
If (InStr(LCase(process.name), "iexplore.exe") Or InStr(LCase(process.name), "explorer.exe")) Then
'wscript.echo process.name
Process.terminate(0)
End If
Next

objWShell.Run "Explorer"

Sub KillAll(intHive, strKeyPath)

Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

objReg.EnumKey intHive, strKeyPath, arrSubKeys

If IsArray(arrSubKeys) Then
For Each Subkey in arrSubKeys
'wscript.echo "Deleting: " & strKeyPath & "\" & SubKey
objReg.DeleteKey intHive, strKeyPath & "\" & SubKey
Next
End If

objReg.EnumValues intHive,strKeyPath,arrItems,arrValueTypes

If IsArray(arrItems) Then
For Each objItem In arrItems
'Wscript.Echo "Deleting: " & strKeyPath & "\" & objItem
objReg.DeleteKey intHive, strKeyPath & "\" & objItem
Next
End If

Set objReg = Nothing

End Sub

Msgbox "System Hardened"

**End Script**

 

[EBGreen]

I think you will need to re-install any plugins that it blew out and perhaps create a registry export from a machine where the script was not run of the keys that it blows out then import it on the machine where it was run.

I have to say though that a fair amount of the onus is on you for running code that you did not understand without creating backups of the things it would effect first.

[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]

 

[JEG78]

I didn't run the code. I know better than that.

I didn't know if there were particular items that couldn't be undone.

 

[EBGreen]

Well thats good. It looks like all of it could be undone if you export the effected registry keys first. Then you could import them if you didn't like the changes.

[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]

 

[JEG78]

So if I exported my registry settings from those exact keys, input them in a script, then run it on the affected PC it would work? Providing of course that I have the same programs installed. Or would that even matter?

 

[EBGreen]

Wht I would do is export the registries, then write a batch file that imports all of them. It may matter whether the apps are installed or not, but if you export the registries and build the batch file as part of the script above, then all of the apps that the regitry wants should be installed since the script itself doesn't appear to actually uninstall anything.

[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]