Excellent points all!
As far as OS compatibility issues, CryptoAPI is all contained within advapi32.dll
Every OS should be fine except 95 but that would have to be double-checked. Maybe Win98 would have some issues as well. Don't know at this point. 4.0 or better would be fine.
Regarding securing the decryption, the problem with using the modified date is that every time you modified the script you would have to update the encryption string.
How about using Created date? That won't change if you modify the script and is harder to spoof than the modified date. The problem with that is it requires an NTFS partition, since FAT doesn't track created date, please correct me if I'm wrong on that.
Just had an idea...
What about if it first checks the "context" of the request, to see if the user is logging on. And if so, go ahead and decrypt. If not, it checks to see if the user is in the Domain Admins group of the current logon domain, or a local workstation admin.
That way, users can only run it while logging on but at the same time admins can use it to run admin scripts, per Shawn's request.
What do you think?
_________________________
Stevie
