You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.

The company occasionally experiences downtime because of malicious lnternet worms that arrive as Microsoft Visual Basic Scripting Edition (VBS) files. You examine several client computers and discover that VBS files are downloaded by using Microsoft Outlook, instant messaging, or peer-to-peer file sharing programs.

You need to prevent users from running VBS files regardless of how they arrive on client computers. What should you do?

A.
Use a software restriction policy to disable all unauthorized scripts.

B.
Use an Administrative Template to ensure that Outlook and lnternet Explorer are in the Restricted Sites security zone.

C.
Use a centralized logon script to rename the Wscript.exe file on each computer to contain a nonexecutable extension.

D.
Use a file system security policy to assign the Deny – Execute permission for the Wscript.exe file.