Force JS Files to Open in Notepad

This post will cover how to change Folder options via Group Policy to force JavaScript (JS/JSE) files to open in Notepad instead of being executed on the workstation. The reasoning behind this is because JS files can potentially be malicious, and JS files can be executed simply be double-clicking on them. This method will make it so that JS files will never be executed accidentally.

The first method is for people who are not part of a domain, this is done on an individual workstation basis. The second method will go over how this can be configured with a Group Policy on a company domain. In my example this will be the configuration on a Windows Server 2008 R2 domain controller using the Group Policy Management Console.

Method 1 – Standalone Workstation

Note: As far as I am aware, this method is the same across most modern versions of the Windows operating system.

  1. Open Control Panel
  2. Click on Default Programs then Associate a file type or protocol with a program
    1. Once this window loads, you will see a list of file extensions, a description of what it is, and the current default program it is associated with
  3. Scroll down until you see .js and .jse, proceed to click on each of of them, then click the Change program… button in the upper-right
  4. In the program selection pop-up, click on Notepad, then click OK
  5. You may then close the Control Panel window, and you are finished

Method 2 – Group Policy

Note: This example is done on a Windows Server 2008 R2 domain controller using the Group Policy Management Console, I can not verify if the methods are identical on alternate versions of the Windows Server operating system.

  1. Open the Run prompt on your server (Windows + R), type in gpmc.msc, then click OK
  2. Once the console opens, create a new Group Policy and name it something appropriate (i.e. Block JS Execution, or include it in a blanket Network Security policy)
  3. Apply this policy to the appropriate OUs and security groups, I’d recommend applying this to the entire domain. Next, right-click on the policy and click Edit
  4. Navigate to User Configuration/Preferences/Control Panel Settings/Folder Options
  5. Right-click in the blank area and click on Open With
  6. In the box that pops up, choose Update for the Action, enter js for the file extension, make sure Set as default is checked, then lastly for the Associated Program field type in %windir%\System32\notepad.exe
  7. Repeat steps 5 and 6, but instead enter jse for the file extension in step 6.
  8. Click OK, then close out of the Group Policy Management Editor and the Management Console. And that’s it, you are done!

 

Thank you for reading this walk-through, I hope it was helpful in some way or another for you. If you need any guidance, feel free to comment below and I will do my best to assist you.

 

Written By jamesmontour

James Montour is a Systems Administrator and information security enthusiast living in the US. His skills include Active Directory Administration, Database Administration, Network Administration, Automation/Scripting, Windows Server Management, and IT Compliance.