tags:

views:

218

answers:

1

I have a fairly simple block of code.

Sub Run(Name)
on error resume next
Set objShell = CreateObject("WScript.Shell")
if Err.Number = 429 then
    alert("Invalid Security Level.")
    exit sub
end if
objShell.Run Name
if Err.Number <> 0 then
    Alert("Please verify your Operating System Choice")
end if
Set objShell = Nothing 
End Sub

I'm using this with links on the website to allow the user to defrag their hard drive via:

<a href="#" onclick="Run('c:\\windows\\system32\\dfrgui.exe')">Defrag Windows Vista</a><br>
<a href="#" onclick="Run('c:\\windows\\system32\\dfrg.msc')">Defrag Windows Server 2003 SE or Windows XP</a>

As you can probably guess.. using:

Set objShell = CreateObject("WScript.Shell")

Is causing a bit of a problem, and it is throwing an error that the object cannot be created. I can go into IE security and change the security setting for,

"Initialize and script ActiveX controls not marked as safe for scripting"

to "Prompt", and it will actually prompt me and run when I click yes.

My question at this point is;

Since this is not a seperate block of code coming from an asp server (htm page w/ no code behind). Do I really need to spend $20 to get it signed, and how would I do that in the first place on a vbscript in an htm page?

Also.. the site that this will be implemented into DOES have an SSL cert. Is it possible to integrate into the existing cert in some way shape or form?

All I want to do is have links that are like...

"If you want to defrag your computer, click here"

"If you want to run a disk scan, click here"

And telling all our customers to go in and change their security settings is not an option.

+3  A: 

Your code isn't the problem. When you create the "WScript.Shell" object, IE asks that control if it is safe for scripting. The object returns "No". That's why your code doesn't work. As long as you use "WScript.Shell" you will have the problem.

One way around this is to create your own ActiveX control that is marked as "safe for scripting", but then you would have to get all of your users to install it.

David
So I can either build the active x control... spend the $20 to get it signed and mark as safe for scripting and make all our users install it... or make all our users update their browser security settings so that it works... thats a bit of a pain.
Patrick
That's correct. I've done this before for an intranet site. We just used a self-signed cert, so it didn't cost anything to sign the ActiveX control.
David

related questions