rodsdot.com :: run client side programs

This works with IE Only. [note]

Windows Scripting Host will need to be installed on the client computer. (Probably is, but you can get it [here])

This site will need to be added to the Trusted Sites in IE
(Tools -> Internet Options -> Security Tab -> Trusted Sites Icon -> Sites Button)

The Security for IE must have the following setting.
(Tools -> Internet Options -> Security Tab -> Trusted Sites Icon -> Custom Level Button)

Initialize and script ActiveX controls not marked as safe "Enable" (default for Trusted Sites is "Prompt")

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">

<head>
<title>rodsdot.com :: run client side programs</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="author" content="Roderick Divilbiss">
<meta name="copyright" content="© 2005, 2006 Roderick Divilbiss">
<script type="text/javascript">
<!--
// inspired by rkannan2000 on EE
function LaunchExe(strProgram, strProgramDirectoryOptional) {
    var wshShell = new ActiveXObject("WScript.Shell");
    if (strProgramDirectoryOptional!=null) {
        wshShell.CurrentDirectory = strProgramDirectoryOptional;
    }
    wshShell.Run(strProgram, 1, false);
    wshShell = null;
}
//-->
</script>
</head>

<body>
<input type="button" value="Run Notepad On Client Computer" onclick="LaunchExe('notepad.exe');"><br>
<br>
<input type="button" value="Run Calculator On Client Computer" onclick="LaunchExe('calc.exe');"></div>
</body>

</html>

Errata:

SANS Recommendations for Securing Internet Explorer

Under Scripting, select Disable for Allow paste operations via script to prevent content from being exposed from your clipboard.

Note: Disabling Active Scripting may cause some web sites not to work properly. ActiveX Controls are not as popular but are potentially more dangerous as they allow greater access to the system.

Select Disable for Download signed and unsigned ActiveX Controls. Also select Disable for Initialize and script ActiveX Controls not marked as safe.

Java applets typically have more capabilities than scripts. Under Microsoft VM, select High safety for Java permissions in order to properly sandbox the Java applet and prevent privileged access to your system.

Under Miscellaneous select Disable for Access to data sources across domains to avoid Cross-site scripting attacks.

Please also ensure that no un-trusted sites are in the Trusted sites or Local intranet zones as these zones have weaker security settings than the other zones

http://www.sans.org/top20/

Except where otherwise noted, this site, all content, and all source code and markup is licensed under a Creative Commons License Creative Commons License.

No part of this web site including all application code and examples may be used for commercial purposes without prior written permission from the author, Roderick W. Divilbiss of Overland Park, Kansas, United States of America.

How can you run a client side program from script?

This works with IE Only. [note]