Michael
Sun Jul 18 16:55:01 CDT 2004
> I try to write a vbscript to open the word2000 in IE from some
> clients' computers; however, IE always report the error "The client
> has refused this request" from the line "set abc =
> createobject("Word.Application")" . I have checked the Task Manager
> and I found that the word has been called in the task manager. Can
> anyone help me to solve this problem? Thank you for all of your
> help. Thank you.
You can use any COM object inside IE hosted script provided you want to deal
with the IE enforced security model regarding "unsafe ActiveX...". Whether
the user allows this is strictly up to them. There is no way to do this
silently without some prior acknowledgement and permission from the end
user...
Whether you use JScript's new ActiveXObject() or VBScript's CreateObject()
or whether you get the prompt or the failure, the issues are still the
same...
Q195826 - PRB: CreateObject Fails from Client-Side Scripts
http://support.microsoft.com/default.aspx?kbid=195826
For an Intranet, network share, or local hard drive scenario, you can simply
use HTAs instead.
Note that an HTA solution is appropriate ***only*** for non-intERnet
scenarios. End users should never be expected to execute an HTA delivered
from an intERnet source any more than expecting them to execute an EXE,
unless they have an extremely high level of trust for the originating site.
That's why accessing an HTA via IE is treated exactly like accessing an EXE.
The end user is prompted to save or open (execute) the HTA, the exact same
prompt as for as any other file type that will execute on the client.
Converting to an HTA can be as simple as saving the file with .hta instead
of .htm as the extension. .hta files are hosted by mshta.exe rather than
iexplore.exe, and have a security model comparable to a conventional Windows
desktop application. Of course accepting and executing an HTA is also up to
the end user...
Description of Internet Explorer Security Zones Registry Entries
http://support.microsoft.com/default.aspx?kbid=182569
If I need that kind of access to client resources, I develop/deploy an HTA
with the actual content hosted as ASP on an IIS server or straight from an
ordinary network file share...
Introduction to HTML Applications (HTAs)
http://msdn.microsoft.com/workshop/author/hta/overview/htaoverview.asp
HTA Reference
http://msdn.microsoft.com/workshop/author/hta/reference/hta_ref_entry.asp
The HTAs I deploy follow a hybrid deployment model. The HTA itself is simply
a wrapper for a trusted iframe hosting an ASP page. The iframe page doesn't
have to be asp. It could be ordinary htm, php, etc., whatever the server
supports.
With this model, it doesn't matter if the user saves/runs a local copy of
the HTA - the real content is delivered via http from a web server. To test
changes to the ASP content, I keep a local copy of the HTA with the base
href URL pointing to a development web server instead of the production
server.
You can use the same model for a network file server deployment as well.
Just change the base href to "\\YourFileServer" and iframe src to
"\YourShare\YourPath\YourPage.htm".
<html>
<head><title>YourTitle</title>
<base href="
http://YourProductionServer">
<hta:application id="YourAppId"
applicationName="YourAppName"
singleInstance="yes"
showInTaskbar="yes"
borderStyle="fixed"
/>
</head>
<body scroll="no" style="margin:0px">
<iframe width="100%" height="100%"
frameborder="no" border="0"
marginheight="0" marginwidth="0"
application="yes"
src="/YourSite/YourPath/YourPage.asp"
></iframe>
</body>
</html>
--
Michael Harris
Microsoft.MVP.Scripting
Sammamish WA US