Re: Using a WMI object from with a webpage

On Jun 28, 5:31 pm, Adam Sandler <cor...@xxxxxxxxxx> wrote:
On Jun 28, 11:42 am, "S Moran" <s...@xxxxxxxxx> wrote:

there are lots of things you cant do in a browser because of security
reasons. simple answer is, DONT use a browser. just write a standalone
script.

I know that -- as I said earlier I'm responsible for the code mx. I
am not the original author of the code. The schedule and baseline
doesn't support a do over right now. Fortunately, the system doesn't
connect to the internet so the security risk is slightly less. I'd
appreciate a code solution regarding my original question rather than
a critique of what the original author is doing wrong.

Thanks!

That may or may not be possible, depending on the user's operating
environment and predisposition or capability to adjust the security
level.

If the USER is in a position to lower the security level of their
browser (presumably IE, since you are asking this in a VBS group),
they can set it to accept ActiveX controls. Specifically, look at the
setting for the "Initialize and script ActiveX controls not marked as
safe" under the "ActiveX controls and plug-ins" items in the "Local
intranet" portion of the IE Security options tab. It is generally set
to "disable", but could be raised to (by each user) to 'prompt' (or
even 'enable' - not recommended). This should get past the 'ActiveX
component can't create object: 'GetObject'' issue.

I'm not certain whether IE 7 and/or Vista still permits this. If not,
the process will need to be reworked. In that case, a downloaded HTA
will be able to access the ActiveX control without the problem of a
security restriction. It may also be possible to configure their
system to accept remote WMI access so that they don't have to run
anything. Your script would simply read their drive remotely (beyond
my expertise - have just seen the capability discussed and in the
docs).

Tom Lavedas
===========

.

Relevant Pages

  • Re: Ten least secure programs
    ... "If security is really that essential on your network, remove any browser and any email client off their workstations." ... > How will you stop them from loading ActiveX controls? ...
    (Security-Basics)
  • Re: !Testing for the latest vulnerabilities...
    ... >> The vulnerabilities were published on various online security ... > Automatic prompting for ActiveX controls disabled. ... > Initialise and script ActiveX controls not marked as safe ... You seem to have customized the settings for the Internet zone, ...
    (microsoft.public.windowsxp.security_admin)
  • RE: browser not real ?
    ... >I keep getting the below error message, Is my browser a fake? ... >"Your browser has not been checked for parasites, ... The only time I have heard of a message similar to this the user was trying to use a script from some web site to search his ... Scripting and "Run ActiveX Controls and plug-ins" under ActiveX Control and plug-ins under his security settings in IE ...
    (microsoft.public.internet.explorer.ieak)
  • Re: [Full-Disclosure] iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow V
    ... > unviewable with a browser configured to minimize the surfing risk. ... Perhaps the purpose of the script gives us a clue as to the true nature ... "Flash enough" to handle the required Flash version. ... security bulletins last time they were re-designed by a gnat who could ...
    (Full-Disclosure)
  • Re: Time for the swtich has come.
    ... ActiveX controls are a major security hazard anyway. ... I *hope* you can't get those things to work on any sane browser. ... James Wilkinson ...
    (Fedora)
Loading