I need a Client-Side command shell invoked by VBScript hosted on Internet Explorer

 I'm very new to VBScript (like 3 days.) I'm trying to embed some VBScript in a web page, and then open that url to run a cmd.exe window on the Client machine, and then execute a telnet session from there. I was able to successfully write the script using VB/WScript and running from Windows Scripting Host. So now, I'm trying to adapt that WScript to VBScript. I've fixed several things, and right now I'm struggling with the .Run property. In WScript, I can do this to open a cmd.exe window and start my telnet session:
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "%windir%\system32\cmd.exe /c "&title
But I'm having trouble finding the VBScript equivalent. I read somewhere that the first line should be: Set VBShell = CreateObject("Shell.Application")
So I changed it, but IE still gives me errors saying 'Error: Object doesn't support this property or method: 'VBShell.Run'. I've looked on msdn VBScript function list, and Run isn't there, I've also tried .Exec, but I get the same error. Any help? Thank You.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I have a simple solution for this.  You register an application to handle a file type say .MAG for example.  You tell IE not to browse this file type using itself. So your web-server can divert  to a file say MyFile.mag and your exe file will start running and can thendo anything it wants.  Your exe file decodes the mag file (it will receive a command line like /o "My File name.mag")

A further extension to this idea is to create an asp page like this one set up for .sar files.  This ASP page will create download file dynamically passing the URL extension into the file.

At night time there is a scheduled task which deletes the contents of the dynamic download files.

Hope this helps:~)

PS You can cheat by using a .reg file to create the IE browser extension handles. Or you can create some VB code.

See next post for the registry file needed.

---------------createsar.asp example dynamic download file

' Generates an on-the-fly download file
' the url will be saved into a generated file
' the URL MUST HAVE an action parameter
'example http://tp-server/createsar.asp?action=invoice&entry=123456

Dim sExtension

sExtension = ".sar"
Dim FS
Set FS = Server.CreateObject("Scripting.FileSystemObject")

dim sFile
dim sLocation
dim sAction

dim lc
  sFile="r:\downloads\sars\" & saction & cstr(lc) & sExtension
  If Not fs.FileExists(sFile) Then
    Exit Do
  End If

dim fname
set fname=fs.CreateTextFile(sfile,true)
set fname=nothing
set fs=nothing

response.redirect "http://tp-server/downloads/sars/"+saction+cstr(lc) + sExtension


Woops just noted the above could be improved:

response.redirect "http://tp-server/downloads/sars/" & saction & cstr(lc) & sExtension

Here is an example reg file which installes the registry tweaks so that the exe resource.exe will get fired when the op  double clicks a .sqr file or tries to download one from the intranet.

Windows Registry Editor Version 5.00


@="Saracs Resources"




@="\"C:\\WINNT\\NOTEPAD.EXE\"  \"%1\""


@="\"r:\\saracs\\resource.exe\" \"/O\" \"%1\""


@="\"r:\\saracs\\resource.exe\" \"/P\" \"%1\""


@="\"r:\\saracs\\resource.exe\" \"/PT\" \"%1\" \"%2\" \"%3\" \"%4\" \"%5\" \"%6\""

The final tip........notice above the the exe located in a server file r:\saracs\resource.exe is started on the client side.
The trick which will save you buckets of time is to make the resource.exe open a text file: resource.txt which contains the latest version of the real exe which will actually do the work needed.

The problem is that you will not be able to change your exe if it needs enhancements/bug fixes.  You will need to get maybe  200 users off the server, which can take all day.  Using this method you don't need to bother.

Because you can change the url on your web-site is a few seconds, you just need to add a decode for the new action that is passed to you app.

So each time you recompile your handler you give it a name like

res201.exe, next time res202.exe, etc.  When the compile is complete edit the file resource.txt with the new name e.g.

----------resource.txt file example

How to create resource.exe:
1) Create an app with a dummy form.  This app just needs the form to have the icon that you want to use.

2) add a module to the app amd make the startup object to be Sub Main

Sub Main()

Dim lLFN As Long
Dim sEXEPath As String
Dim sLinkFile As String
Dim sMes As String

On Error Resume Next


    ' Are we running in IDE ot EXE mode
    Debug.Print 1 / 0
    IDE = Err.Number <> 0
    ' get the file which the pointer to the real exe
    If IDE Then
        sLinkFile = "r:\saracs\resource" + ".txt"
        sLinkFile = App.Path + "\" + App.EXEName + ".txt"
    End If
    ' open the file
    lLFN = FreeFile
    Open sLinkFile For Input Shared As #lLFN
    If Err.Number <> 0 Then
        sMes = "Could not open file: " + sLinkFile + vbCrLf + Err.Description
        Exit Do
    End If
    On Error GoTo 0
    ' read the data from the file
    sEXEPath = Input(LOF(lLFN), lLFN)
     ' remove an accidental CR/LF
    lLFN = InStr(sEXEPath, vbCrLf)
    If lLFN > 1 Then
        sEXEPath = Left(sEXEPath, lLFN - 1)
    End If
    ' Create the name of the EXE to shell to
    ' also add the command lines passed by the web-site
    Dim ok
    sEXEPath = App.Path + "\" + sEXEPath + " " + Command
    On Error Resume Next
    ' fire the appication
    ok = Shell(sEXEPath, vbNormal)
    If ok < 1 Then
        sMes = "Could not open file: " + sEXEPath _
        + vbCrLf + "Link file: " + sLinkFile + vbCrLf + Err.Description
        Exit Do
    End If

MsgBox sMes, vbExclamation, App.Title

End Sub
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Further, you don't need to create an exe file to handle your functions, you can edit the .reg file to run a VB script  so instead f r:\\saracs\resource.exe etc.....just wscript.exe

Bit like this:

@="\"r:\\saracs\\resource.exe\" \"%1\""
Say is you registered file type mag in this way, rename your vbs files to .mag should work ok.
Woops - Bit like this:

@="\"wcript.exe\" \"%1\""
The Run command tends to need quote marks around long file paths.  As such, try:

    Set oShell = CreateObject("WScript.Shell")
    nReturnCode = oShell.Run """%comspec%"" /c ""x:\pathto\myapp.exe""", 1, True

You'll likely run into permissions issues if you intend to run this over the Web, though...


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alternatively, most browsers are set to respond to the telnet:// protocol, by launching the appropriate app.  You could alway put a link in your web page to    telnet://yourserver:port, using the following HTML:

    <a href="telnet://yourserver:port">Open telnet session</a>

That should do it, too...


It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic Classic

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.