Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

HTA\Vbscript question

Posted on 2008-06-26
9
Medium Priority
?
1,749 Views
Last Modified: 2012-05-05
I have this code as a part of a larger script in a HTA:
CreateObject("Wscript.Shell").Run("cscript notepad.exe c:\temp\temp.txt")

The problem is, this works fine on the local machine. But if I launch this HTA from another remote machine (the HTA is hosted on a central server), the remote machine tries to open temp.txt on it's own C: drive, doesn't find it and the script bombs. Is there a way I can make the client computers look for temp.txt on the server's C: drive and not on their own.???

0
Comment
Question by:Freshandeasy
  • 4
  • 4
9 Comments
 
LVL 38

Expert Comment

by:Shift-3
ID: 21875379
Sure, just use the UNC path of the desired file, e.g. \\server\c$\temp\temp.txt.  Keep in mind that this file must be accessible to the user running the HTA, so you might have to create a new share and adjust permissions accordingly.

It would be simpler to locate the temp file in the same folder as the .hta.  That way you could just reference it by name without including the folder path.
0
 

Author Comment

by:Freshandeasy
ID: 21881301
I had already tried with the UNC path, but in that case an error pops up - "safety settings on this computer prohibit accessing a data source on another domain". I had googled this error and none of the recommendations seemed to have worked.
Actually I am invoking as "runas" which is only applicable to executables. Hence I am forced to use the path  like so:

runas blahblah "mshta d:\blahblah\blah.hta" . This doesn't wotk without the absolute path :-(
0
 
LVL 9

Expert Comment

by:gregcmcse
ID: 21900900
If you're willing to limit yourself to IE browsers, just move the code to client side.  Also, you don't need the "cscript".

<%
' Server side code goes inside open and close percent tags
%>
<HTML>
<HEAD>
<SCRIPT LANGUAGE="VBScript">
<!--
CreateObject("Wscript.Shell").Run("notepad.exe c:\temp\temp.txt")
-->
</HEAD>

If you want to support other browsers (obviously still on MS systems), you can alter it to JavaScript.

If all you need to do is display the text, there are much easier ways to do so.  What's the end need?

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:Freshandeasy
ID: 21906042
Here's what I am trying to achieve:
1. The user fires an hta placed on a server from his machine.
2. This hta prompts for his username\passowrd, authenticates him, goes through a set of security checks (group memberships, etc.) and if satisfied, calls another HTA placed on the same server (d:\MMBX\MoveMBX.HTA).
3. The issue is, I have to call the second hta with alternate credentials, so this is what I do at the end of first HTA:
runas.vbs username password "mshta d:\MMBX\MoveMBX.HTA"
4. This works fine when I run from the server itself. But fails when a user fires the first hta from his computer. The first hta when trying to start the second hta, looks for d:\MMBX\MoveMBX.HTA in the user's d: drive rather than on the server.

I have tried putting the second hta in the same directory as the first one and not specify the path, no go.
UNC names don't work either.

Hope that clarifies things.
0
 
LVL 9

Expert Comment

by:gregcmcse
ID: 21907462
OK... so the user is accessing the first HTA with their own credentials and then you want to run the second HTA under a different (administrative?) set of credentials?  Can I safely deduce from the name that it has something to do with changing a location for an Exchange (or other mail server) mailbox?

It seems to me that you may be going the long way around.  Care to explain what your high-level purpose with the login script and HTAs is?  Do you have an available IIS server?
0
 
LVL 9

Expert Comment

by:gregcmcse
ID: 21907509
Oh, and also, if you could mention the versions of the products involved -- like if it is Exchange, is it 2003, if it's part of an upgrade or migration, what are you going from and what are you going to.  If Exchange, the AD version is also important and the OS of the server in question may be also.  Thanks!
0
 

Author Comment

by:Freshandeasy
ID: 21923204
The purpose of this HTA is to move mailboxes across Exchange 2003 servers (running on windows 2003) when a user physically moves to another location. The idea is to pass this HTA to L1 support teams and take away all their Exchange permissions.Hence the need to run the second HTA under alternate credentials. (The HTA will be encoded).
The first HTA verifies the credentials and then queries the L1 Support Group in AD to make sure the operator is a member of that group. If all is well, it then calls the second HTA under alternate credentials.
Thanks!!!
0
 
LVL 9

Accepted Solution

by:
gregcmcse earned 750 total points
ID: 21925084
Got it.  I think you're definitely taking the long way around.  Here's how I'd approach it:

Your exchange server(s) probably host IIS (at least some of them, and probably all of them).  So on your intranet web server and/or on one or more of the Exchange servers, create a new IIS web site on a port of your choosing and only allow Windows integrated authentication.  (You can put this in a new virtual directory if you would rather, but that's less secure).  Restrict the access (through file permissions on the mapped folder the web page will live in) to only allow Read access to the group you want to allow and remove all inherited groups.

So then they're accessing a web form that prompts them for the user and anything else you want to prompt them with.

At that point, you can have server-side VB code that runs your HTA locally on the IIS server under the alternate credentials since you've obviously already built it that way.

Let me know if you need any additional clarification on this.
0
 

Author Closing Comment

by:Freshandeasy
ID: 31470935
Perfecto!!!!!
0

Featured Post

[Webinar] Cloud Security

In this webinar you will learn:

-Why existing firewall and DMZ architectures are not suited for securing cloud applications
-How to make your enterprise “Cloud Ready”, and fix your aging DMZ architecture
-How to transform your enterprise and become a Cloud Enabler

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Australian government abolished Visa 457 earlier this April and this article describes how this decision might affect Australian IT scene and IT experts.
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question