What is the best way to open a pdf in an .HTA with a button without compromising Windows security

Hi. I have built an HTA that is running instead of explorer.exe The reason for this is that we don't want the users to be able to do anything except what we explicitly give them access to. One of the functions that I would really like to include is the option to look at a manual. We cannot re-write all our documentation into HTML so I would like to use it as .pdf.

How can I add a button to my .hta that will open the . pdf manual. The user should only be able to view the .pdf and not gain access to the internet, file exlorer or anything that they can break. Is the above possible or what is the options?
Rebel_no_1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rebel_no_1Author Commented:
My script so far:
<html>

<head>
<HTA:APPLICATION
     ID="objScreen" 
     APPLICATIONNAME="Screen" 
     BORDER="none" 
     BORDERSTYLE="normal" 
     CAPTION="no" 
     ICON="" 
     MAXIMIZEBUTTON="no" 
     MINIMIZEBUTTON="no" 
     SHOWINTASKBAR="yes" 
     SINGLEINSTANCE="yes" 
     SYSMENU="no" 
     SCROLL="no" 
     VERSION="1.0" 
     CONTEXTMENU="no" 
     WINDOWSTATE="maximize"
     INNERBORDER="no"/> 

</head>



<SPAN
   STYLE="
      top: 203;
      left: 572;
      width: 42px;
      height: 43px; 
      position: absolute;
      z-index: 1;
      background-image: url('Busy.gif');
      visibility: show;">
</SPAN>
<SPAN
   STYLE="
      top: 263;
      left: 572;
      width: 42px;
      height: 43px; 
      position: absolute;
      z-index: 1;
      background-image: url('Busy.gif');
      visibility: show;">
</SPAN>
<SPAN
   STYLE="
      top: 323;
      left: 572;
      width: 42px;
      height: 43px; 
      position: absolute;
      z-index: 1;
      background-image: url('Busy.gif');
      visibility: show;">
</SPAN>
<SPAN
   STYLE="
      top: 383;
      left: 572;
      width: 20px;
      height: 20px; 
      position: absolute;
      z-index: 1;
      background-image: url('Busy.gif');
      visibility: show;">
</SPAN>
<SPAN
   STYLE="
      top: 443;
      left: 572;
      width: 42px;
      height: 43px; 
      position: absolute;
      z-index: 1;
      background-image: url('Busy.gif');
      visibility: show;">
</SPAN>
<SPAN
   STYLE="
      top: 503;
      left: 572;
      width: 42px;
      height: 43px; 
      position: absolute;
      z-index: 1;
      background-image: url('Busy.gif');
      visibility: show;">
</SPAN>
<SPAN
   STYLE="
      top: 563;
      left: 572;
      width: 42px;
      height: 43px; 
      position: absolute;
      z-index: 1;
      background-image: url('Busy.gif');
      visibility: show;">
</SPAN>




<Script Language="VBScript"> 

   Sub Window_OnLoad

      ' Size and position main window
      window.resizeTo 1366,768 
      window.moveTo 0,0

      ' Display current time
      myClock.innerText = Now()

      ' Set up a timer event so we can update the screen periodically
      iTimerID = window.setInterval("myVBSClock", 1000) 
   End Sub    

   Sub myVBSClock 
      ' Update current time
      myClock.innerText = Now()

      ' Refresh colors from status file
      CheckStatusFile
   End Sub 

   Function ComputerName()
      ' Get computername
      Set wshShell = CreateObject("WScript.Shell")
      ComputerName = wshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
      Set wshShell = Nothing
   End Function

   Sub CheckStatusFile
      ' Constants for file I/O
      Const ForReading = 1
      Const ForWriting = 2
      Const TriStateUseDefault = -2

      ' Name of status file
      strStatusFile = "Status.txt"

      ' Create file system object
      Set objFSO = CreateObject("Scripting.FileSystemObject")

      ' Make sure status file exists
      If objFSO.FileExists(strStatusFile) Then
         ' Open it for reading
         Set objStatusFile = objFSO.OpenTextFile(strStatusFile, ForReading, False, TriStateUseDefault)
         ' Read status file, slit lines into array elements
         arrStatus = Split(objStatusFile.ReadAll, vbCrLf)
         ' Close file, release objects
         objStatusFile.Close
         Set objStatusFile = Nothing
         Set objFSO = Nothing

         ' Process each line of the status file (skip blank lines)
         For Each strStatus in arrStatus
            If strStatus <> "" Then
               ' Split status line into array at comma
               arrField = Split(strStatus, ",")
               ' Process lines based on first field on line (item name to update), and set item color to status file value
               Select Case arrField(0)
                  Case "Security-Environment"
                     SecurityEnvironment.style.background = arrField(1)
                  Case "Help-Menu"
                     HelpMenu.style.background = arrField(1)
                  Case "Biometric-License"
                     BiometricLicense.style.background = arrField(1)
                  Case "Card-Printer"
                     CardPrinter.style.background = arrField(1)
                  Case "GPS-Device"
                     GPSDevice.style.background = arrField(1)
                  Case "Battery-Controller"
                     BatteryController.style.background = arrField(1)
                  Case "Biometric-Application"
                     BiometricApplication.style.background = arrField(1)
               End Select
            End If
         Next 
      End If
   End Sub

</SCRIPT> 


<BODY
     BACKGROUND="bgimageV3.jpg"> 

<SPAN
   id="SecurityEnvironment"
   style="
      top: 200;
      left: 47;
      width: 570px;
      height: 40px; 
      position: absolute;
      padding:0 4;
      z-index: 1;
      background: grey;
      border-color: #000000;
      border-style: solid;
      border-top-width: 1px;
      border-bottom-width: 1px;
      border-left-width: 1px;
      border-right-width: 1px;
      text-align: left;
      color: white;
      font-family: Arial;
      font-size: 40;
      visibility: show;
      unselectable: on;">
SECURITY ENVIRONMENT
</SPAN>

<SPAN
   id="HelpMenu"
   style="
      top: 260;
      left: 47;
      width: 570px;
      height: 40px; 
      position: absolute;
      padding:0 4;
      z-index: 1;
      background: grey;
      border-color: #000000;
      border-style: solid;
      border-top-width: 1px;
      border-bottom-width: 1px;
      border-left-width: 1px;
      border-right-width: 1px;
      text-align: left;
      color: white;
      font-family: Arial;
      font-size : 40;
      visibility: show;">
HELP MENU
</SPAN>

<SPAN
   id="BiometricLicense"
   style="
      top: 320;
      left: 47;
      width: 570px;
      height: 40px; 
      position: absolute;
      padding:0 4;
      z-index: 1;
      background: grey;
      border-color: #000000;
      border-style: solid;
      border-top-width: 1px;
      border-bottom-width: 1px;
      border-left-width: 1px;
      border-right-width: 1px;
      text-align: left;
      color: white;
      font-family: Arial;
      font-size : 40;
      visibility: show;">
BIOMETRIC LICENSE
</SPAN>

<SPAN
   id="CardPrinter"
   style="
      top: 380;
      left: 47;
      width: 570px;
      height: 40px; 
      position: absolute;
      padding:0 4;
      z-index: 1;
      background: grey;
      border-color: #000000;
      border-style: solid;
      border-top-width: 1px;
      border-bottom-width: 1px;
      border-left-width: 1px;
      border-right-width: 1px;
      text-align: left;
      color: white;
      font-family: Arial;
      font-size : 40;
      visibility: show;">
CARD PRINTER
</SPAN>

<SPAN
   id="GpsDevice"
   style="
      top: 440;
      left: 47;
      width: 570px;
      height: 40px; 
      position: absolute;
      padding:0 4;
      z-index: 1;
      background: grey;
      border-color: #000000;
      border-style: solid;
      border-top-width: 1px;
      border-bottom-width: 1px;
      border-left-width: 1px;
      border-right-width: 1px;
      text-align: left;
      color: white;
      font-family: Arial;
      font-size : 40;
      visibility: show;">
GPS DEVICE
</SPAN>

<SPAN
   id="BatteryController"
   style="
      top: 500;
      left: 47;
      width: 570px;
      height: 40px; 
      position: absolute;
      padding:0 4;
      z-index: 1;
      background: grey;
      border-color: #000000;
      border-style: solid;
      border-top-width: 1px;
      border-bottom-width: 1px;
      border-left-width: 1px;
      border-right-width: 1px;
      text-align: left;
      color: white;
      font-family: Arial;
      font-size : 40;
      visibility: show;">
BATTERY CONTROLLER
</SPAN>

<SPAN
   id="BiometricApplication"
   style="
      top: 560;
      left: 47;
      width: 570px;
      height: 40px; 
      position: absolute;
      padding:0 4;
      z-index: 1;
      background: grey;
      border-color: #000000;
      border-style: solid;
      border-top-width: 1px;
      border-bottom-width: 1px;
      border-left-width: 1px;
      border-right-width: 1px;
      text-align: left;
      color: white;
      font-family: Arial;
      font-size : 40;
      visibility: show;">
BIOMETRIC APPLICATION"
</SPAN>


<SPAN
   style="
      top: 650;
      left: 50;
      width: 570px;
      height: 40px; 
      position: absolute;
      padding:0 4;
      z-index: 1;
      text-align: left;
      color: fa8b0f;
      font-family: Arial;
      font-size : 60;
      visibility: show;">
<script type="text/javascript"> document.write(computername());</script>
</SPAN>

<SPAN
   style="
      top: 670;
      left: 515;
      width: 570px;
      height: 40px;
      position: absolute;
      padding:0 4;
      z-index: 1;
      text-align: left;
      color: white;
      font-family: Arial;
      font-face : Arial;
      font-size : 25;
      font-weight: bold;
      visibility: show;">
<font color="white"><PRE ID=myClock></font>
</SPAN>






</BODY> 
</HTML>

Open in new window

0
Bill PrewCommented:
What will you be using for a PDF viewer?

~bp
0
Rebel_no_1Author Commented:
Hi Bill. I honestly don't know because I don't know what will work yet. It will have to be something stripped down where you only read a .pdf but not have access to browse elsewhere on the computer etc. The only options will basically be next, previous page and close. I have started investigating .pdf to exe applications which compiles a pdf into a standalone exe. I will get a trial of one of these programs and see if they can be sufficiently secured. That might be the cleanest solution but only time will tell.

I am also looking to see what Adobe Acrobat's parameters can or cannot do.

Any advice is appreciated.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Bill PrewCommented:
Not sure how to do this with a PDF viewer, I think they will all allow a "File, Open" option where the user could explore the file system.

You might consider converting the PDF file to a different format, CHM comes to mind as a built in Windows format that might be less likely to get the user into trouble.  I haven't used this tool, but an example of a converter could be:  http://www.pdfconvertonline.com/pdfconvert.html

Also, what version of Windows and IE will they be running.  I know more recent versions of Windows (8, 10) have PDF viewing as part of the OS.  I can't recall if any recent versions of IE include this natively.  But honestly, I suspect in either of these you would end up starting a viewer utility, or web browser, which opens the door to some of the things you want to prevent.

There may also be some .Net libraries that you could purchase that would allow you to render the PDF right in a HTA screen, but that could get a bit more involved...

~bp
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
aikimarkCommented:
If you have Adobe Reader installed on your PC, then you can use the RUN method of the wscript.shell object to launch the associated program (by file extension) of a file.  I do this in an application for one of my clients.
0
Rebel_no_1Author Commented:
Thanks Aikimark. The trick here is not just to open the document, the trick is to not compromise the security. I basically need to open a pdf and only have access to flip through pages and close it. There can be no features that can be exploited to get to the registry, IExplorer, gpedit etc...
0
aikimarkCommented:
I don't understand.  If Adobe Reader (or Pro) is installed, you aren't performing any tricks to open the PDF by application association.
0
Rebel_no_1Author Commented:
Aikimark, If I open a .pdf file in adobe reader several security holes opens with it. The user can for instance browse, go online...the list goes on and on.Keep in mind the computer where this .hta will run on is 100% secure. Users cannot access anything that they are not specifically given access to. We deploy thousands of these machines so security is therefore a very big deal.

I am hoping to enable users to read a manual without giving them any other options that could lead to data loss, malicious data deletion, data tampering or virus infection to name a few.

I hope that clarifies the requirement?
0
aikimarkCommented:
So, you want to display formatted text, but not from within an Adobe application?  I'd suggest you export the PDF as HTML.
0
Rebel_no_1Author Commented:
I will close this question as I don't think there is a clear answer. I assigned points to both contributors as both provides possible solutions. It is now up to me to go and investigate and find a workable solution. Like always, your help and advice is very much appreciated.
0
aikimarkCommented:
Depending on your browser, assumed to be IE since you're dealing with HTA files, you might be able to open the PDF inside a browser window.  I don't know what can be done within the displayed content.
1
Bill PrewCommented:
Good luck, if you do settle on a solution please come back and update this post for the benefit of others in the future.

~bp
0
Rebel_no_1Author Commented:
I will definitely do that.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.