Welcome to WebmasterWorld Guest from

Forum Moderators: open

Message Too Old, No Replies

Do *.hta cause security warning in SP2?

Do *.hta cause security warning in SP2?

3:07 pm on Dec 2, 2004 (gmt 0)

New User

joined:Aug 6, 2003
votes: 0

I intent to write some hta and let my visitors save to HD
and run it locally, I don't want my hta look suspicious. So
which one cause security warning in SP2?(default setting)

1. Start/click on HTA page in local zone.
2. Hta tries to access FSO (FileSystemObject)
2. Hta tries to WScript.Shell

Don't have XP, can't test it. really appreciate any info..

Thanks for your kind help....

<a href="#" onclick="fso=new ActiveXObject('Scripting.FileSystemObject')">FSO</A>
<a href="#" onclick="wsh=new ActiveXObject('WScript.Shell')">WScript.Shell</A>

1:28 am on Dec 3, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member drdoc is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 15, 2002
votes: 0

No security warnings should be generated for either of them (tested, and did not receive any), since it's all run locally. Also, that's the way HTA's are designed, to allow privileged access in a normally insecure environment.
3:36 am on Dec 7, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 10, 2003
votes: 0

Be aware that the default settings for both Norton and McAfee antivirus might detect some of the actions the HTA takes as suspicious and suspend operation until the user clicks OK.
I had a particular problem with an HTA that used WSH Sendkeys. Norton prevented it.
Had to go into Norton's settings to disable that behavior.