open IE in admin mode programmatically - javascript

This should be simple, but after hours of search and trying I can't do it. I want (via a job, task, batch or code) Internet Explorer to open a web page in admin mode.
The page I am opening is my own creation. It requires elevated access because it runs some javascript browser automation that won't work otherwise.
FYI, the page works fine when I manually run IE in admin mode. It is an admin page I created that copies data from fram A to frame B where A and B have different sub domains. Admin mode allows me to get around the domain of origin issues.

Check How to run an application as "run as administrator" from the command prompt? for how to run applications as administrator from the command line.
You'll need to do something like runas.exe /user:administrator "path to HTML file" or runas.exe /user:administrator "path to IE" "path to HTML file".

Getting around UAC is tricky. I found this article which was the answer. Basically you have to set up a Windows Task to Launch IE without the UAC command prompt.
get around UAC

Related

Start application out of browser [duplicate]

Is it possible to launch an application from a browser? I am not talking about opening a file from a browser (like open a PDF with Adobe Reader), but rather opening a new (blank) instance of an application that is installed on the user's machine.
Hypothetical situation: User browses a website that lists computers that can be managed via RDP. He clicks on a link to 192.168.1.10, that link opens Microsoft RDP client (mstsc.exe) with that ip address already filled out.
I am talking strictly about Windows universe.
Is that thing even doable outside of ActiveX and IE?
Is it wise to attempt this in IE with ActiveX?
The correct method is to register your custom URL Protocol in windows registry as follows:
[HKEY_CLASSES_ROOT\customurl]
#="Description here"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\customurl\shell]
[HKEY_CLASSES_ROOT\customurl\shell\open]
[HKEY_CLASSES_ROOT\customurl\shell\open\command]
#="\"C:\\Path To Your EXE\\ExeName.exe\" \"%1\""
Once the above keys and values are added, from the web page, just call "customurl:\\parameter1=xxx&parameter2=xxx" . You will receive the entire url as the argument in exe, which you need to process inside your exe. Change 'customurl' with the text of your choice.
You can't really "launch an application" in the true sense. You can as you indicated ask the user to open a document (ie a PDF) and windows will attempt to use the default app for that file type. Many applications have a way to do this.
For example you can save RDP connections as a .rdp file. Putting a link on your site to something like this should allow the user to launch right into an RDP session:
Server 1
#AbhijithCR 's reply works well. To register the protocol via a .bat file, do something like this
set key=customurl
reg add HKCR\%key% /ve /d "URL:Description"
reg add HKCR\%key% /v "URL Protocol" /d ""
reg add HKCR\%key%\shell
reg add HKCR\%key%\shell\open
reg add HKCR\%key%\shell\open\command /ve /d ""c:\path to\your.exe" ""%%1"""
For me getting all the quotes and the double percent signs right was the tricky part.
Some applications launches themselves by protocols. like itunes with "itms://" links. I don't know however how you can register that with windows.
We use a sonicwall vpn. It launches a java applet that launches mstc with all the credentials setup. You really can't do this without a java applet or activex plugin.
Microsoft uses this technique itself on their small business server for getting inside the network. I wouldn't say it is a terrible idea, as long as platform independence isn't important.
You can use SilverLight to launch an application from the browser (this will work only on IE and Firefox, newer versions of chrome don't support this)
Example code here
I achieved the same thing using a local web server and PHP. I used a script containing shell_exec to launch an application locally.
Alternatively, you could do something like this:
Notepad

Launch Chrome browser from Internet Explorer

We have a web application which has some features that works only in Chrome and I want to launch this web app using Google chrome browser with url of the web app as parameter from Internet explorer via a hyperlink. I tried
file:///C:/Program%20Files%20(x86)/Google/Chrome/application/chrome.exe
but it downloads the file + how do I add parameter to the exe.
By default, a browser cannot launch another program (plugins and extensions being possible exceptions). If they could, imagine the havoc some malicious user could get up to.
I don't think there's going to be a great answer for this, but you could make a .bat file that opens chrome to a particular URL (assuming you're using Windows), download that and click on it after it downloads.
Here is a useful answer in that case.
You could also (theoretically) make an extension or lower the security settings on IE to allow ActiveX controls. Here's a partial solution. I tried to make something similar a while back and didn't have much luck, but if you're determined...
Maybe there's a better way that doesn't involve such complicated solutions?
I found myself needing to achieve this myself. It appears a later release of Chrome had broken the fix described in Adam Fowlers blog.
I got in touch with him and he's now updated his post, providing the now necessary registry changes required to make this work.
I've tried this myself and it works nicely.
Adam Fowlers blog post - How to launch a URL in Google Chrome
https://www.adamfowlerit.com/2015/05/how-to-launch-a-url-in-google-chrome/
Big thanks to Adam for his time! Hope this helps.
This is a .reg file that creates (on a 64-bit Windows) a special URL protocol that allows you to open chrome: links in Chrome:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\chrome]
#="Chrome URL Prorocol"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\chrome\Application]
"ApplicationIcon"="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationName"="Google Chrome"
"ApplicationDescription"="Access the Internet"
"ApplicationCompany"="Google LLC"
[HKEY_CLASSES_ROOT\chrome\DefaultIcon]
#="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
[HKEY_CLASSES_ROOT\chrome\shell]
[HKEY_CLASSES_ROOT\chrome\shell\open]
[HKEY_CLASSES_ROOT\chrome\shell\open\command]
#="cmd /v:on /c \"set url=%1 & set url=!url:chrome:=! & \"\"\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\"\"\" -- !url!\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\chrome]
"WarnOnOpen"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\chrome]
"WarnOnOpen"=dword:00000000
Links should be like chrome:https://google.com or chrome:google.com. "chrome:" part is removed before launching Chrome.
You can use a URI Scheme, Google installs one by default as shared by Adam Fowler here:
http://www.adamfowlerit.com/2015/05/28/how-to-launch-a-url-in-google-chrome/
So you can create a link like this (note the space before the URL):
ChromeHTML:// www.bbc.co.uk
But it is broken! There's a bug report with Google, see Adam's article. It would be good to add some weight/comments to this bug if you want it fixed.
However your next decision depends on whether you have some control over the deployment of your web application because these bugs can be fixed using registry fixes.
Interestingly, if you can deploy registry fixes, in theory you could create your own URI schemes.
If you can modify the IE permissions on the PCs needed, you can use a javascript link to launch a process. Mine launches a custom program that launches chrome with command line switches and a URL, or opens a web page that indicates they need to contact IT to install Chrome on their PC:
javascript:(new ActiveXObject('Shell.Application')).ShellExecute('\\\\server\\path\\LaunchInChrome.exe', '-incognito --use-system-default-printer https://outlook.office365.com/owa/?realm=xxx http://webserver/MissingChrome.html');
But you could modify it to launch chrome.exe directly instead. You will need to enable Initialize and script ActiveX controls not marked as safe for scripting in the Intranet Zone (I wouldn't recommend this for any other zone).
you have to pass the parameter to chrome, something like this.
start chrome https://www.google.com/

Enable a non-PlayStore UserScript with Chrome 35 and above

Since the version 35 of Google Chrome, the execution of any extension installed outside of the Google's PlayStore is blocked and cannot be enabled from the extensions menu.
The auto-installation of non-store scripts was removed two years ago but downloading the script and performing a drag & drop on the extensions menu still allowed the installation, so it was still possible to create and share scripts for Google's Chrome. But now everything is locked.
Is it possible to manually add permissions to your independant scripts ?
Is it possible to white-list a personnal website ?
Is there any other solution ?
I know that this restriction does not apply for dev and canary release channels but the scripts are purposed to be used by users with enough knowledge to know what they do, without forcing them to change their browser. The native support support is rather interresting on Chrome (even if completly locked now), so a solution without a third party plugin (ie : Tampermonkey) is better.
Thank you
The only way there seems to be left, short of installing an extension like Tampermonkey or getting a different browser, is starting the Chrome browser with the --enable-easy-off-store-extension-install flag.
Edit: Unfortunately, Google removed this flag from Chromium in April.
However, if the user (or any program) starts Chrome without this flag even once, the scripts will be disabled automatically. You can't re-enable them, even with the correct flag; your only option is to uninstall them and re-install then in the easy off-store extension install mode.
So, your options are:
Start Chrome with the --enable-easy-off-store-extension-install flag every time. If you have pinned Chrome to the task bar in Windows 7, the way to change the command line arguments for this shortcut is described here.If you have set Chrome as the default protocol handler for the HTTP and HTTPS protocols (which is the case if you made Chrome your default browser), you can modify the registry so this flag is set every time a program tries to open an HTTP or HTTPS URL with the default program.Also make sure you set this argument for file extensions Chrome is configured to open, such as .xht, .htm and .xhtml.
You can do this with the following .reg file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command]
#="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --allow-easy-off-store-extension-install -- \"%1\""
Make sure the path to Chrome is correct when you install this.
Install an extension such as Tampermonkey to manage your user scripts.
Install a different browser, either developer builds of Chrome or a completely different browser, such as Opera (which has native support for user scripts) or Firefox (with Scriptish).
Blocking Chrome updates before you receive version 35 and risk getting hacked.
Switching to a different operating system, as extensions are only blocked on Windows.
If your computer is part of a Windows domain, you can install extensions using Group Policy.
Turn your user scripts into bookmarklets.
I realize this is probably not what you want to hear, but as Google continues to restrict honest developers because of a few bad players there are no better options.
Edit: there is one more approach that I've found to be working, namely hijacking an installed extension with the correct permissions:
Find and install an extension that has permission to run a content script at the web page you want it to run at. For example, the Note Anywhere extension has permission to inject a user script when a document has loaded for any HTTP or HTTPS URI.
Go to the extensions page to find the ID of the extension.
Open the folder where Chrome stores the extensions. On Windows, this is %localappdata%\Google\Chrome\User Data\Default\Extensions.
In manifest.json, find the name and location of the injected script. Overwrite the contents of this file with your user script. (In the case of the extension chosen as an example, this is asset/stickies.js.
Remove any content of the extension not referenced in manifest.json. Replace any referenced scripts and HTML pages that you aren't using with emtpy files.For the extension mentioned above, I'd remove anything except for the icons, the content script, asset/stickies.css and background.html and replace the latter two with an empty file.
Go to the Chrome extensions page and disable and then re-enable the extension.
Make a back-up of your work in case the extension is updated.
Make a note somewhere that the extension in the extensions list has its contents replaced with your user script.
EDIT : I validate this solution because it's what helped me particularly on this problem. A much richer answer is the list of workarounds submited by user2428118. Even if they did not solved my specific problem, they should be considered.
I finally could find an answer to my question thanks to the link posted by yoz, and the fact is that you can still enable a script unrelated to the PlayStore, without any third party plug-in, but as you'll see : it might be better to use TamperMonkey (even if it might imply little adaptations, it's 200% easier).
The solution is to import the unpacked user-script in developer mode.
Step By Step Explanation
Create your user script myscript.user.js as usually
Include it in a directory and create a file named manifest.json. You'll get this structure (can be zipped for distribution) :
myscript/
manifest.json
myscript.user.js
The manifest.json is a file required to import your script as a Chrome extension in developer. It describes your user script. Here is the related documentation, but the minimal code for our purpose is :
{
"manifest_version":2,
"version":"1.0",
"name": "MyScript",
"content_scripts": [
{
"js": ["myscript.user.js"],
"matches": ["http://domain.com/"]
}
]
}
Now that you have your directory with your user script and manifest.json, you can import it as an unpacked extension (a packed one will be disabled after Chrome's restart). To achieve this, simply check the "developer mode" and choose "Load Unpacked Extension...". Navigate to the directory created at step 2 and select it : that's "all".
Pros
Native solution
Natural for you if your developing your script on Chrome (obviously this wasn't my case :P)
Your script is now treated like a "real" extension.
Cons
Oh, god... I'm missing the one-click install : even if the user only has to achieve the step 4 it's still a pain.
Looks less "professional" because the user has to enable the developer mode
No longer "cross-browser" distribution since the Google Chrome's script has to be packed in a special way
The original directory cannot be (re)moved without breaking the script
A warning will be triggered every single time Chrome is opened to ask if you are sure that you want to use developer mode
Conclusion
I liked the way user-scripts had native support on Chrome : every third party plugin has some small variations (ie : datas or xhr handling). But the cons are to numerous and to important (especially the two last ones)... Even if enabling a non-PlayStore script is possible in a native way, it became such a pain that I recommend to adapt the script for a plugin such as TamperMonkey. After all, Chrome was an exception since every other browser require a plugin, now these plugins are the only way.
I still feel a bit disappointed, so if anyone happens to find a better solution (still hoping for some white-lists) I would enjoy to offer some bounty.
EDIT : Please note that user2428118 provided a list of other interesting workarounds. Even if they did not solved my specifif problem, they should be considered.
EDIT : manifest fixed
The continuation of solution number 1 from #user2428118 answer.
To ensure that you ALWAYS starts Chrome with --enable-easy-off-store-extension-install flag you, can use (additional to editing all shortcuts in menu start etc.) this registry file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\http\shell\open\command]
#="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --enable-easy-off-store-extension-install -- \"%1\""
[HKEY_CLASSES_ROOT\https\shell\open\command]
#="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --enable-easy-off-store-extension-install -- \"%1\""
Replace C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe with actual path to chrome.exe in your system.
Unfortunately, aside from extensions like Tampermonkey, there don't seem to be good workarounds, given the way your script is generated differently for each user.
This is the best explanation I've found:
http://www.chromium.org/developers/extensions-deployment-faq

Chrome blocking javascript on localhost

I'm working on developing a site on my local machine (Windows 7 Ultimate x64) using WAMP, running APACHE v2.2.22, PHP 5.3.13, and MySQL v5.5.24. I'm developing using Chrome v 22.0.1229.94. I've got quite a bit of javascript in the site, however, and Chrome is relentlessly blocking javascript from running on the page.
Clicking on the little 'blocked javascript on this page' icon in the address bar includes the dropdown that has "Always allow Javascript on Localhost" checked off, and I also have a JavaScript exception in Chrome's settings explicitly saying to always allow JavaScript on 'http://localhost'.
Cookies are being allowed, "Allow all sites to run JavaScript" is checked off, and I have no idea as to why Chrome is not allowing the JavaScript to run.
Overall, it's not imperative to the project that I figure out a fix as both IE9 and Firefox 16.1 are allowing JavaScript and I can utilize them. I am simply curious if there's anything I can do to fix this in Chrome, as I would like to continue developing in Chrome.
If you notice that JavaScript is only blocked when the console is open (as some are saying), chances are that you disabled JavaScript in the console settings.
Open the console.
Click the vertical ellipsis icon (or the gear icon on older versions) in the upper right and go to settings.
See if the "Disable JavaScript" checkbox is checked.
I have the same issue, but only when the console is open. When the console is closed, JavaScript loads fine on localhost. Makes it hard to debug things though....
I got around it by opening localhost in an incognito window.
You can give your local server a domain name, may be that would help.
Open C:\Windows\System32\drivers\etc\hosts in notepad
Edit that file add a new line at the end
127.0.0.1 mydomain.com
Save, now goto chrome and type in http://mydomain.com/ this should point to your local server.
Since you nolonger run on "localhost" may be chrome will let you pass.
Let's me know if that works. Good luck!

Why does IE8 fail to window.open() when viewing local HTML files (and how to fix it)?

Due to orders, I must test some pages from a local file system running Windows XP and IE8. Firefox and other browsers can view the documents and javascript for opening new windows works. However, with IE8, I get new window filled with some default error message, "Internet Explorer cannot display the webpage".
Anyhow the first "launcher" html is located in a path like so:
C:\Documents and Settings\Tester1\My Documents\Sites\testsite\Launcher.html
Launcher.html has links which call window.open() with a URL of Target.html. This is the point of failure. The window opens, but contains only the error message.
It's a security feature so a rogue site can't poke and execute malicious commands on your machine.
I'd reckon your best bet is to setup a simple server like XAMPP.. just for local testing.

Categories

Resources