Getting a Scripting.FileSystemObect error from local VBscript in IE8

I'm currently working on laptops that go in Police Cars. They run an app called IMobile which is an extension of our CAD system, and allows them to do vehicle lookups, get more info on a call, etc.

The IMobile app is basically an IE overlay and it uses htm files that are on the local laptop. We've added in some simple VBScripts that do various tasks. Some common functions that are required for these tasks are in a VBscript called PoliceFunctions.vbs which is included in the same directory as all the other scripts. This method worked fine in previous versions of IE and Windows, however we're getting scripting errors in Windows 7 with IE8, specifically, 'ActiveX component can't create object: "Scripting.FileSystemObject"' and it references the functions script mentioned above.

If I set IE's settings to allow it to run 开发者_C百科ActiveX controls not marked as safe, the script runs fine, however I don't want do open a large security hole. I've tried adding localhost and the directory to the Trusted Sites list with no effect. I've tried re-registering SCRRUN.dll as mentioned in another post as well as wscript -regserver. And I've changed IE's settings to allow local Active Content with no success.

Anyone have any other ideas of how I can allow this script to run without opening a large security hole or having it nag the end user that his IE settings are going to bring about the apocolypse?

The explanation is long but explains how IE uses security zones to make trust decisions.

The URLAction of interest in this case is:

1201 Initialize and script ActiveX controls not marked as safe(URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY)

The default setting for this URLAction in the Local Machine zone is Prompt, and in all other zones it is Disable. Only if you change that setting to Enable will you bypass the prompt. You cannot use the Internet Control Panel to adjust the security settings for the Local Machine zone because only the other four zones are shown in this UI. To change the setting for the Local Machine zone, you can edit the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

Change the value for entry 1201 from 1 to 0

Write an ActiveX, implement IObejctSafety and wrap FSO methods in it. Note this is lying about the ActiveX's scripting safety but it is better than open to every unsafe ActiveX.

As the app "uses htm files that are on the local laptop" you could try to switch to a .hta application. For a quick test, just rename the *.html to .hta; if it 'works' add a suitable hta:application tag. To start