Olav Aukan Getting information off the Internet is like taking a drink from a fire hydrant…


Using ActiveX to launch desktop applications from SharePoint

A client wanted to have a list of applications on their intranet with additional metadata so that these applications could be targeted to different users based on their Active Directory account and SharePoint memberships. This could be done easily for web applications where the Applications list would simply have a URL pointing to the application and open that URL in a new window when the user clicked it. The targeting would be achieved with the built in Audience Targeting features of SharePoint. However, for desktop applications this approach would not work.

Back in the days this would probably be done with a file:// link, but it seems that this feature is not widely used any more due to security concerns. I had no luck getting a file:// link to work in IE inside the client's environment, so I decided to look for other options. Ideally I would have liked to be able to do this with plain JavaScript, but then again allowing JavaScript to start local processed on your machine is not really secure either. So in desperation I turned to the much hated ActiveX... ActiveX will only work in IE, but because this is a corporate intranet and they've standardized on IE7 anyway, it's not really an issue.

So, how to implement this? I decided to create a document library to store a HTML file for each desktop application. This HTML file launches the application by using an ActiveX object and then closes the browser window when done. Each desktop application in the Applications list would then point to one of these files and open it in a new window. Let's see what this HTML looks like when launching Notepad.

    <script language="javascript">
      function LaunchApp(appPath)
          <!-- Launch application -->
          WSH = new ActiveXObject("WScript.Shell");
        catch (ex)
           errMsg = "An error occured while lauching the application.\n\n";
        <!-- Close window -->
        window.open('', '_self', '');
  <body onLoad="LaunchApp('C:\\windows\\system32\\notepad.exe')">

It's quite straight forward really. There's a JavaScript method to launch the application and the onLoad event of the <body> element is used to call this method. Notice the rather peculiar window.open() method though. This is a workaround I found on another blog that gets rid of the confirmation prompt you get in IE when trying to close a window.

So now you've saved the HTML file to a document library in SharePoint and you click on it to confirm that it works as expected, but much to your disappointment nothing happens... You'll notice that the IE status bar now says "Error or page" or "Done" with the error icon. Double clicking the icon will bring up a description of the error where it says "Automation server can't create object". This is because by default IE will not trust an ActiveX control that is not marked as safe. The workaround for this is to modify the security settings for the Local Intranet zone to allow it to run the ActiveX control. Go to Tools -> Internet Options -> Security -> Local Intranet -> Custom Level and enable the option "Initialize and script ActiveX controls not marked as safe for scripting".

If you hit refresh in the browser now it will launch Notepad and close the browser window without any prompts.

Some thoughts:

  • Be sure to understand the consequences of enabling this option! It should be safe for the Local Intranet zone, but i wouldn't want it on for the Internet zone.
  • You probably want to push this option to all users with a Group Policy.
  • Applications that you want to launch this way must be installed under the same path on all computers.
  • The appPath parameter expects a DOS style path were "Program Files" become "PROGRA~1".
  • For some reason ex.message and ex.description are both empty inside the catch block.


The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

Any sample code on this blog is provided "AS IS”, without warranty of any kind. The author takes no responsibility for problems arising from the use of this code.