The only way to do exactly that would be to mark the WSH object as "Safe for Scripting", which would basically hand complete and total control of the PC over to any webpage that fancied it. Which would be an epically bad idea by anyone's standards.

For a very limited usage scenario, and given that your end user's are clearly using IE, why not just create a custom ActiveX control marked as safe-for-scripting that performs the correct drive enumeration for you? Given it'll be internal only, it's very unlikely some random website would prod at and even if they did, it'd only offer very constrained functionality rather than that provided by a generic scripting control.