I made another version where the only difference is that it requires a UNC path and makes no use of ActiveX whatsoever, if the client is fine with it, then it's all good.
If not, then how effective would it be to let this site into their Trusted Sites, and such only this website could make use of this ActiveX object? I noticed that this website already works in our network with the only caveat of producing a pop-up asking for confirmation, so it's not like I need to make any changes to the systems as I initially thought. Recall that this is an intranet site, no one will change internet zones.
-- Update ---
Looks like browse with UNC path will do fine.
Thanks for the feedback.