This question already has an answer here:
Programmatically enable Excel macro in C#
(1 answer)
Closed 4 years ago.
I am forcing my user to run a batch file to run an Excel VBA Application because it is run as a different user that has rights to certain resources that the user doesn't have direct access to.
The batch file is shown below and works great. The only thing I don't like is that because the file is run as a different user, it always asks you to enable macros when you hit excel.
Is there a way to run the Exel in the batch file such that it doesn't ask you to enable macros--that they are forced enabled?
The account I am using to run is a service account. It has no log in privileges. It only has rights to read and write to certain folders.
HERE IS MY BAT FILE:
runas /user:ALLIEDFIT\teammtr /savecred "C:\Program Files (x86)\Microsoft Office\Office15\Excel.exe \"\\afhoufile02\User_Folders\Allied MTRS\Allied MTRS Auto\Z_Dev\_Prod_Push.xlsm\""
Sign your code with a digital certificate that is trusted as code publisher in your company computers.
Then set via group policy for all clients "disable all macros except digitally signed".
After that Excel will never ask again to enable macros for your digitally signed codes.
Alternatively set via group policy that some folders are trusted locations, so that VBA code in these locations is automatically trusted. See Add, remove, or change a trusted location. But I recommend to do this via group policy: GPO To Block Macro’s On Local PC But Not File Shares.
Related
I've seen a lot of answers on copying files that use code to set a network share, with credentials, to copy to somewhere else. However I need a solution that will allow a user to copy from a network share they already have access for, to a local drive they don't have access to.
We run RDS servers and have locked down direct access to the local C:/ drive on the servers. We have been given a 3rd party program that needs to read data files that must be stored in a fixed path on the C:/ drive. These data files are updated once a month. Our users have read access but we do not want to give them direct write access to the root C:/ drive.
I need to write a piece of vb.net, or command line code in .bat file that will copy files to the Local C:/ whilst providing the details of a service account to provide the access.
As mentioned I've seen a lot about setting up a mapping to shared folder and passing creds, however we don't want to set the C:/ as mapped shared drive in this instance.
You don't want the user having access to the C Drive in general, is there any particular reason the permissions on the particular subfolder the files are going to can't have overriding permissions to allow writing to just that folder?
If that will not work, first thought that comes to mind is having a helper program that can be ran under a different user that does have that access. Set up an intermediate folder the user can write to, the program that they can launch drops the files into a folder they have access to. Helper program watches for files in the intermediate folder, moves them to where they need to be.
Set up would need to include adding a user that does have access to both locations, and then adding to task manager to launch the helper program under that other user at login.
My VBA macro has this line of code:
Workbooks.Open FileName:="https://<MyOneDriveForBusinessFolder>/<MyFileName.xlsm>"
The whole macro works fine for users in the company office, but fails on the above line for users logging to corporate network from remote locations.
The folder is shared with entire security group, all users have "Can View" access level.
All users, including those for whom the code fails, are able to access the folder/file via browser.
Not sure if this is of any importance, but as this is OneDrive for Business, I believe the file is encrypted.
Can anyone advise please, why this is happening?
Your corporate OneDrive instance is location restricted. There's nothing Excel can do to overcome that. It's a security feature.
I've created login_form that appears before worksheet and gets data (username or code) from login_form then filters inside Excel. Now I want to use this Excel file (.xlsm ) in OneDrive, that login_form will appear and users can use it on web (online). Is it possible?
And when users open this file in local, asks "enable macros" and "enable editing". Is there function that VBA automatically enables macros and editing in this file? Thanks in advance
"Is it possible?"
Not really clear what you exactly mean by "use it on web (online)".
But fact is you need Excel to open an Excel file and use macros. Therefore you cannot do this online, but the users need to (temporarily) download that file and open it locally then.
"enable macros" and "enable editing"
These messages are for security reason! So nobody can run evil code on your computer without permission.
There is no way that you can enable macros at your users site. But you can sign your code digitally with a certificate which …
… is generated by a trusted certificate authority (not free, need to pay).
… is generated by yourself (free).
But then your users need to trust that certificate once on their computer.
If the macros are digitally signed and the certificate is trusted you won't get the message to enable the macros.
I and another guy are developing an add-in project for PowerPoint using C# and VSTO. Our project is being kept in a repository and every time when one of us gets a newest version from the repository, updated by another one, he gets a compiler problem with signing. Up to now, we solved this compiler problem by generating a test certificate on the corresponding machine every time after updating from repository.
My question is: Is it possible to avoid somehow this every-time generating of a test certificate after taking the solution, compilable on other machine, from the repository in order to have it compilable on both machines?
We tried everything:
We used the same .pfx file for both of our PC's (i.e. we sent this file to the repository).
We tried to uncheck the checkbox "Sign the ClickOnce Manifest" in the Properties window of the Solution and to remove the .pfx file at all.
We tried to use our own .pfx files with putting them into the ignore list.
But there was no result!
We have a similar scenario and we are doing the following:
'Sign the ClickOnce manifest' is signed with a locally generated .pfx key that is checked into the repository.
The assembly is signed with a strong name key.
On the build server the manifest is re-signed using the company's digital certificate for deployment using the instructions provided in this article - http://blogs.msdn.com/b/vsto/archive/2009/04/29/signing-and-re-signing-manifests-in-clickonce.aspx
Let me answer my own question. The solution is probably found. The steps are the following:
One developer should generate a new .pfx file defining the password. As a result, he can already develop the add-in correctly, on his machine; but other developer still can not, on their machines.
Using the same tab of the project's "Properties" window, this developer has to select the same .pfx file with the "Select from File..." button, giving the password.
The .pfx file should be sent to the repository (i.e. one shouldn't include it into the ignore list). As a result, other developers will not be required to generate anytime other .pfx files anymore.
We are ready!
The "magic" is that knowing the password by all developers is crucial. When the .pfx file is added to the project as it is described in the item 2, it means that all developers know the password.
On Windows Server 2008, is there an easy way to modify security permissions for multiple files at once (as with Windows Server 2003)? Right-click - properties does not provide a "Security" tab if more than one file/directory is selected (i.e. ctrl-click multiple files).
As well, short of making registry changes, is there a way to edit files in notepad without having to open up notepad as an administrator? As it is, because of UAC you must open Notepad as an admin and then open the file you wish to edit (otherwise, cannot save).
UPDATE: Moved to https://serverfault.com/questions/30991/windows-server-2008-change-security-settings-for-multiple-files-at-once
ANSWER TO PART B: "As for editing the files: if you give regular (non-admin) users write permissions to the files, you don't have to run notepad as admin." Thanks #Martin v. Löwis
As always, there is cacls.exe (or xcacls) to change the ACLs for multiple files. Dunno whether you would call that "easy".
As for editing the files: if you give regular (non-admin) users write permissions to the files, you don't have to run notepad as admin.