While opening any MS Access database, a security warning appears saying that the file can be harmful to the computer. However, is there a way to remove this message. Or should it remain a necessary evil
You can probably sign your program. I don't know for sure. Read this article and see if the same principle applies.
If you lower the security settings in your Access options it will go away I believe. Of course those settings are set where they are for a reason.
Here are some more notes on certification and security.
Certification, including self-certification:
http://office.microsoft.com/en-us/access/HP010397921033.aspx
General information on security principals for Office code and macro security: http://office.microsoft.com/en-us/ork2003/CH011480831033.aspx
Trusted location defaults for Office 2003
http://office.microsoft.com/en-us/ork2003/HA011403181033.aspx?pid=CH011480851033
Macro security in Office 2003
http://office.microsoft.com/en-us/ork2003/HA011403071033.aspx?pid=CH011480831033
You can eliminate the security warning at the startup of a ms-access project by putting the access project in a Trusted Location. Or Better yet, make your own Trusted Location.
I recommend creating a folder in the System (C) drive with the name of your project. For example, we could call the folder Database (Path: C:\Database)
Then enter this path as a registry key like this:
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Access\Security\Trusted
Locations\Location20] "Path"="C:\Database" "Description"="Access
Project location"
Now lets explain a few things about what this key did:
The number "14.0" is the version of MS Office. You can simply change that to the number that represents the version you are running.
The "Location20" is a unique name that we assigned. The 20 can be any number that is not already used. Other programs, including default MS Access wizards, already may have used other numbers. Or if you want to make more then one path as a trusted location, then each location must end with a different number.
The "C:\Database\" actually is the physical path that you want to set to be a Trusted Location. You can put any path that you choose here. I am not sure why it uses double \, but I just copied the example of how the previous keys were set up and this seemed to work best.
The Description is not needed, but obviously any description can be used.
For more details on how to make Trusted Locations work for your MS Access project, read our detailed explanation here: http://blog.ideaz.net/2013/12/how-to-remove-microsoft-access-security.html
Here's my notes from a similar, internal issue with Access 2003 a few years back:
Okay, so here's (evidently) the deal.
The network server was not in the Trusted Zone. Starting, IIRC, with SP2, this causes a Open/Save/Warning box when opening a file. By default, UNC paths are supposed to be in the Trusted Zone. I'm not sure why it wasn't, but here's the fix: Add server.dns and server to Internet Options->Security Zones->Local Intranet.
Unsafe Expressions Are Not Blocked. This is some ridiculously overcomplicated Access security model (Google for unsafe expressions and Access Sandbox Mode for more). Basically, Access (starting with 2003 and/or Jet 4.0 SP8, I think) warns you if a registry key is not set to disallow "unsafe expressions". The fix: Set HKLM\Software\Microsoft\Jet\4.0\Engines\SandBoxMode to 3, which blocks "unsafe expressions" for anything using Jet. This has to be done by an Administrator. Alternatively, I think that answering "Yes" to the Block Unsafe Expressions prompt as Administrator sets that key for you.
This file may not be safe to open. This is an easy one, and follows the whole macro security model in Office. Just set the Tools->Macro->Security (don't look in the Tools->Security menu...that'd be too obvious) to Low.
BTW, I still have no idea what an "unsafe expression" is - nor why it continually asks to upgrade to Jet 4.0 SP8 when it already has been (I verified that it was updated by checking the file versions). But with those changes, it no longer asks anything when starting up. --MB
In Control Panel, click 'Internet Options'.
In the 'Internet Properties' popup, select the 'Security' tab.
Select 'Local Intranet' zone.
Click 'Sites' button.
In the 'Local Intranet' popup, clear the "Automatically detect..." checkbox and set the following checkboxes:
"Include all local (Intranet) sites not listed in other zones"
"Include all network paths (UNCs)"
'OK'.
'OK'.
Now all Access dbs anywhere on your Intranet or any referenced by a UNC will open immediately without warning. You assess the convenience/security tradeoff.
Related
i have a shared access application, i created an accde file for 32-bit machine, when user open the application he/she getting a security warning
is there any way to disable this message from appearing to the users
thank you
You have to set their computer to be a trusted source. In order to get around this issue, you will need to create a Digital Certificate. Digital Certificates are good only on the computer they are created on, so if this database will be used on multiple computers then each one will have to create a Digital Certificate.
To do this, you will need to perform the following tasks:
Click on Start -> All Programs -> Microsoft Office -> Microsoft
Office Tools -> Digital Certificate For VBA Projects (If you don’t
have this, you will need to contact your IT Dept.)
Enter a Certificate Name. Make it obvious like MyProgramName and Click OK
Open the Access database which contains the security warning you want to bypass
Go into the Design View of any Module
Click on Tools -> Digital Signature
Choose your Digital Certificate you created in Step 2
Save and close the database
Re-Open the database. You will now be prompted with a different Security Warning that states the file has been digitally signed.
Check off the “Always trust files from this publisher…” box and click the Open button
All subsequent times you enter this database, you will not be prompted with a security warning.
Note - I wrote the above for our company based on Office 2003. If you're using a more recent version, the instructions may vary somewhat.
other way is following:
click on file and then options
click on trust center and then trust center settings on the right
then click on trusted locations and add new location
browse for the location and save.
that's it.. done.. now no more warnings..
That is a standard warning to indicate the file you are opening has web links and macros.
If you trust the file, just say OK or “Allow”
You can control if this message is displayed: Office button > Excel Options button > Trust Center > Trust Center Settings button (I have no idea why they have this extra button, DUMB DESIGN! )
More Information can be found here
I have an Access database that processes other Access databases. I get OP's error when connecting to one of the other Access databases. To fix the issues, I opened the other Access database and clicked Enabled Content. Then, the Access database is trusted and OP's error doesn't occur when connecting to that Access database from another Access database.
You can create a registry key that will add the directory as a trusted location and will not show the warning anymore. What's nice about this method is that you can easily automate this to happen on the computers where you deploy your app. See method #2 or #3 in this blog: http://www.accessrepairnrecovery.com/blog/fix-microsoft-access-security-notice
And in case the blogs ever gets removed, here is the important bits:
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Access\Security\Trusted Locations\Location20] “Path”=”C:\Database\”
“Description”=”My Database location”
Explanation about the key:
– The number “14.0” is the version of MS Office. You can change the numbers that represent the version you are executing.
– The “Location20” is a unique name that you assign. 20 can be any number that is not previously used. Other programs include default MS Access wizards, already have used other numbers. But if you want to make more than one path as trusted location, then each location must end up with different number.
– The “C:\Database\” is the physical path that you want to set to be as Trusted Location. You can place any path that you choose here.
By copy and pasting the above coding into a text file and save it with a name such as RemoveSecurityWarning.reg, you can then run the file into your PC’s registry just by making double click on the file.
The best way is to add the location of the document or the document itself to the Trusted Locations in Registry (if you use only Access runtime on client machines, there is no way to add it through the Office application, like you would do in Excel).
Here is the answer:
Adding Trusted Location to Access Run Time
You would need to create a new Location key and add the necessary Path (and Description) strings inside with the appropriate location of your file. This way the nag dialog will be gone and you won't need to worry about certificates.
Shared may mean it is located on a network share. It is not advisable to add a network location to the Trusted locations and you would need to set the additional flag AllowNetworkLocations to 1. I would advise you to copy the Access modules to the user computers, which would also make things better with the speed I believe.
If anybody else have this problem, it happened to me, with a shared file on a network environment, and the simplest solution was to install Microsoft Office service pack 2, even better is having automatic updates for Office turned on. You can find it here.
I have program which get the word file from server and after editing it saved back to server . It was working and i was able to save files back to server but suddenly files are opening in Readonly mode . I have searched alot on google and have tried all options but it seems not working.Any ideas clues ??
If the file displays as read only in Word that means word thinks the file is readonly, which means its seen something to make it think that. Since word does not integrate with access control methods over webdav, that means it can only be that word has determined that the server does not support required operations for writing. This can be:
does not support uploading (ie PUT). Webdav reports this in the OPTIONS request, so please check for that
does not support locking (ie LOCK)
does support locking, and the file is locked. But this usually gives the user a specific warning
Locking comes into play in different ways depending on how you're connecting to the server (on windows you can either use a mapped drive or a network location), and the means of opening (either clicking a link in a web page which uses the sharepoint dll, or opening directly from a mapped drive, or opening from the file open dialog in MS office), and of course the application doing the opening (ie MS Office, Open Office, etc)
Depending on what combination of the above you're using locking might or might not be required to edit.
Webdav indicates locking support in the following ways
- the supported levels header
- MS-Author-VIA header, which should return "webdav"
- the presence of LOCK in the OPTIONS response.
So you might need to check for the presense of those, probably by using wireshark or similar.
is there an api to change the Access Permissions for the COM Security? i need to write new values to "Edit Limits..." and "Edit Default...". are these plain registry settings? can't find how to set these entries.
The quick answer is Yes they are registry settings, the long answer is No they are not simple registry settings. The values are binary and point to an ACL structure. In order to change these you need to load, update, and save the ACL (which requires a fair amount of code). The DCOMPerm sample in the windows SDK is a decent place to start, i have used it as a basis for a set of classes i use at work to handle this problem (Unfortunately, i am not able to release that code into the public domain)
You can review the MSDN Documentation for the DCOM key structure - that covers computer wide settings. COM application specific settings are stored under its APPID in the registry in the AccessPermission and LaunchPermission values.
Keep in mind that modifying the ACLs for the machine wide settings can quickly render your machine unusable if you do it incorrectly. If i remember correctly, you can simply delete the values (via RegEdit) and the OS will restore defaults to bring your machine back... but i'm not 100% certain on that anymore.
EDIT: The binary data is actually a Security Descriptor, but ultimately its the contained ACL that needs to dealt with - the SD just adds one more layer of code when unpacking/packing it.
I have a form that has a list box and several buttons that run sqk statements for the list box.
sub on_onClick()
' error checking
me.listbox.rowsource = "SELECT tblMain.First, tblMain.last FROM tblMain ORDER BY tblMain.Last;"
so this kinda thing is what I use for the list box. it works fine for me in the .mdb, and after i have converted the database, split it, made the .mde I go into the mde and it works fine for me still. This is placed on a shared drive
HOWEVER, anyone else that tries to use this, none of the buttons are having an effect. Can't tell if they are not working, or the VBA is not returning any results for them. It works for me, but it is not working for them. So...this is for my local LAN team, I think they all have full control permissions??? The button clicks that get them to that form are working fine also.
please help!
A couple of things come to mind:
It is not clear from your question whether the mde file itself is on a shared drive or whether the back-end database is on the shared drive and each user has a copy of the mde file on their PC. If the users are using the same mde file on the network share then I would strongly suggest not taking this approach. (It probably isn't the cause of the issue, but it will get you into trouble down the road.) Give each user a copy of the mde (front end) and have the application point to the back-end database on the network share.
Make sure that the mde has the ability to relink the tables to the back-end mdb file.If you search SO you'll probably find examples of how to do this in code.
I suspect you may be running into an issue where the mde file is not able to find the back-end tables. In this case you won't receive an error message in your VBA code when you're setting the listbox's rowsource and it will appear as though nothing is happening.
Do they have Macro security disabled? By default, MAcro security is enabled in Access and none of your VBA code will run. To disable: open Access, Tools -> Macro -> Security and set to low.
I think it is generally best to use self-certified projects or a secure location rather than change security levels.
Some information on macro security:
Self Certify projects
General information on security principals for Office code and macro security
Trusted location defaults for Office 2003
Macro security in Office 2003
A friend asked for my help putting together an Access database for a small department at a university. It tracks medical info on some animals. The problem is that to make the application easy enough to use, we had to write some VBA code to glue different forms together. When we open the database (or a new, updated version of the database), we get the little VBA Macro Trust thingie, and we're having a hard time figuring out how to get rid of that warning. I'm an open-source developer and my organization's sysadmin, so it's usually not a problem for me to sign rpm packages with the CA Cert I maintain...
My friend's department uses Windows PCs with Novell, but their computer support department has stated that they don't provide any support for user-created applications (i.e. providing a certificate signed by the departmental CA) nor will they provide administrator access to the computers so that we can change the trust settings. They also don't have the skills or expertise to code the application for the users. (Thanks, chaps, mighty helpful.)
Additionally, in our entire University, users are explicitly instructed not to ever, ever click a 'yes, I trust this' button. Re-educating users for the sake of this little access database that she's put together is a problem, since about 20 people will be using it to look up information.
Since I'm helping her, my inclination would be to do it in C# with a embedded database file stored on a shared drive, but that also falls under "user created applications" and I wouldn't be able to run an installer since no one has administrative rights.
Is there any way to work around the need to bypass the trust setting for macros every time someone opens this file? I thought that if we didn't use macros at all and just used VBA it would work, but that's apparently not the case.
You might find some help on:
http://msdn.microsoft.com/en-us/library/bb421308.aspx#OfficeAccess2007SecurityConsiderations_EnablingExecutableContentDatabases
Specifically:
Embedded Access Macros
In Office Access 2007, you can now
embed macros in form events like VBA
instead of saving them in the Macro
collection as separate entities. This
makes them more portable because you
can copy and paste a control with an
embedded macro, and the macro remains
with the control. In many cases, an
embedded macro for opening a report is
sufficient instead of a short sequence
of VBA for the same task. You can see
many samples of these embedded macros
in the Featured Online Database
Templates in the Getting Started with
Access pane that appears if you open
Access 2007 without selecting a
database. Because most Access macros
are not executable content, they are
an important tool when you have to
make your databases work in all
circumstances.
You're clearly on the right track since you mention the TRUST CENTER. I don't use A2007, but 2 minutes of Googling turned up these two articles:
View my options and settings in the Trust Center
Create, remove, or change a trusted location for your files
The instructions given there for Access are:
Click the Microsoft Office Button , and then click Access Options.
Click Trust Center, click Trust Center Settings, and then click Trusted Locations.
If you want to create a trusted location that is not local to your computer, select the Allow trusted locations on my network (not recommended) check box.
Click Add new location.
In the Path box, type the name of the folder that you want to use as a trusted location, or click Browse to locate the folder.
If you want to include subfolders as trusted locations, select the Subfolders of this location are also trusted check box.
In the Description box, type what you want to describe the purpose of the trusted location.
Click OK.
Looks to me like that should take care of your problems, though it has to be done on each users computer.