Question How do I open access in runtime without security warnings? (1 Viewer)

G

Gezza

Registered User.
Local time
Tomorrow, 01:12
Joined
Jun 19, 2009
Messages
53
Hi,
I am in the process of upgrading from Access 2003 to 2010 the current databases are split and users run the application in runtime.
I have been able to upgrade successfully except for the Security Warning I get when opening the database in runtime.
Have tried changing settings in the Trust Centre, this has fixed the Full Access security but seems to have no effect on Runtime.

Hope Someone can help
 
P

Pat Hartman

Super Moderator
Staff member
Local time
Today, 11:12
Joined
Feb 19, 2002
Messages
43,224
The trust center locations must be added for each user. The runtime respects them and will give the same security warnings as the retail version. Did you also lower the macro security settings? Please post the exact message you are getting.
 
G

Gezza

Registered User.
Local time
Tomorrow, 01:12
Joined
Jun 19, 2009
Messages
53
Hi Pat Hartman, thanks for your response
I've tried changing the Trust Centre settings for my own PC but still get the warning, which is:-
<Microsoft Access Security Notice
A potential security concern has been identified
Warning: It is not possible to determine that this content came from a trustworthy source. You should leave this content disabled unless the content provides critical functionality and you trust the source.>

<File Path C:\..>"the file path for the front end"

<This file might contain unsafe content that could harm your computer. do you want to open this file or cancel the operation??

More information <-- "this link does not work I believe because there is no Help file in runtime"
I've added the file location in the trusted locations but that didn't seem to work

Gezza
 
G

Galaxiom

Super Moderator
Staff member
Local time
Tomorrow, 01:12
Joined
Jan 20, 2009
Messages
12,851
The best way to deal with security is to Digitally Sign the front end. I understand that Microsoft reintroduced this facility in 2010 after removing it in 2007 which only allows a package to be signed.
 
P

Pat Hartman

Super Moderator
Staff member
Local time
Today, 11:12
Joined
Feb 19, 2002
Messages
43,224
This may be the message you get from files downloaded from unknown sources. Open a Windows Explorer window and navigate to the file. Right click to bring up the DOS attributes. Is there a button that lets you unlock the file?

What is the macro security setting? It should be as low as possible.
 
G

Gezza

Registered User.
Local time
Tomorrow, 01:12
Joined
Jun 19, 2009
Messages
53
Hi Pat Hartman,
File is not locked in the DOS attributes and macro settings are as low as possible
 
McSwifty

McSwifty

Registered User.
Local time
Tomorrow, 03:12
Joined
Jan 14, 2010
Messages
67
Hi guys,

Long time since I posted, but I have actually done this for all my work PC's. I am the designer and programmer and all other machines are running runtime only.

Just paste this into a text doc and save as a .reg file, then run it on each PC as needed to import into the registry.

Code: 
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Access\Security]
"VBAWarnings"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations]
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\Location0]
"Path"="%userprofile%\\my documents\\"
"Description"="my docs"
"Date"="14/03/2011 5:39 p.m."
"AllowSubFolders"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\Location2]
"Path"="C:\\Program Files\\Microsoft Office\\Office12\\ACCWIZ\\"
"Description"="Access default location: Wizard Databases"
"AllowSubFolders"=dword:00000001

It has worked for me on all but one machine that was logged in on a user with complete lockdown security settings. I couldn't even right click on the desktop to change the desktop wallpaper on this PC.

HTH
 
G

Galaxiom

Super Moderator
Staff member
Local time
Tomorrow, 01:12
Joined
Jan 20, 2009
Messages
12,851
McSwifty said:
Just paste this into a text doc and save as a .reg file, then run it on each PC as needed to import into the registry.
Click to expand...

I know this is a frequently suggested solution but it is plain wrong to do this. It effectively defeats the whole point of having trusted locations and warnings. It is a scary thought that this is being used in a corporate environment.

Code: 
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Access\Security]
"VBAWarnings"=dword:00000001
Click to expand...
This setting simply allows the VBA from any Access database anywhere on the PC to run without giving a warning about the code.

Code: 
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\Location0]
"Path"="%userprofile%\\my documents\\"
"Description"="my docs"
"Date"="14/03/2011 5:39 p.m."
"AllowSubFolders"=dword:00000001
Click to expand...
This setting makes MyDocuments and all its subfolders a Trusted Location. MyDocuments is often a default place to save so it is very likely that the user will download from the internet straight into the Trusted Location.

I would urge all developers, especially those in corporate environments to learn how to use Digital Signatures.

Domain Group Policies should also be applied to set VBAWarnings to 4 so as to prevent any unsigned code from running for ordinary users.
 
McSwifty

McSwifty

Registered User.
Local time
Tomorrow, 03:12
Joined
Jan 14, 2010
Messages
67
Well, forget I said anything then....

How do I go about digitally signing the front end?

that would be nice to know <---- Nevermind, I gooooogled it!

Looks like the company plans to deploy in delphi are cheaper than getting a signing program anyway.

thanks for advice.
I will change back all the PC's now an remove the registry hacks!
 
Last edited:
G

Galaxiom

Super Moderator
Staff member
Local time
Tomorrow, 01:12
Joined
Jan 20, 2009
Messages
12,851
You must have been unlucky in the hits you got. I had a really hard time finding out all I needed to know when I got into it too.

There is no extra cost involved. The VBA component in all MS Office applications includes the facility to digitally sign. In 2007 you can sign an mdb or mde Front End or an accdb of accde package. In 2010 you can also sign an accdb or accde front end (so I am told).

Access runtime is free and allows Access databases to be run on any PC at zero cost.

The lowest level of Digital Certificates involves creating a self-signed certificate. If you have a server it can generate a certificate verified by the server across your domain and installed on the workstations via Group Policy.

I have posted extensively on this forum about this subject but can't find it right now. Will try to track it down tomorrow. Too late tonight.

If you care to design in VB.NET the automatic signing is also built into the free Visual Studio Express.
 
J

jsnfrs

Registered User.
Local time
Today, 08:12
Joined
May 13, 2013
Messages
10
McSwifty,

Just to add to the reg entries you posted. They worked for me and I'm glad helpful users like you are still contributing your knowledge to the forum:

Just a reminder to person using the entries; remember to change the MS Access reference to suit your computer's file paths and access version, for example, if you are using 2010 like me then all the 12.0 version references must be changed to 14.0 and in case you are running win 7 OS, remember the change the folder reference to "Program Files (x86)".

It worked fine for me after those changes and best of luck to all users.

Lastly, I think we can make the forum a bit more exciting by posting a few photos or if possible a sample of our recent access projects, just for motivational purposes and to be able to share with others and have them see the true potential of access. Let me know what you guys think.

btw Mcswifty, you saved me about $450 to $650 because I was almost going to buy that sagekey software in order to do what those reg entries did, thanks a again.
 
McSwifty

McSwifty

Registered User.
Local time
Tomorrow, 03:12
Joined
Jan 14, 2010
Messages
67
Thanks jsnfrs, just be aware of the security risk (see post #8) of having your whole "my documents" folder 'open' to run any DB.

I would go with the option that galaxiom has suggested. I have not as yet even a year on but I have 'fixed' all the work PC's to avoid having hte security risk open like this. Each user just has to press one more open button on each launch. But given they have it open most of the days its not much to ask. - there are still plans to go to sqlServer and a delphi interface but things are slow given a new building on the site I work on and the large infrastructure needed to go into it.
I have just had that issue of some pc's running winxp and a few running win7 - i have found issues with emailing pdf's (save a report to pdf then email) due to write priveliges on the folders. a bit of a headache and the solution should go in another thread.
 
D

dplaut

New member
Local time
Today, 08:12
Joined
Oct 20, 2014
Messages
1
Whole discussion re: certificates is kind of silly if the security can be defeated by adding a registry entry to the current_user registry.
 
gemma-the-husky

gemma-the-husky

Super Moderator
Staff member
Local time
Today, 16:12
Joined
Sep 12, 2006
Messages
15,640
I am surprised. I didn't think you could overcome the warnings in runtime.

I am sure changing the registry manually, is no different to whatever happens in Access when you set macro security to low. As long as you are careful what you install, it won't be a problem.
 
G

Galaxiom

Super Moderator
Staff member
Local time
Tomorrow, 01:12
Joined
Jan 20, 2009
Messages
12,851
dplaut said:
Whole discussion re: certificates is kind of silly if the security can be defeated by adding a registry entry to the current_user registry.
Click to expand...

That depends if the user has persmissions to change the registry. It is also possible to lock down the ability of users to run unsigned code.

These settings can be easily made using Group Policy on a domain.
 
EternalMyrtle

EternalMyrtle

I'm still alive
Local time
Today, 08:12
Joined
May 10, 2013
Messages
533
I was having this problem with the security warning appearing when the application was launched in Runtime on some user machines (but not all). The program was being run in a trusted location.

I solved it by enabling all macros in the trust center macro settings dialog box (see attached picture). I'm not sure if this is the ideal solution and I still don't understand why it was necessary since the program (and any accompanying macros) were all being run out of a trusted location but it did solve the issue and is an easy fix.
 

Attachments

  • TrustCenter_MacroSettings.jpg
    TrustCenter_MacroSettings.jpg
    49.3 KB · Views: 925
The_Doc_Man

The_Doc_Man

Immoderate Moderator
Staff member
Local time
Today, 10:12
Joined
Feb 28, 2001
Messages
27,142
Be aware that your network security folks can impose a domain-level group policy that prevents registry changes in some parts (hives?) of the registry. If you work for a government site, it may actually be illegal (low-level felony or a stiff misdemeanor) to change registry settings, particularly if your security wonks have tried to block it.

What you do on your own personal machine is your business. If, on the other hand, you had to sign an agreement with your employer with regard to PC usage policies, read the fine print before mucking about in the registry.
 
You must log in or register to reply here.

Similar threads

G
Best Practices for Preventing Unauthorized Access to SQL Server in Access Applications
Replies
2
Views
262
Pat Hartman
P
G
Append query on linked tables via Access Runtime
Replies
9
Views
384
Giammarco_F
G
L
Second instance of Word opened from Access arises security warning?
Replies
14
Views
648
lauro
L
P
Solved Seat license security
2
Replies
25
Views
1,364
Pat Hartman
P
MsAccessNL
Create Navigation Pane or ListView to be used in Runtime Version
Replies
3
Views
301
tvanstiphout
T

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Top Bottom