Question Ac2k7 - Just how screwed am I?

[The_Doc_Man]

I work with the U.S. Dept. of Defense. We do not get to choose which version of Office we run and the powers-that-be just upgraded us from 2003 to 2007. I developed an Access 2003 application for my department, but then we had this upgrade foisted on us. Nor is it optional.

Now when I open my Access 2003 database, ALL of the VBA is disabled and I have to enable it each time. I want to use full-screen mode but the forms are designed with no ribbon and no navigation pane.

I've searched the forum to find how to overcome some of these nightmares. A few articles are relevant, but the first problem with all of the code I found is this: If the code won't run underneath the switchboard when the user opens the database, NONE of my protections and modification can kick in.

The problems I have with the Trust Center is that EVERYTHING I want to use is grayed out, probably by department policy from some stuffed shirt 1500 miles away from here. I would LOVE to uncheck something or change the security settings, but I can't find how to do that. So I have to tell it to trust me, but I can't seem to get there from here, either.

Is there ANY way to tell AC2007 to STFU and behave like 2003? (Yes, I'm frustrated. This DB was a 6-month project and now Ac2007 is TOTALLY in the way. TOTALLY.)



Normally, I'm Richard. But today, sign me as "Thoroughly Pi$$ed."

 

[Banana]

Have a look at Tony Toews' AutoUpdater. He claims that the utility does not require Admin privileges to deploy and use - I also understand it supports modification of Trust Center to enable your application.

Next, you may want to look into using AutoExec macro and check for the Trust to force quitting of the Application should it be opened in non-trusted mode.

See if his utility will help out...


I'm so sorry about the frustration.

 

[The_Doc_Man]

Actually, now that I'm over my moment of "ready to explode and take several people with me" - I have started on the solution, which begins by digitally signing my code module. Then save and close the DB.

Now open the DB again. You get the warning that some features were disabled. Click on the Options. You get a Security Alert dialog box. In that box, click on "Trust this user...". (If you didn't sign the code, you don't see this option and can only do a "Trust for this session only" selection. What a pain in the toches!) Click OK.

Close the database. Open the database again. This time, no warnings. That lets my startup code run under the opening switchboard. The rest of this solution I will handle from within the switchboard code by killing the various things I don't want to see.

The problem that DoD sites have is that often the workstation users (read "peons") are not allowed to define "trusted sites" and also cannot alter system security levels. However, if you digitally sign something, even another peon can choose to trust the signer. So I've put the required steps into my PowerPoint training module to show what you need to do for the Office 2007 cases.

 

[Banana]

Cool. I'm happy you found a suitable solution. I had forgotten about digitial signatures... So you are aware of that, this no longer works in an ACCDB file format, at least not in the same way as you have it set up to work with MDB file format.

If you can ride out the 2007 and get to 2010 without changing the file format, then you will be OK. In 2010, they introduced the idea of "Trusted Documents" which only require you manually click 'enable content' once and it's trusted indefinitely without re-prompting you again.

 

[The_Doc_Man]

I won't be converting my .MDB to .ACCDB, though I might make an .MDE deployment once this gets out of beta test mode. After all, this is not a "public" site in the normal sense of the word. More than 90% of my users will probably be able to reliably spell the words "computer" and "program" and not be confused about which one is which.

As to Ac2010... here it is, already in mid-2010 and we are just now getting a deployment of Ac2007. Hell, there's a good chance I'll be retired before Ac2010 gets deployed at this site. And if it DOES take that long, this project will be somebody else's problem. And people wonder why I get so cynical sometimes...

 

[Banana]

Totally understandable. I only mentioned this just in case the same stuffed shirt get the bright idea of asking you to convert this to ACCDB which you would have several more problems, probably. 2010 is much better but still...

Best of luck!

 

[gemma-the-husky]

i think its the trust center you need to set trusted locations, or set macro security to low

but it must save this in a config file, or in the registry - so i guess its grayed out becuase you dont have write permissions to something or other.

dont know for sure though.

 

[The_Doc_Man]

Gemma-the-Husky, I'm sure I don't have write permissions to whatever is needed for protected locations. Nor would it have worked anyway because I have a split FE/BE situation. The users are not supposed to run the FE from the shared location. (Kinda defeats the purpose of the split so that we only transfer data, not forms and other stuff.) They won't have the ability to define the trusted location either. We're all peons in this playpen.

Doesn't matter that I'm a former MVP or that I actually know what I'm doing at least 50% of the time. I'm a contractor peon and therefore do not have access to that Access feature. But digital signatures work correctly as long as I don't edit the code again. So each iteration of a new version will result a new signature and a new shared FE.

I've also found code to turn off the features I didn't want to see anyway, though I'm having an issue in getting the "locked down" version to dammitall lock down completely. That should be working later today.

The key for the ribbon is

DoCmd.ShowToolBar "Ribbon", acToolBarNo

(or... acToolBarYes when I'm unsecuring the DB). The key for the object pane is

DoCmd.NavigateTo "acNavigationCategoryObjectType"
DoCmd.RunCommand acCmdWindowHide

(or DoCmd.SelectObject acForm,,True when I'm unsecuring the DB.)

My users see a switchboard form. On it, they see an EXIT button. However, my boss and I are the DB supervisors. We get an extra "close switchboard" button that allows us to close the switchboard and then re-open the ribbon and object panels without exiting the database. Once I get that working right, it won't matter about the annoyance factor, and if the users try to get past the static "don't show the ribbon" and "don't show the object pane" settings, that won't matter either. I'm resetting those items at run time in the code behind the startup form.

 

[Banana]

...do not have access to that Access feature. ...

Just a teensy weensy correction - it's actually an Office feature, not an Access feature... not that would be obvious, though.

PITA either way, nonetheless. At least by making this feature tied into the GPO, they could start to give some real security but if you aren't best buddies with the domain administrator, it's just counter-productive. :/

 

[The_Doc_Man]

RPITA, for sure.

Actually, I knew it was an Office feature. Did some reading. But you're right, it would not be obvious.

About half of the security imposed by our domain admins is counterproductive, near as I can tell.

 

[The_Doc_Man]

Follow-up on this having to do with sending mail via Access through Outlook automation.

Under Office 2003, assuming you build the message appropriately, you can do a .Send of your message item that you create in appropriate code. When you do the send, you get a security warning but have the option to send the mail anyway.

Under Office 2007, the same exact code that didn't "barf" until it asked permission to send now traps on the .Send with an error 287, "Application-defined or object-defined error" - but the ultimate irony is that the mail gets sent correctly.

My short-term solution is that if I haven't already fallen flat on my face by the time I reach the .Send method, I allow the trap - but the trap handler looks for the specific error number and merely does a Resume Next from the trap code.

When I went on the web to see about error 287 with Access, Outlook, and Automation, I must have gotten over a hundred hits with more or less the same issues I'm seeing.

See also thread http://www.access-programmers.co.uk/forums/showthread.php?t=195360&highlight=Outlook