Trust Center and Auto Updating Front Ends

[SkeletorPlus]

Hi all,

I built an access application that distributes itself over a file share, and checks for updates from the OG location on the file share. This issue is that I am running into trust center issues where the first time the new databases are opened the AutoExec macro can’t run and it’s confusing my users. Any work around for this besides going to every user and making sure they have trust center settings enabled?

 

[isladogs]

Make sure all users run the database from a trusted location so that it will work first time.
Depending on how your distribution is managed, you should be able to include a registry script for setting this as part of the distro.

 

[theDBguy]

The way I handle this situation is to rename the FE to accdr, and I don't run into this problem too often.

 

[tvanstiphout]

The way I handle this situation is to rename the FE to accdr, and I don't run into this problem too often.

Are you saying ACCDR does not require Trusted Location?

 

[theDBguy]

Are you saying ACCDR does not require Trusted Location?

LOL. Sort of. ACCDR asks the user to enable content without them knowing that they are doing it (kind of).

 

[isladogs]

LOL. Sort of. ACCDR asks the user to enable content without them knowing that they are doing it (kind of).

Sorry, but I don't agree with doing that. Instead they get this security message:

Are you really suggesting that having users click Open on the security message is a satisfactory solution?

 

[theDBguy]

Are you really suggesting that having users click Open on the security message is a satisfactory solution?

For my situation, yes, that is the best workaround. You see, that prompt forces the user to act, and that action enables the code without having to deal with trusted locations. If you can do trusted locations, that's the best approach. But when you can't, this is the simplest solution, in my humble opinion.

PS. Just for context, "my situation" is that our IT removed the ability in Office to access the Trust Center. So, we can't create Trusted Locations.

 

[isladogs]

In my experience when end users see that security message, it can cause a lot of concern and the response is often to click Cancel

Although your situation is imposed by your IT department, it is short sighted. You could probably still add trusted locations using code without that being blocked. Or ask the IT department to set up a specific trusted folder and subfolders and use that location for all apps.

In any case, code run from trusted locations can be at least 20 times faster as it bypasses the AMSI scan which otherwise runs not once per app but every time you run any code.

Currently answering on my phone. I have an article on this topic and will post a link when I’m back at my computer

 

[theDBguy]

Although your situation is imposed by your IT department, it is short sighted. You could probably still add trusted locations using code without that being blocked. Or ask the IT department to set up a specific trusted folder and subfolders and use that location for all apps.

Just FYI, for more context, I can't even reach this forum from work. Users are really restricted on what they can do. Since the users are aware that the app came from me and they need it to do their jobs, they don't have any concerns with clicking the Open button (I guess they're used to it now).

 

[isladogs]

FWIW, I understand the restriction on accessing forums from work

Anyway, the article I mentioned is:

Is Location Trusted?

This article includes updated code to check whether an Access app is running from a trusted location. It also explains why using a trusted location is better than just trusting the Access app itself.

isladogs.co.uk

In particular, see section 4: Which is better? Trusted Document or Trusted Location?

 

[Gasman]

I was lucky when I was working at Lloyds Bank, that this forum was NOT blocked.
I got a lot of help here at that time.

 

[Pat Hartman]

When you are at work is when you need to be able to ask questions or search for answers

 

[The_Doc_Man]

When I was still working with the U.S. Navy, we were allowed to open up links. I had to discuss it with the boss once. After he saw the kind of things on the tech topics in the forum, he gave me blanket permission and it was never a problem.


The IT shop kind of HAD to let us do that because we were sys admins and had to download vendor-specific patches. They didn't want to have to download and test every vendor patch, and we had maybe a couple of dozen brand-names for the computers (which meant a couple of dozen network stack packages) and several sets of device drivers for the proprietary devices on some of the systems. SO the IT guys reluctantly said, "OK, you can get to the outside network through this particular gateway." Considering that we were a hosting center for 60-80 projects by 2010, with a total of over 1000 obscure servers and maybe 500 public-facing servers, they didn't want to have that responsibility. Didn't break my heart one bit that they wanted us to do it.

 

[NauticalGent]

Just FYI, for more context, I can't even reach this forum from work. Users are really restricted on what they can do. Since the users are aware that the app came from me and they need it to do their jobs, they don't have any concerns with clicking the Open button (I guess they're used to it now).

My situation is similar. One strange characteristic is that i can reach AWF as a guest, but as soon as I log in, I get the DoD-Site blocked message.

For now, I used DBG's Autoexec macro that checks for trusted location and either alerts the user to click the "Enable Content" button or opens the main menu form.

I hate that I have to do this, but it is the least confusing to the users.