Raland9966
asked on
Setting up Certificate on Access 2007 Runtime workstations to avoid Security Notice with Frontend DB
I've done a bunch of reading on the security and cerficates used in Office VBA project but I'm still fuzzy on if I can get rid of the security notice:
"A potential security concern has been Identified"
Warning: trustworth source etc etc....
File Path: xxxx\xxx\
I have a split access 2007 operating only within my own domain (sbs 2003). Both the FE/BE are located on a 2003 memeber server that is mapped as drive J: on all the domain workstations (XP sp3).
Also possibly worth mentioning is I have written a small visual basic "launcher" that is located on each workstation and it looks into the J: folder where the FE is, checks the file name and runs the latest version of the FE. The file name contains the day and version like this: ProgramX_08.10.24.02.accdb
I have 4 workstation that are using the access runtime and these system put up the above security warning where system with full blown access (office 2007) do not. I think I can setup the certificate authority on my domain server and sign my FE so this security message does not appear? Or can I sign the FE using the Office VBA Certificate tool and export this certificate to the other runtime workstations. I've tried a lot of different ways of signing and importing certs etc that I have read about in various articles but no success.
I wouldn't might getting an actual cert for macro signing but it looks like they are $400 a year and that's a bit much since I don't distribute projects outside my company. I'm all for security but it seems we are damn close to not being able to run projects on our own computer as we are creating them. Thanks in advance.
-Ralph
"A potential security concern has been Identified"
Warning: trustworth source etc etc....
File Path: xxxx\xxx\
I have a split access 2007 operating only within my own domain (sbs 2003). Both the FE/BE are located on a 2003 memeber server that is mapped as drive J: on all the domain workstations (XP sp3).
Also possibly worth mentioning is I have written a small visual basic "launcher" that is located on each workstation and it looks into the J: folder where the FE is, checks the file name and runs the latest version of the FE. The file name contains the day and version like this: ProgramX_08.10.24.02.accdb
I have 4 workstation that are using the access runtime and these system put up the above security warning where system with full blown access (office 2007) do not. I think I can setup the certificate authority on my domain server and sign my FE so this security message does not appear? Or can I sign the FE using the Office VBA Certificate tool and export this certificate to the other runtime workstations. I've tried a lot of different ways of signing and importing certs etc that I have read about in various articles but no success.
I wouldn't might getting an actual cert for macro signing but it looks like they are $400 a year and that's a bit much since I don't distribute projects outside my company. I'm all for security but it seems we are damn close to not being able to run projects on our own computer as we are creating them. Thanks in advance.
-Ralph
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Isn't LukeChung violating the membership Agreement?
"Advertising, promoting in any way or offering to sell any goods or services for any commercial purpose. "
"Advertising, promoting in any way or offering to sell any goods or services for any commercial purpose. "
ASKER
--------------------------
LukeChung-FMS:
For internal company needs, you can create your own digital certificate for no cost, give it to your users and have them accept the certificate one time to avoid this problem.
------------------------
This is want I'm trying to do, I need a little more specific details regarding "create your own digital certificate " and "give it to your users"...
I'm assuming you are talking about using the Office Tool and creating a "self Signing" certificate. which I have done. I don't know how to successfully export this cert off my workstation and import it onto the station with just the runtime. I think this is done in the bowels of interent explorer's Content/Certificates (obviously the first place a person would look for an office cert).
As for you suggestion on the access deployment solution. I seen several of these mentioned in other articles. What is the advantage to having the FE loaded to each workstation verses my setup were all the users run a single FE located on server? I can see where this might be needed with a large number of users, in my case I don't think i'll ever exceed 10 concurrent users.
LukeChung-FMS:
For internal company needs, you can create your own digital certificate for no cost, give it to your users and have them accept the certificate one time to avoid this problem.
------------------------
This is want I'm trying to do, I need a little more specific details regarding "create your own digital certificate " and "give it to your users"...
I'm assuming you are talking about using the Office Tool and creating a "self Signing" certificate. which I have done. I don't know how to successfully export this cert off my workstation and import it onto the station with just the runtime. I think this is done in the bowels of interent explorer's Content/Certificates (obviously the first place a person would look for an office cert).
As for you suggestion on the access deployment solution. I seen several of these mentioned in other articles. What is the advantage to having the FE loaded to each workstation verses my setup were all the users run a single FE located on server? I can see where this might be needed with a large number of users, in my case I don't think i'll ever exceed 10 concurrent users.
mx:
ID:22804396; "While you've already created a deployment solution for your front-end database, you may still want to consider our Total Access Startup program. It lets you centrally manage all your Access applications and makes sure each user runs the Access version you specify and automatically deploys updates of the front end database to each user's desktop. More info here: http://www.fmsinc.com/Micr
Luke
I would never advertise my services in a question because it violates the membership agreement. I have at times advised of a product that might work in a specific scenario, but nothing that I own an interest in , or know a person that has an interest in that product.
Jim
ID:22804396; "While you've already created a deployment solution for your front-end database, you may still want to consider our Total Access Startup program. It lets you centrally manage all your Access applications and makes sure each user runs the Access version you specify and automatically deploys updates of the front end database to each user's desktop. More info here: http://www.fmsinc.com/Micr
Luke
I would never advertise my services in a question because it violates the membership agreement. I have at times advised of a product that might work in a specific scenario, but nothing that I own an interest in , or know a person that has an interest in that product.
Jim
ASKER
As far as any memebership breach, It seems a FE manager of some type is integral to a good solution to this security issue. I've seen several others mentioned in my reading, many of which are free. No worries here. It's not like he chimed in and said he had a solution and I could have in exchange for $20 to his paypal accout.
"What is the advantage to having the FE loaded to each workstation verses my setup were all the users run a single FE located on server? I "
Many, none the least of which is minimizing the chance of corrupting the FE (and/or BE) - especially if a user has an abnormal shutdown. Another reason is eliminating or minimizing the 'Record Locked, Can't Update' error message.
jm ... as far as Luke, well ... kind of a special case maybe - considering the overall contribution of FMS to the Access community.
Personally ... regarding Macro (in)Security ... it's been a joke since A2003 and is *easily* circumvented. hence, AFAIK ... Digital Certs are just a money making scam conjured up by a handful of 3rd party companies in conjunction with M$ - and are completely worthle$$.
mx
Many, none the least of which is minimizing the chance of corrupting the FE (and/or BE) - especially if a user has an abnormal shutdown. Another reason is eliminating or minimizing the 'Record Locked, Can't Update' error message.
jm ... as far as Luke, well ... kind of a special case maybe - considering the overall contribution of FMS to the Access community.
Personally ... regarding Macro (in)Security ... it's been a joke since A2003 and is *easily* circumvented. hence, AFAIK ... Digital Certs are just a money making scam conjured up by a handful of 3rd party companies in conjunction with M$ - and are completely worthle$$.
mx
Hey Luke ... how are things? May the 1.0 Spell Checker live on :-)
joe
joe
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've seen the macro security referred to as "(in)Security " several time now. is this shorthand for PITA ;) ?
""(in)Security '
= Insecurity = False Security.
mx
= Insecurity = False Security.
mx
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi Luke,
You didn't offend me, but if I abide by the membership agreement, I can't self promote my practice here. If I recommend your products it's of no consequence because I have no interest in FMS. I have purchased your products, and my recommendation of your products has sent sales your way via my clients and will continue.
Regards,
Jim
You didn't offend me, but if I abide by the membership agreement, I can't self promote my practice here. If I recommend your products it's of no consequence because I have no interest in FMS. I have purchased your products, and my recommendation of your products has sent sales your way via my clients and will continue.
Regards,
Jim
"Speller 1.0 very far back."
Luke ... I beta tested 1.0 and 1.1, remember. Last time we met was at the San Diego Access User Group - where I won the FMS product - and you later exchanged it for the Admin product.
joe
Luke ... I beta tested 1.0 and 1.1, remember. Last time we met was at the San Diego Access User Group - where I won the FMS product - and you later exchanged it for the Admin product.
joe
Hi Joe,
Yes I remember you. Glad to be working with a Genius!
Hope Total Access Admin is working for you, and thanks for your support.
Luke
Yes I remember you. Glad to be working with a Genius!
Hope Total Access Admin is working for you, and thanks for your support.
Luke
ASKER
I'm going to check out a FE deployment solution as mentioned, to hopefully just avoid the (in)Security issue. I split the points, hopefully to everyone's satisfaction. Want to keep everyone happy since I'm going to be back with a lot more question. cheers :)
-Ralph
-Ralph
http://msdn.microsoft.com/
But digital certificates aren't used in Access 2007. You should establish a trusted folder on each user's machine where you're installing the front end database (look under Access Options, Trust Center, Trust Center Settings). This will tell Access 2007 to trust any database located there.
While you've already created a deployment solution for your front-end database, you may still want to consider our Total Access Startup program. It lets you centrally manage all your Access applications and makes sure each user runs the Access version you specify and automatically deploys updates of the front end database to each user's desktop. More info here: http://www.fmsinc.com/Micr
Hope this helps.
Luke