Change Macro Security Settings on PCs using Access Runtime?
Hi,
I'm deploying an .mde file using the Dev Package Wizard onto a number of user's PC's which'll only be running the Access Runtime.
Problem I'm having is that they're getting a load of the standard Macro security warnings which are making my app look dodgy.
Normally you can just set the Access Macro Security Settings to Low to resolve this, but not on Runtime.
I know you can change registry settings using the Package Wizard and have tried adding:
Current User - Software\Microsoft\Office\
But it doesn't seem to work. Unfortunately I'm not going to be able to change the Local Machine settings as that's blocked as part of my company's network security.
Any ideas?
Thanks.
I'm deploying an .mde file using the Dev Package Wizard onto a number of user's PC's which'll only be running the Access Runtime.
Problem I'm having is that they're getting a load of the standard Macro security warnings which are making my app look dodgy.
Normally you can just set the Access Macro Security Settings to Low to resolve this, but not on Runtime.
I know you can change registry settings using the Package Wizard and have tried adding:
Current User - Software\Microsoft\Office\
But it doesn't seem to work. Unfortunately I'm not going to be able to change the Local Machine settings as that's blocked as part of my company's network security.
Any ideas?
Thanks.
ASKER
Hi Peter,
Thanks, didn't know about that. How would I go about applying it, do I create a function which sets the AutomationSecurity and run it from an autoexec macro?
Thanks,
Alastair.
Thanks, didn't know about that. How would I go about applying it, do I create a function which sets the AutomationSecurity and run it from an autoexec macro?
Thanks,
Alastair.
<Unfortunately I'm not going to be able to change the Local Machine settings as that's blocked as part of my company's network security.>
Then I'd assume that changing the macro security settings would be disallowed as well? It would seem so.
If that's the case, then your only option would be to deploy this with a digital certificate, and have the user correctly install your app and certificate. If this is for internal use, you can build your own certificate (the link Peter gave shows how to do that). From there, you then sign your project (VBA Editor - Tools - Digital Certificate, choose and sign), then deploy your application.
Your end users will have to be running Jet SP 8.0, and they will have to accept your certificate and then enable "sandbox" mode. Here's a link that may help a bit more:
http://office.microsoft.com/en-gb/access/HA011225981033.aspx#180
Then I'd assume that changing the macro security settings would be disallowed as well? It would seem so.
If that's the case, then your only option would be to deploy this with a digital certificate, and have the user correctly install your app and certificate. If this is for internal use, you can build your own certificate (the link Peter gave shows how to do that). From there, you then sign your project (VBA Editor - Tools - Digital Certificate, choose and sign), then deploy your application.
Your end users will have to be running Jet SP 8.0, and they will have to accept your certificate and then enable "sandbox" mode. Here's a link that may help a bit more:
http://office.microsoft.com/en-gb/access/HA011225981033.aspx#180
ASKER
Thanks, yes - I can set the Current User Macro Security option in the registry, but not the Local Machine.
I think you can only set the Jet Security on the Local Machine which is what is tripping me up?
I think you can only set the Jet Security on the Local Machine which is what is tripping me up?
I'm not sure what you're referring to ... if you set the Macro Security on YOUR Machine, it affects ONLY your machine. It has no affect with others who use the database (i.e. it's a machine-specific setting and does not travel with the database file).
You can set security via vba, as you've suggested in your first post (i.e. the registry) but you also stated that your IT dept doesn't allow this. To me, this would mean that your ONLY route would be through properly securing your application via a digital certificate and proper implementation of Sandbox mode ... the link I provided (topic #18) provides you with this information, but in a nutshell you (a) stamp your code with a digital certificate, (b) insure that the user's machine is running Jet SP8 and then (c) advise the user how to correctly install and accept your certificate (this is a one-time thing). From there, assuming they correctly enable Sandbox mode, your app should run as expected. Of course if you make changes to the app you MUST remember to sign it with the same certificate, else your user will again be presented with the same issues.
You can set security via vba, as you've suggested in your first post (i.e. the registry) but you also stated that your IT dept doesn't allow this. To me, this would mean that your ONLY route would be through properly securing your application via a digital certificate and proper implementation of Sandbox mode ... the link I provided (topic #18) provides you with this information, but in a nutshell you (a) stamp your code with a digital certificate, (b) insure that the user's machine is running Jet SP8 and then (c) advise the user how to correctly install and accept your certificate (this is a one-time thing). From there, assuming they correctly enable Sandbox mode, your app should run as expected. Of course if you make changes to the app you MUST remember to sign it with the same certificate, else your user will again be presented with the same issues.
ASKER
Sorry, should have been clearer - I can change the registry on the install machine, but only the HKEY_CURRENT_USER not the HKEY_LOCAL_MACHINE
So I can change the CURRENT USER access security settings to Low but it doesn't seem to be doing the job, am I missing something - perhaps the Jet Security Settings which I can't find in CURRENT USER, only in LOCAL MACHINE.
Thanks.
So I can change the CURRENT USER access security settings to Low but it doesn't seem to be doing the job, am I missing something - perhaps the Jet Security Settings which I can't find in CURRENT USER, only in LOCAL MACHINE.
Thanks.
If I'm not mistaken, you must change this in HKEY_LOCAL_MACHINE ... otherwise, your options would be as described above and in the link I provided.
To use the changes in the link I gave you have to modify and save the code as a VBScript file and start the application using that file.
ASKER
Thanks Peter, still not sure how to do that - how can I get my shortcut to run the VBScript file?
To create a shortcut you right click the desktop and select New Shortcut.
ASKER
Ok - so it literally just runs the .vbs file in windows, there's no compiling or software to run the script.
I'll give it a whirl, thanks both.
Alastair.
I'll give it a whirl, thanks both.
Alastair.
ASKER
Hi Peter,
I'm not able to get the script working because it requires you to create a new Access Object:
dim AccApp
Set AccApp = CreateObject("Access.Appli
but as I'm installing on PCs with only the runtime versions I can't CreateObject
Any ideas for a work around?
I'm not able to get the script working because it requires you to create a new Access Object:
dim AccApp
Set AccApp = CreateObject("Access.Appli
but as I'm installing on PCs with only the runtime versions I can't CreateObject
Any ideas for a work around?
Sorry - that slipped by me - I can see you stated it quite clearly in your Q.
The only other solution I know of is to use a digital certificate.
The only other solution I know of is to use a digital certificate.
ASKER
Thanks guys I ended up using this code from http://thespoke.net/blogs/
I then put a button on my user form which prompts them to change their security setting if they see warnings on startup. This works in the runtime version (the option not normally being available in the much limited toolbar).
I'll have problems if a user decides they want to change the settings to High, but I can work round that with education (I think!).
This does raise a couple more questions you may be able to help me with...
I'd really like to be able to hide the button based on the current security setting, no point prompting the user to change it if it's already set to low. Is the only way to do this by reading the LOCAL_MACHINE registry key?
Also, how come they can change the registry entry from within Access using this method, but I can't go into regedit and change it myself?
Thanks again,
Alastair.
I then put a button on my user form which prompts them to change their security setting if they see warnings on startup. This works in the runtime version (the option not normally being available in the much limited toolbar).
I'll have problems if a user decides they want to change the settings to High, but I can work round that with education (I think!).
This does raise a couple more questions you may be able to help me with...
I'd really like to be able to hide the button based on the current security setting, no point prompting the user to change it if it's already set to low. Is the only way to do this by reading the LOCAL_MACHINE registry key?
Also, how come they can change the registry entry from within Access using this method, but I can't go into regedit and change it myself?
Thanks again,
Alastair.
'==============================================
' Sub: openSecurityDialog( )
' Author: Q-Built Solutions; www.QBuilt.com
' Date: 3 Aug. '04
' Note: This sub requires the Microsoft Office 11.0 Library
' as a Reference.
' This sub activates the Macro -> Security submenu to open
' the Macro Security dialog window for the user who is using
' the runtime version of Access '03 instead of the retail version,
' which may need to have the default security level changed in
' order to run the code in the modules.
' Thanks to Victor Escalera, we have the code needed for the
' Spanish version of Access, as well. To use the Spanish version
' just replace the lines marked "English version" with the lines
' marked "Espanol (Spanish version)." Thanks, Victor!
'==============================================
Public Sub openSecurityDialog( )
On Error GoTo ErrHandler
Dim CmdBar As CommandBar
Dim CmdBarPopup As CommandBarPopup
Set CmdBar = Application.CommandBars("Menu Bar")
Set CmdBarPopup = CmdBar.Controls("Tools") ' English version.
'Set CmdBarPopup = CmdBar.Controls("Herramientas") ' Espanol (Spanish version).
Set CmdBarPopup = CmdBarPopup.Controls("Macro")
CmdBarPopup.Controls("Security...").Execute ' English version.
'CmdBarPopup.Controls("Seguridad...").Execute ' Espanol (Spanish version).
CleanUp:
Set CmdBarPopup = Nothing
Set CmdBar = Nothing
Exit Sub
ErrHandler:
MsgBox "Error in openSecurityDialog( )" & vbCrLf & _
"in SecurityFunctions module." & vbCrLf & vbCrLf & _
"Error #" & Err.Number & vbCrLf & Err.Description
Err.Clear
GoTo CleanUp
End Sub ' openSecurityDialog( )ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help guys
See here:
http://office.microsoft.com/en-gb/access/HP010397921033.aspx
Click the ShowAll at the top right to see the relevant code.
The only other option is to use a digital certificate.