J.R. Sitman
asked on
Microsoft Access 2003 digital signature won't let database run.
We ship a demo of our database to animal shelters and recently a few of them are getting the message that Access is not digitally signed and the demo won't run. This is critical to the sale of the product. How do I tell the user what to do to get by this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would be very, very leery of advising potential customers to lower their security settings in order to run your product. While Gary and I (and you, most likely) know that lowering the macro security level is not a security threat, the average user is very much averse to doing this.
Is your product digitally signed? In most cases, if your customers are downloading from the Internet it should be so that they can be sure that it's not been attached by a virus/malware.
To do this:
1) Purchase a commercial digital certificate
2) Use that certificate to "sign" your Access project
3) Ship the certificate with your Access project. Generally the installer you use does this for you
When the user runs your install, you should also check to insure that the machine's MSJet level is at least SP8 (this is required for proper functioning). Next, your user will have to "accept" your certificate and enable "sandbox" mode. This is done only one time, and from that point forward your project should run correctly.
Here's a link to some MS articles detailing this:
http://office.microsoft.com/en-us/access/HA011225981033.aspx
http://support.microsoft.com/kb/832510
You also need to insure that you include the necessary registry entries to "timestamp" your certificate, else when it expires (code signing certs expire each year), your user will begin to get messages stating that your certificate is invalid. See this posting on the Comodo forums for the proper Registry keys to set and such:
http://forums.comodo.com/digital_certificates_encryption_and_digital_signing/vba_timestamp-t11654.0.html
A good outlet for buying a commercial certificate:
https://secure.ksoftware.net/code_signing.html
Is your product digitally signed? In most cases, if your customers are downloading from the Internet it should be so that they can be sure that it's not been attached by a virus/malware.
To do this:
1) Purchase a commercial digital certificate
2) Use that certificate to "sign" your Access project
3) Ship the certificate with your Access project. Generally the installer you use does this for you
When the user runs your install, you should also check to insure that the machine's MSJet level is at least SP8 (this is required for proper functioning). Next, your user will have to "accept" your certificate and enable "sandbox" mode. This is done only one time, and from that point forward your project should run correctly.
Here's a link to some MS articles detailing this:
http://office.microsoft.com/en-us/access/HA011225981033.aspx
http://support.microsoft.com/kb/832510
You also need to insure that you include the necessary registry entries to "timestamp" your certificate, else when it expires (code signing certs expire each year), your user will begin to get messages stating that your certificate is invalid. See this posting on the Comodo forums for the proper Registry keys to set and such:
http://forums.comodo.com/digital_certificates_encryption_and_digital_signing/vba_timestamp-t11654.0.html
A good outlet for buying a commercial certificate:
https://secure.ksoftware.net/code_signing.html
ASKER
As a temporary fix so the user can run the demo, how do I even get the the macro security settings to lower it?
Do I just start Access with a blank database?
What if they don't have Access and they are just using the runtime we ship?
Do I just start Access with a blank database?
What if they don't have Access and they are just using the runtime we ship?
You can use code to do this, however their virus/malware programs may catch this.
This link has code, but I've not tried it:
http://www.taylorsnet.co.uk/SourceCodeDetail.aspx?SourceID=15
This link has code, but I've not tried it:
http://www.taylorsnet.co.uk/SourceCodeDetail.aspx?SourceID=15
ASKER
Even though not the greatest idea to lower security, this answer solved my immeiate problem. I don't think we can afford a digital signature. We sell only a few copies and we are non-profit.
http://msdn.microsoft.com/en-us/library/aa141471(office.10).aspx
Gary