Solved

Can 'trusted locations' be set via automation?

Posted on 2011-09-27
23
572 Views
Last Modified: 2012-05-12
We will soon be using the Access2007 runtime to run database applications on Citrix.  

Each user will have a front end copy of each database on their 'M:\apps' folder.  The Access run time will be installed on the citrix server.

In testing this, I see of no ('easy') way of setting this as a trusted location, short of a registry hack that I have seen in other posts.

Is anyone using automation to set a trusted network location for access databases? If so, how please?

Can it be done with 'group policy' or via a login script? (other ideas I have read, but don't fully understand.)

Lastly:  The citrix server is currently running a full version of Office 2000, including Access 2000.  It will soon be updated to Microsoft Office 2010 Standard.  Until then Access 2000 will be on there, but  is it ok to install the Access2007 runtime and have it co-habitate with Access 2000 so I can really test using the run time?  Or will that cause conflicts, (having both...) etc...


Thanks
0
Comment
Question by:snyperj
  • 8
  • 7
  • 4
  • +2
23 Comments
 
LVL 84
ID: 36710013
There is no UI convention in the Runtime to set Trusted Locations. You'd have to do so via code (i.e. your registry hack).

< is it ok to install the Access2007 runtime and have it co-habitate with Access 2000 so I can really test using the run time?  Or will that cause conflicts, (having both...) etc...>

2007/2010 do NOT play well with earlier versions, and that includes the Runtime versions. Unless those running Access 2000 need design-time functionality, then remove Access 2000 from those machines, or at the very least make it difficult for the users to get there (i.e. remove shortcuts, etc etc, rename the msaccess.exe executable for the 2000 version, etc). Then install the 2007 Runtime and associate it with all known Access extensions (this should be done automatically during install).

0
 
LVL 75
ID: 36710724
snyperj:
Did you see the posts I made and the answer Nick came up with in your Q from yesterday - at the bottom ?

http://www.experts-exchange.com/Microsoft/Development/MS_Access/Q_27326491.html?cid=1135#a36600039

mx
0
 
LVL 26

Expert Comment

by:Nick67
ID: 36711103
You have an IT department.
One way to get apps to run without hassle is reghacking the Trust Center.
Another is to have the app digitally signed.
There is Group Policy, which can push out settings, too.
http://technet.microsoft.com/en-us/library/cc179039.aspx

You cannot use VBA to push the Trust Center locations because what use would the trust center be against viruses then?
It should be possible to create a .reg file that will get merged to the registry of the RDP box when the user logs on as part of a login script.
There are lots of options.
None of them are dead simple.
0
 
LVL 84
ID: 36711685
You can also just use the standard Registry API to do this:

http://support.microsoft.com/kb/145679

I've used code similar to this for quite some time to manipulate registry settings from within VB/VBA applications, and it works on every platform I've tested. Basically you just check for the existence of the reg keys when starting the app, and create them if they do not exist (probably be wise to inform the user that they'll have to restart their app in order for the reg modifications to work correctly).

And be very careful working with the registry. Slipups here can cause a lot of trouble, and even cause the machine to be non-bootable.

0
 

Author Comment

by:snyperj
ID: 36711733
"Did you see the posts I made and the answer Nick came up with in your Q from yesterday - at the bottom ?"

No, I manually check in on all of my posts because, despite several calls to our "IT Department",  ee generated emails do not clear our spam folder- so I never see them.  Once I get my answer and award the points I never check the post again... but I just read it now.  Thanks.

"You have an IT Department"
Yes, but they are not overly flexible and see Access db's as old technology in a web enabled world and don't want to even have conversations about them- much less research for solutions related to issues with them.

So I try to do all the research myself so that I can then go in and say, "this is all you have to do, blah, blah, blah... put this in everyones login script"  or  "put this in group policy", etc.  

Monumental waste of time for me (because I don't understand a lot of it)  but if I don't do it ...nothing will happen.

So I ask questions here, follow links, read, compile, try to learn. Then fake it the best I can.

and sometimes it works.



0
 
LVL 26

Expert Comment

by:Nick67
ID: 36711821
<ee generated emails do not clear our spam folder- so I never see them>
You can try replying to noreply@experts-exchange.com
Most spam software whitelists anything you send mail to.
<Once I get my answer and award the points I never check the post again>
LMAO
ROFL
(not at you)
You should go back and check you Avoiding Nulls question to see what became of it
<grin>
<wide grin at @mx>
0
 
LVL 75
ID: 36711827
IT .... yep ... I GET it :-)

mx
0
 

Author Comment

by:snyperj
ID: 36712005

"You should go back and check you Avoiding Nulls question to see what became of it"

wow. makes me feel sorry I even asked.

I did inquire as to what was behind the ' no nulls' directive.  Still no answer back- so probably nothing behind it.
0
 
LVL 26

Expert Comment

by:Nick67
ID: 36712033
<wow. makes me feel sorry I even asked.>
It was...diverting, even if it did get a little out of hand.
And it was a good discussion of null and normalizing with lots of good links to useful resources.

I think anybody else coming across it would find it...enlightening
<grin>
0
 
LVL 57
ID: 36716742
<<I think anybody else coming across it would find it...enlightening>>

 Well your on the record now; not sure if I tweeted it or posted it to Linked In or both, but I remember posting it somewhere.  Quite interesting.

Jim.
0
 
LVL 26

Expert Comment

by:Nick67
ID: 36717819
@JDettman
<Well your on the record now; not sure if I tweeted it or posted it to Linked In or both, but I remember posting it somewhere.  Quite interesting.>

?

Nick67
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 75
ID: 36717988
Guess we are all on record then!

mx
0
 
LVL 57
ID: 36718207
<<@JDettman
<Well your on the record now; not sure if I tweeted it or posted it to Linked In or both, but I remember posting it somewhere.  Quite interesting.>

?>>

  You may or may not have noticed it, but there is a new share bar at the bottom of each question:

 Screen shot 1
 There is also the abilty to share a single comment:

 screen shot 2

 These are then published on the social media sites you select with a logged in view so non EE members can see them.

  This is even more incentive to get an Expert Discussion going, but I think I have some even better ideas for that, which I'm developing.

Jim.
0
 
LVL 26

Expert Comment

by:Nick67
ID: 36718247
<Quite interesting.>
Hopefully that was a good thing.
0
 
LVL 26

Accepted Solution

by:
Nick67 earned 500 total points
ID: 36897503
Looks like it is a simple as
regedit.exe /s trust.reg
being added to the login script, where trust.reg is the file attched, edited for your own requirements and placed in the netlogon share
http://support.microsoft.com/kb/310516
trust.reg
0
 
LVL 75
ID: 36897519
Sweet. Is that set to include Subfolders.  
Also need "Allow Trusted Locations on my Network" - for one of the two entries I have to make.

0
 
LVL 26

Expert Comment

by:Nick67
ID: 36897572
Set everything on a machine with the full install.  Do a find for the key noted in the file in the registry and then export the whole key.
0
 
LVL 75
ID: 36897590
Yeah ... I just found the key on my A2010 system.  I see what's happening now.

I'm gonna create a small Access mdb with just the code that will auto run the script when it loads, then close (with appropriate error trapping of course).  I will then add to my Database Loader - and each user can run it one time - prior to me finally 'activating' A2010 on each users system. All users now have O2010 and Access is there, just not set to 'Run From Computer'. So, I just need to go to Add/Remove programs >>O2010>> and change that setting, and A2010 will replace A2003.  IT did a GREAT job setting this all up a while back earlier this year.

I owe you :-)

thx.mx
0
 
LVL 75
ID: 36897596
0
 

Author Comment

by:snyperj
ID: 36912843
This looks great, but I am a little confused on the screen shots.  

Is it showing three subfolder locations (Location0,Location1,Location2) because you have three different folders to trust?  

In my case, I need it to trust the users network folder which is going to be M:\Apps and then all subfolders off of that.

The actual share would be:

\\SERVER1\USERNAME$\Apps

but it maps to M:\Apps
0
 
LVL 75
ID: 36912931
"Is it showing three subfolder locations (Location0,Location1,Location2) because you have three different folders to trust?   "

Yes. Exactly.

"Is it showing three subfolder locations (Location0,Location1,Location2) because you have three different folders to trust?   "
The first screenshot shows that fact that the "Allow Trusted Locations on my network .." setting is True.

mx
0
 

Author Closing Comment

by:snyperj
ID: 36913281
Thank you for this Nick and particularly like the KB link.  Very helpful.   Thanks MX for your contribution to this discussion. As always, very helpful.
0
 
LVL 26

Expert Comment

by:Nick67
ID: 36913864
@snyperj
Did you get your anti-spam issue sorted out so you get notifications through?
ANother way around that would be to create a hotmail account just for EE and have it forward everything to work email.

Nick67
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Regardless of which version on MS Access you are using, one of the harder data-entry forms to create is one where most data from previous entries needs to be appended to new records, especially when there are numerous fields and records involved.  W…
A simple tool to export all objects of two Access files as text and compare it with Meld, a free diff tool.
In Microsoft Access, learn different ways of passing a string value within a string argument. Also learn what a “Type Mis-match” error is about.
In Microsoft Access, learn the trick to repeating sub-report headings at the top of each page. The problem with sub-reports and headings: Add a dummy group to the sub report using the expression =1: Set the “Repeat Section” property of the dummy…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now