Access 2010 Security Concern Pop-up

trust the location: C:\ProgramData\SAS\

File --> Options --> Trust Center Settings --> click "Trust Center Settings..." command button --> Trusted Locations on left sidebar menu

Or ...

Hi Crystal,
I have already done this as mentioned in my Environment Section above.  It has no effect.
Thanks,
Bob C.

these settings need to be made on each machine; they are particular to a computer and are not saved with the database

you can also trust publishers

here is a link that may be helpful:
http://www.accessribbon.de/en/?Trust_Center:Trusted_Locations

You should do the Trusted Locations as Crystal suggested.

Hi Joe,
As previously mentioned, the first thing I did was the 'Trusted Location' including 'Sub-Folders'  It had no effect.

I haven't re-booted.  Do I need too?

Hi Crystal,
The links within the link you provided don't work.  The rest of the information is too complicated for me to understand how it is 'Run' and what it does.

Thanks,
Bob C.

Hi Experts,
I just tried a couple of things and they work with Full Access 2010.  They were as follows:
- Deleted and re-added the Trusted Location.
- Changed the Security of the Application Root Folder (SAS) to be Full Control.

I will try with Runtime to see what happens.

Thanks,
Bob C.

Reboot should not be necessary ... normally.

Hi Experts,

My 'solution' also works with Runtime so I guess I have the solution.

I'll just wait a bit before I close off the case.

Thanks,
Bob C.

One method is to use the user's LocalAppData folder - which exists exactly for the purpose - it even works in a Citrix environment:

Deploy and update a Microsoft Access application in a Citrix environment

The ProgramData folder is really for use by applications - to store data not related to users. And your accdb application file is, in this regard, not an application - it is MSAccess.exe that is.

/gustav

Hi Gustav,

The reason I am using 'ProgramData' is because it was recommended by Experts at EE.

It has served well until this issue arose.

Thanks,
Bob C.

Yes, you may be able to tweak anything.

/gustav

Hi Scott / Gustav,

As mentioned previously I am currently (at EE's suggestion) installing to %SystemDrive%\ProgramData\SAS\ with 'SAS' being my Application Root Directory.

I very much appreciate both of your suggestions to change that to use a different Path.  I have also taken a look at the Citrix reference.  Since I am using InstallShield Express 2016 I already have a comprehensive tool to manage the installation and would prefer to continue using it.

My Access application has FE Code (SAS.accde) linked to BE Databases (SAS_DB10.accdb).  If I install to any of the suggested paths it does so at a User Level.  Does this mean there are multiple instances of  the FE and BE Files (one for each 'User')?  If this is correct would there be multiple BE Databases containing the data or only one?   i.e. The BE Database would be in a Non-User specific folder.  How would this be managed?

Thanks,
Bob C.

I would be surprised if InstallShield couldn't handle this.

Yes, using %LocalAppData% will install separate copies for each user.
If users are about to share the backend, it should be located in a shared network folder.

If all users log in on the same machine, you should be able to place the backend in a folder under %AllUsersProfile% (the Program Data folder), though - as Scott mentions - you could also create a folder under C:\ for just this purpose.

/gustav

Hi Crystal / Gustav,

This sounds like the best suggestion so far.  e.g. %SystemDrive%\Users\Public\SAS\. It has Permissions of 'Full Control' so that won't be an issue.  I can't tell whether it is considered a 'Trusted Location' but I assume it is.  If not I do not consider it a big deal to have the Users specify it as 'Trusted'.

Since I am putting the BE here, is there any issue with putting the FE here as well.  It is obviously much easier to have everything in one path.

Thanks,
Bob C.

That should be doable, except if the users have a habit of just "signing on as another user" as this will leave the other user session(s) open.

The safe route is to put the FE in %localappdata%.

/gustav

Hi Gustav,

Good point.  However when I said that multiple Users may use it on the same PC.  It was because I might logon as Bob and a User as User1 but I don't see this as happening concurrently as the FE will be running on the individuals PCs.  My profile on these PCs is to provide administrative assistance.

I'll give it a try (all in %SystemDrive%\Users\Public\SAS\) and provide an update of my results.

Thanks all,
Bob C.

Hi Experts,

Thanks for the update.

I am about to test without it so I expect that I will get a Security Warning.

I haven't used InstallShield to change the Registry but I know it can handle it.

I'll let you know how I make out.

Thanks,
Bob C.

Hi Gustav,

The use of C:\Users\Public\SASInstall\ works perfectly however I still need to add it as a Trusted Location .

I would like to run a Batch Script (.Bat) as part of the install to do this.  Does this make sense?

If it does make sense, in looking at the extract of your Citrix code, what would the code be to do this?

I assume that the 'Call' line has to be replaced by placing the rest of the code in a text file with an extension of .REG and then running that file from within the .Bat or can the commands be made directly from within the .Bat?
' Write Registry entries for Access security.
strRegKey = "HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Access\Security\"
strRegValue = "VBAWarnings"
strRegPath = strRegKey & strRegValue
varValue = 1
Call WriteRegistry(strRegPath, varValue,"REG_DWORD")

strRegKey = strRegKey & "Trusted Locations\LocationLocalAppData\"
strRegValue = "AllowSubfolders"
strRegPath = strRegKey & strRegValue
varValue = 1
Call WriteRegistry(strRegPath, varValue, "REG_DWORD")

Thanks,
Bob C.

Oh, I haven't worked with bat files for decades.

But are you sure that InstallShield cannot set these entries for you? If in doubt, ask support.

If not, I would take the proven VBscript and cut it down to just run the registry settings, then call it from InstallShield. But again, I would believe you don't have to go this route.

/gustav

Hi Gustav,

I'm sure you are correct.  I will contact Flexera if I can't figure it out myself.

In the meantime, do you know what a .REG File would look like to do this?

Thanks,
Bob C.

Yes, but to leave out guessing, the simple method is to manually edit the entry as needed on a test machine, then right-click the entry and select Export. That will neatly save the entry as is as a Reg file.

/gustav

Hi Gustav,

Thanks.  I'll do that.
Bob C.

Hi Scott,

I have an InstallShield Express 2016 Licenced version so it shouldn't be a problem.

Thanks, Bob C.

Hi Experts,

Thanks for all of your suggestions / comments.

In summary what I have done is:
- Used the %SystemDrive%\Users\Public\ folder to contain my Application Files including the Access FE and BE.  This eliminated one part of the Security Warnings since the %SystemDrive%\Users\Public\ Folder has a Permission of 'Full Control'.
- Used Flexera InstallShield Express 2016 to create a Registry Entry to trust the Installation Location and Sub-Folders.  This eliminated the other part of the Security Warnings.

Thanks again,
Bob C.