Bob Collison
asked on
Access 2010 Security Concern Pop-up
Hi Experts,
I am receiving the following message after installing my application on another PC via InstallShield Express 2016 that I create.
'A potential security concern has been identified.'
Environment
Windows 7 Pro 32 Or 64 Bit
Access 2010 or Access 2010 Runtime
Separate Access 2010 FE and BE on same PC in C:\ProgramData\SAS\
Trust Centre has the above location as a Trusted Location including Sub-Folders.
I have a very small company and cannot afford the price of a Digital Certificate.
In searching for a solution I came across the code in the attached file but for a different Application that can be run to modify the Register. I have changed the Extension to .txt from .reg.
1. Is there a solution that I can provide the average User with to stop this message?
2. Could the contents of the attached solution be modified to work with Access 2010? If yes I could run it from a Shortcut or during installation.
Thanks,
Bob C.
Add_pta_Trusted_Office14_2010_runtim.txt
I am receiving the following message after installing my application on another PC via InstallShield Express 2016 that I create.
'A potential security concern has been identified.'
Environment
Windows 7 Pro 32 Or 64 Bit
Access 2010 or Access 2010 Runtime
Separate Access 2010 FE and BE on same PC in C:\ProgramData\SAS\
Trust Centre has the above location as a Trusted Location including Sub-Folders.
I have a very small company and cannot afford the price of a Digital Certificate.
In searching for a solution I came across the code in the attached file but for a different Application that can be run to modify the Register. I have changed the Extension to .txt from .reg.
1. Is there a solution that I can provide the average User with to stop this message?
2. Could the contents of the attached solution be modified to work with Access 2010? If yes I could run it from a Shortcut or during installation.
Thanks,
Bob C.
Add_pta_Trusted_Office14_2010_runtim.txt
ASKER
Hi Crystal,
I have already done this as mentioned in my Environment Section above. It has no effect.
Thanks,
Bob C.
I have already done this as mentioned in my Environment Section above. It has no effect.
Thanks,
Bob C.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
these settings need to be made on each machine; they are particular to a computer and are not saved with the database
you can also trust publishers
here is a link that may be helpful:
http://www.accessribbon.de/en/?Trust_Center:Trusted_Locations
you can also trust publishers
here is a link that may be helpful:
http://www.accessribbon.de/en/?Trust_Center:Trusted_Locations
You should do the Trusted Locations as Crystal suggested.
ASKER
Hi Joe,
As previously mentioned, the first thing I did was the 'Trusted Location' including 'Sub-Folders' It had no effect.
I haven't re-booted. Do I need too?
Hi Crystal,
The links within the link you provided don't work. The rest of the information is too complicated for me to understand how it is 'Run' and what it does.
Thanks,
Bob C.
As previously mentioned, the first thing I did was the 'Trusted Location' including 'Sub-Folders' It had no effect.
I haven't re-booted. Do I need too?
Hi Crystal,
The links within the link you provided don't work. The rest of the information is too complicated for me to understand how it is 'Run' and what it does.
Thanks,
Bob C.
ASKER
Hi Experts,
I just tried a couple of things and they work with Full Access 2010. They were as follows:
- Deleted and re-added the Trusted Location.
- Changed the Security of the Application Root Folder (SAS) to be Full Control.
I will try with Runtime to see what happens.
Thanks,
Bob C.
I just tried a couple of things and they work with Full Access 2010. They were as follows:
- Deleted and re-added the Trusted Location.
- Changed the Security of the Application Root Folder (SAS) to be Full Control.
I will try with Runtime to see what happens.
Thanks,
Bob C.
Reboot should not be necessary ... normally.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Experts,
My 'solution' also works with Runtime so I guess I have the solution.
I'll just wait a bit before I close off the case.
Thanks,
Bob C.
My 'solution' also works with Runtime so I guess I have the solution.
I'll just wait a bit before I close off the case.
Thanks,
Bob C.
One method is to use the user's LocalAppData folder - which exists exactly for the purpose - it even works in a Citrix environment:
Deploy and update a Microsoft Access application in a Citrix environment
The ProgramData folder is really for use by applications - to store data not related to users. And your accdb application file is, in this regard, not an application - it is MSAccess.exe that is.
/gustav
Deploy and update a Microsoft Access application in a Citrix environment
The ProgramData folder is really for use by applications - to store data not related to users. And your accdb application file is, in this regard, not an application - it is MSAccess.exe that is.
/gustav
ASKER
Hi Gustav,
The reason I am using 'ProgramData' is because it was recommended by Experts at EE.
It has served well until this issue arose.
Thanks,
Bob C.
The reason I am using 'ProgramData' is because it was recommended by Experts at EE.
It has served well until this issue arose.
Thanks,
Bob C.
Yes, you may be able to tweak anything.
/gustav
/gustav
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Scott / Gustav,
As mentioned previously I am currently (at EE's suggestion) installing to %SystemDrive%\ProgramData\ SAS\ with 'SAS' being my Application Root Directory.
I very much appreciate both of your suggestions to change that to use a different Path. I have also taken a look at the Citrix reference. Since I am using InstallShield Express 2016 I already have a comprehensive tool to manage the installation and would prefer to continue using it.
My Access application has FE Code (SAS.accde) linked to BE Databases (SAS_DB10.accdb). If I install to any of the suggested paths it does so at a User Level. Does this mean there are multiple instances of the FE and BE Files (one for each 'User')? If this is correct would there be multiple BE Databases containing the data or only one? i.e. The BE Database would be in a Non-User specific folder. How would this be managed?
Thanks,
Bob C.
As mentioned previously I am currently (at EE's suggestion) installing to %SystemDrive%\ProgramData\
I very much appreciate both of your suggestions to change that to use a different Path. I have also taken a look at the Citrix reference. Since I am using InstallShield Express 2016 I already have a comprehensive tool to manage the installation and would prefer to continue using it.
My Access application has FE Code (SAS.accde) linked to BE Databases (SAS_DB10.accdb). If I install to any of the suggested paths it does so at a User Level. Does this mean there are multiple instances of the FE and BE Files (one for each 'User')? If this is correct would there be multiple BE Databases containing the data or only one? i.e. The BE Database would be in a Non-User specific folder. How would this be managed?
Thanks,
Bob C.
I would be surprised if InstallShield couldn't handle this.
Yes, using %LocalAppData% will install separate copies for each user.
If users are about to share the backend, it should be located in a shared network folder.
If all users log in on the same machine, you should be able to place the backend in a folder under %AllUsersProfile% (the Program Data folder), though - as Scott mentions - you could also create a folder under C:\ for just this purpose.
/gustav
Yes, using %LocalAppData% will install separate copies for each user.
If users are about to share the backend, it should be located in a shared network folder.
If all users log in on the same machine, you should be able to place the backend in a folder under %AllUsersProfile% (the Program Data folder), though - as Scott mentions - you could also create a folder under C:\ for just this purpose.
/gustav
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Crystal / Gustav,
This sounds like the best suggestion so far. e.g. %SystemDrive%\Users\Public \SAS\. It has Permissions of 'Full Control' so that won't be an issue. I can't tell whether it is considered a 'Trusted Location' but I assume it is. If not I do not consider it a big deal to have the Users specify it as 'Trusted'.
Since I am putting the BE here, is there any issue with putting the FE here as well. It is obviously much easier to have everything in one path.
Thanks,
Bob C.
This sounds like the best suggestion so far. e.g. %SystemDrive%\Users\Public
Since I am putting the BE here, is there any issue with putting the FE here as well. It is obviously much easier to have everything in one path.
Thanks,
Bob C.
That should be doable, except if the users have a habit of just "signing on as another user" as this will leave the other user session(s) open.
The safe route is to put the FE in %localappdata%.
/gustav
The safe route is to put the FE in %localappdata%.
/gustav
ASKER
Hi Gustav,
Good point. However when I said that multiple Users may use it on the same PC. It was because I might logon as Bob and a User as User1 but I don't see this as happening concurrently as the FE will be running on the individuals PCs. My profile on these PCs is to provide administrative assistance.
I'll give it a try (all in %SystemDrive%\Users\Public \SAS\) and provide an update of my results.
Thanks all,
Bob C.
Good point. However when I said that multiple Users may use it on the same PC. It was because I might logon as Bob and a User as User1 but I don't see this as happening concurrently as the FE will be running on the individuals PCs. My profile on these PCs is to provide administrative assistance.
I'll give it a try (all in %SystemDrive%\Users\Public
Thanks all,
Bob C.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Experts,
Thanks for the update.
I am about to test without it so I expect that I will get a Security Warning.
I haven't used InstallShield to change the Registry but I know it can handle it.
I'll let you know how I make out.
Thanks,
Bob C.
Thanks for the update.
I am about to test without it so I expect that I will get a Security Warning.
I haven't used InstallShield to change the Registry but I know it can handle it.
I'll let you know how I make out.
Thanks,
Bob C.
ASKER
Hi Gustav,
The use of C:\Users\Public\SASInstall \ works perfectly however I still need to add it as a Trusted Location .
I would like to run a Batch Script (.Bat) as part of the install to do this. Does this make sense?
If it does make sense, in looking at the extract of your Citrix code, what would the code be to do this?
I assume that the 'Call' line has to be replaced by placing the rest of the code in a text file with an extension of .REG and then running that file from within the .Bat or can the commands be made directly from within the .Bat?
' Write Registry entries for Access security.
strRegKey = "HKEY_CURRENT_USER\Softwar e\Microsof t\Office\1 4.0\Access \Security\ "
strRegValue = "VBAWarnings"
strRegPath = strRegKey & strRegValue
varValue = 1
Call WriteRegistry(strRegPath, varValue,"REG_DWORD")
strRegKey = strRegKey & "Trusted Locations\LocationLocalApp Data\"
strRegValue = "AllowSubfolders"
strRegPath = strRegKey & strRegValue
varValue = 1
Call WriteRegistry(strRegPath, varValue, "REG_DWORD")
Thanks,
Bob C.
The use of C:\Users\Public\SASInstall
I would like to run a Batch Script (.Bat) as part of the install to do this. Does this make sense?
If it does make sense, in looking at the extract of your Citrix code, what would the code be to do this?
I assume that the 'Call' line has to be replaced by placing the rest of the code in a text file with an extension of .REG and then running that file from within the .Bat or can the commands be made directly from within the .Bat?
' Write Registry entries for Access security.
strRegKey = "HKEY_CURRENT_USER\Softwar
strRegValue = "VBAWarnings"
strRegPath = strRegKey & strRegValue
varValue = 1
Call WriteRegistry(strRegPath, varValue,"REG_DWORD")
strRegKey = strRegKey & "Trusted Locations\LocationLocalApp
strRegValue = "AllowSubfolders"
strRegPath = strRegKey & strRegValue
varValue = 1
Call WriteRegistry(strRegPath, varValue, "REG_DWORD")
Thanks,
Bob C.
Oh, I haven't worked with bat files for decades.
But are you sure that InstallShield cannot set these entries for you? If in doubt, ask support.
If not, I would take the proven VBscript and cut it down to just run the registry settings, then call it from InstallShield. But again, I would believe you don't have to go this route.
/gustav
But are you sure that InstallShield cannot set these entries for you? If in doubt, ask support.
If not, I would take the proven VBscript and cut it down to just run the registry settings, then call it from InstallShield. But again, I would believe you don't have to go this route.
/gustav
ASKER
Hi Gustav,
I'm sure you are correct. I will contact Flexera if I can't figure it out myself.
In the meantime, do you know what a .REG File would look like to do this?
Thanks,
Bob C.
I'm sure you are correct. I will contact Flexera if I can't figure it out myself.
In the meantime, do you know what a .REG File would look like to do this?
Thanks,
Bob C.
Yes, but to leave out guessing, the simple method is to manually edit the entry as needed on a test machine, then right-click the entry and select Export. That will neatly save the entry as is as a Reg file.
/gustav
/gustav
ASKER
Hi Gustav,
Thanks. I'll do that.
Bob C.
Thanks. I'll do that.
Bob C.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Scott,
I have an InstallShield Express 2016 Licenced version so it shouldn't be a problem.
Thanks, Bob C.
I have an InstallShield Express 2016 Licenced version so it shouldn't be a problem.
Thanks, Bob C.
ASKER
Hi Experts,
Thanks for all of your suggestions / comments.
In summary what I have done is:
- Used the %SystemDrive%\Users\Public \ folder to contain my Application Files including the Access FE and BE. This eliminated one part of the Security Warnings since the %SystemDrive%\Users\Public \ Folder has a Permission of 'Full Control'.
- Used Flexera InstallShield Express 2016 to create a Registry Entry to trust the Installation Location and Sub-Folders. This eliminated the other part of the Security Warnings.
Thanks again,
Bob C.
Thanks for all of your suggestions / comments.
In summary what I have done is:
- Used the %SystemDrive%\Users\Public
- Used Flexera InstallShield Express 2016 to create a Registry Entry to trust the Installation Location and Sub-Folders. This eliminated the other part of the Security Warnings.
Thanks again,
Bob C.
File --> Options --> Trust Center Settings --> click "Trust Center Settings..." command button --> Trusted Locations on left sidebar menu