On 29 May 2007 04:04:30 -0700,
wazdakka@twcny.rr.com wrote:
Quote:
>I have an Access application developed using Access 2003 that I am
>trying to distribute. I have used the Package and Deployment Wizard
>that comes with the Office 2003 Developers Kit, and have been able to
>successfully distribute the application, with the Access runtime
>included, to several test PCs. Yes, more testing is necessary, but
>one problem is already presenting itself. It is, of course, the hated
>security dialogs regarding "unsafe expressions."
>
>I have read everything I can on this newsgroup about this topic and I
>am frankly still mystified. My objective is to either 1) suppress
>these dialog entirely through some magic of the installation process,
>or 2) to allow the user to do so through a procedure that I can
>document.
>
>My attempts at number one were focused on two registry settings that I
>got out of a post from Albert Kallal on Jun 23 2004. Purportedly,
>"Adding the above two keys to the install makes the runtime install
>real nice as this eliminates any nag prompts when users run my
>applications." However, I don't think Windows XP allows an
>application to set them, because my installer produces the following
>errors: "Could not write value Level to key Local MachineSoftware
>\Microsoft\Office\11.0\Access\Security. Verify you have sufficient
>access to that key or contact support."
|
Obviously the registry is locked on that machine ... was the install done with an Administrator login, or do you know?
Besides, I'm not comfortable altering the security mechanism of a machine without the user's knowledge ... doing that in
the environment I normally deploy to - government installations, including NASA and the Naval Research Labs, as well as
several very secretive aerospace companies - would result in the immediate removal of my software, and would lose me
several very valuable customers ... not something I cherish <g>.
Quote:
>My attempts at number two led me to digitally sign my app using
>selfcert.exe. When installing, I now get another dialog telling me
>that app has been digitally signed, and allowing me to install the
>certificate. There is a checkbox that says "always trust content from
>XXX and open automatically," which I thought was going to take care of
>the problem. Unfortunately, after going through all those motions on
>a target PC, I still get the two dialogs about the application
>containing unsafe expressions.
|
Did you make sure the target machine had Jet SP8 installed, and that the users answered the security questions
correctly? This tends to be the step that's overlooked ...
See this resource for info on dealing with the security warnings:
http://office.microsoft.com/en-us/ac...5981033.aspx#0
Regarding self-certificates, here's what MS has to say about them:
(
http://office.microsoft.com/en-us/ac...397921033.aspx)
Quote:
Because a digital certificate you create yourself isn't issued by a formal certification authority, VBA projects signed
by using such a certificate are referred to as self-signed projects. Certificates you create yourself are considered
unauthenticated and will generate a warning in the Security Warning box if the security level is set to High or Medium.
Microsoft Office will only trust a self-signed certificate on a computer that has the private key for that certificate
available (generally, only the computer that actually created the certificate, unless the private key is shared with
other computers).
As you can see, self certiciates are not the best method to use if you plan on deploying this to other machines; in
order to be truly effective at disabling the security warnings, you'd have to distribute the private key that was used
to create it, and that pretty much means that anyone could use that certificate to sign a project ... not something I'd
want my name attached to.
Comodo (
www.instantssl.com) is a good source for inexpensive commercial certs.
Remember also that any updates or new deployments will need to be signed with the SAME certificate ... otherwise the
user would have to go through the process again.
Scott McDaniel
scott@takemeout_infotrakker.com www.infotrakker.com 
