A2K3 on Windows Terminal Server

On Wed, 29 Dec 2004 22:53:45 GMT, "David W. Fenton"
<dX********@bway.net.invalid> wrote:

So far I am impressed with the Access 2000 compatibility mode in
Access 2003.

-Tom.

I'm setting up a project for a client on a new Windows Terminal
Server. The application is currently in A2K, but the sysadmin does
not want to install that, he wants to install A2K3, because Office
2K3 is the organization's new standard (they want to be fully
converted within the new calendar year).

What issues will I have, if any, with A2K3 on WTS? Anything
different from A2K? Anything not specific to WTS that I need to know
about A2K3, which I've never used, ever?

David W. Fenton wrote:

I'm setting up a project for a client on a new Windows Terminal
Server. The application is currently in A2K, but the sysadmin does
not want to install that, he wants to install A2K3, because Office
2K3 is the organization's new standard (they want to be fully
converted within the new calendar year).

What issues will I have, if any, with A2K3 on WTS? Anything
different from A2K? Anything not specific to WTS that I need to know
about A2K3, which I've never used, ever?

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc

David,

I've had great success with that particular setup. I develop in A2K,
but one client in particular has been running an A2K FE/A2K BE using
A2K3 on WTS and haven't come across any major problems in over 2 years.
Well, except that I keep forgetting the workgroup administrator is
accessed via Tools|Security and not from a separate program. I like
the fact that A2K3 opens an A2K db and allows new queries, reports,
etc. without having to convert the db.

I have had to make table changes over time via VBA (adding tables with
appropriate security, adding fields, modifying fields) and haven't run
into any issues there once it passed testing on my A2K development
machine. All coding currently in my application has worked fine. BTW,
I still use DAO rather than ADO.

There is still the rare crash/corruption, but that has dropped
dramatically since I convinced them to put the BE on the TServer as
well as the FE. (That was due to intermittent network hiccups that
they never fully resolved, but they only seemed to affect Access
databases.) And when A2K3 does a repair, it makes a copy prior to
running the repair. A nice feature, but I had already learned the hard
way to always make a backup first. (Thanks, Peter Miller.)

I haven't found a case for A2K3 over A2K in my situation, but at least
they work and play very well together.

Tom van Stiphout <no*************@cox.net> wrote in
news:of********************************@4ax.com:

So far I am impressed with the Access 2000 compatibility mode in
Access 2003.

What does that mean?

Can I set it from code?

Can I configure the WTS users to run in A2K compatibility mode
without logging on as each one?

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc

On Thu, 30 Dec 2004 22:55:30 GMT, "David W. Fenton"
<dX********@bway.net.invalid> wrote:

What I meant was, that running an Access2000 application in Access2003
is entirely seamless. No need to set anything. Just really good
backward compatibility from your friends at MSFT.

-Tom.

Tom van Stiphout <no*************@cox.net> wrote in
news:of********************************@4ax.com :

So far I am impressed with the Access 2000 compatibility mode in
Access 2003.

What does that mean?

Can I set it from code?

Can I configure the WTS users to run in A2K compatibility mode
without logging on as each one?

Tom van Stiphout <no*************@cox.net> wrote in
news:q4********************************@4ax.com:

What I meant was, that running an Access2000 application in
Access2003 is entirely seamless. No need to set anything. Just
really good backward compatibility from your friends at MSFT.

What about the code signing thing? Don't you have to turn something
off in Access to get it to stop nagging you about unsafe code
execution?

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc

David W. Fenton wrote:

Tom van Stiphout <no*************@cox.net> wrote in
news:q4********************************@4ax.com:

What I meant was, that running an Access2000 application in
Access2003 is entirely seamless. No need to set anything. Just
really good backward compatibility from your friends at MSFT.

What about the code signing thing? Don't you have to turn something
off in Access to get it to stop nagging you about unsafe code
execution?

Set Macro Security to Low, just like in Word/Excel.

--
This sig left intentionally blank

Trevor Best <no****@besty.org.uk> wrote in
news:41***********************@news.zen.co.uk:

David W. Fenton wrote:

Tom van Stiphout <no*************@cox.net> wrote in
news:q4********************************@4ax.com:

What I meant was, that running an Access2000 application in
Access2003 is entirely seamless. No need to set anything. Just
really good backward compatibility from your friends at MSFT.

What about the code signing thing? Don't you have to turn
something off in Access to get it to stop nagging you about
unsafe code execution?

Set Macro Security to Low, just like in Word/Excel.

Where? Can it be done in code? Can the base installation of Access
be configured this way so that all users inherit that setting when
they log on for the first time?

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc

I've been following this thread, and was going to ask the same question, but
then I thought ... "Now how secure would that be if you could turn off the
security that prevents you running the database (without a message) from the
database?" ... ;)

Darryl Kerkeslager
"David W. Fenton" <dX********@bway.net.invalid> wrote:

Tom van Stiphout <no*************@cox.net> wrote:

Set Macro Security to Low, just like in Word/Excel.

Where? Can it be done in code? Can the base installation of Access
be configured this way so that all users inherit that setting when
they log on for the first time?

David W. Fenton wrote:

Set Macro Security to Low, just like in Word/Excel.

Where? Can it be done in code? Can the base installation of Access
be configured this way so that all users inherit that setting when
they log on for the first time?

I've not tried, I've not looked at 2003 in depth yet.
--
This sig left intentionally blank

On Jan 01 2005, 06:18 pm, "David W. Fenton" <dX********@bway.net.invalid>
wrote in news:Xn**********************************@24.168.1 28.74:

Trevor Best <no****@besty.org.uk> wrote in
news:41***********************@news.zen.co.uk:

Set Macro Security to Low, just like in Word/Excel.

Where? Can it be done in code? Can the base installation of Access
be configured this way so that all users inherit that setting when
they log on for the first time?

Yes, this and practically all other Office settings can be set before
installation, as well as installation states of all Office components. Take
a look at the Deployment Guide in the Office Resource Kit at
http://office.microsoft.com/en-us/as...401921033.aspx

It may take a few hours to read through, and a few more hours to
implement, but it will simplify Office installation and administration a
lot.

As far as the macro security in A2003, there is a workaround for cases when
it is not set to Low, which involves creating an Access instance from an
external launcher and setting a property of the instance that supresses the
warnings. There is a KB article with some sample code - post back if you
can't find it, I'll dig out the link.

And of course, you can always create self-signed certificates and install
them on all machines that will run your application, which is also
described somewhere on MS site.

--
remove a 9 to reply by email

Dimitri Furman wrote:

And of course, you can always create self-signed certificates and install
them on all machines that will run your application, which is also
described somewhere on MS site.

With a certificate, doesn't it come up with a warning anyway?

--
This sig left intentionally blank

I have a problem with the statement that "Access2000 and Access2003 running
is entirely seamless".

My application runs perfectly in Access2000, as source code or as a runtime.
However, the runtime will NOT run on Access 2003. When I try it, the A2003
fails on startup with a runtime error, and when I look at the reasons, it
appears that the MS Access 9.0 Object Library has been replaced with MS
Access 10.0 Object Library, which appears not to be compatible. I have
included the 9.0 library in the installed code, but it makes no difference.
Even when I try to run it from the source code, it fails with the typical
"Missing references" type errors.

It's possible I am doing something stupid, but if I am, I can't get it going
under A2003. I don't have a copy of A2003 developer, so can't distribute
A2003.

Hans Karman, Canberra, Australia
"David W. Fenton" <dX********@bway.net.invalid> wrote in message
news:Xn**********************************@24.168.1 28.74...

Trevor Best <no****@besty.org.uk> wrote in
news:41***********************@news.zen.co.uk:

David W. Fenton wrote:

Tom van Stiphout <no*************@cox.net> wrote in
news:q4********************************@4ax.com:
What I meant was, that running an Access2000 application in
Access2003 is entirely seamless. No need to set anything. Just
really good backward compatibility from your friends at MSFT.
What about the code signing thing? Don't you have to turn
something off in Access to get it to stop nagging you about
unsafe code execution?

Set Macro Security to Low, just like in Word/Excel.

Where? Can it be done in code? Can the base installation of Access
be configured this way so that all users inherit that setting when
they log on for the first time?

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc

On Jan 02 2005, 07:46 am, Trevor Best <no****@besty.org.uk> wrote in
news:41***********************@news.zen.co.uk:

Dimitri Furman wrote:

And of course, you can always create self-signed certificates and
install them on all machines that will run your application, which is
also described somewhere on MS site.

With a certificate, doesn't it come up with a warning anyway?

Yes for Medium and High, but it doesn't happen if you add the author to the
list of Trusted Publishers. It turns out thought that you cannot add a
self-signed certificate to the list of Trusted Publishers on any machine
other than the one where it was created. So this is hardly an option for
application deployment, after all.

--
remove a 9 to reply by email

"Darryl Kerkeslager" <Ke*********@comcast.net> wrote in
news:4Y********************@comcast.com:

I've been following this thread, and was going to ask the same
question, but then I thought ... "Now how secure would that be if
you could turn off the security that prevents you running the
database (without a message) from the database?" ... ;)

It would be just as secure as every single previous version of
Access that has ever existed.

In other words, as far as I'm concerned, a complete non-issue.

This is an area (code signing) where I believe MS has really screwed
up -- the certificates cost way too much for the casual programmer,
who is then forced to use the non-secure methods to run her
applications.

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc

Dimitri Furman <df*****@cloud99.net> wrote in
news:Xn****************************@127.0.0.1:

On Jan 02 2005, 07:46 am, Trevor Best <no****@besty.org.uk> wrote
in news:41***********************@news.zen.co.uk:

Dimitri Furman wrote:

And of course, you can always create self-signed certificates
and install them on all machines that will run your application,
which is also described somewhere on MS site.

With a certificate, doesn't it come up with a warning anyway?

Yes for Medium and High, but it doesn't happen if you add the
author to the list of Trusted Publishers. It turns out thought
that you cannot add a self-signed certificate to the list of
Trusted Publishers on any machine other than the one where it was
created. So this is hardly an option for application deployment,
after all.

If I create the certificate on the Windows Terminal Server, and only
WTS users are using A2K3 to run the app (which is actually in A2K
format), won't that do the job?

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc

David W. Fenton wrote:

It would be just as secure as every single previous version of
Access that has ever existed.

In other words, as far as I'm concerned, a complete non-issue.

This is an area (code signing) where I believe MS has really screwed
up -- the certificates cost way too much for the casual programmer,
who is then forced to use the non-secure methods to run her
applications.

Too true, we're going to get asked if we want to execute msaccess.exe
next because it's an executable and might contain malicious code, oh
hang on, if msaccess.exe (or any exe) is on a network drive and you're
running Win2003 you already do. This is getting far too namby pamby,
what the hell do MS think we have antivirus programs and firewalls for?

Remember that old joke about MS vs GM? When the GM man said a MS airbag
would ask "are you sure?" before deploying? It would be funny if it
wasn't so near the truth.

--
This sig left intentionally blank

Well, I'm glad you started this thread. They've begun [upgrading] all our
PCs (slowly) to XP, and the first user, upon seeing the XP security warning
message, read it just enough to tell me that my application "won't work
anymore". For her, that was it, end of story. Never mind that the actual
message said nothing of the sort; she just saw an unfamiliar message, and
clicked Cancel.
Darryl Kerkeslager

In your install or update program, you can set the following registry values
to prevent the security warning:

If you have Admin rights:
HKLM\Software\Microsoft\Office\11.0\Access\Securit y\; ValueType: dword;
ValueName: Level; ValueData: 1;

If you have User rights:
HKCU\Software\Microsoft\Office\11.0\Access\Securit y\; ValueType: dword;
ValueName: Level; ValueData: 1;

- Steve

"Darryl Kerkeslager" <Ke*********@comcast.net> wrote in message
news:Ad********************@comcast.com...

Well, I'm glad you started this thread. They've begun [upgrading] all our
PCs (slowly) to XP, and the first user, upon seeing the XP security warning message, read it just enough to tell me that my application "won't work
anymore". For her, that was it, end of story. Never mind that the actual
message said nothing of the sort; she just saw an unfamiliar message, and
clicked Cancel.
Darryl Kerkeslager

On Jan 02 2005, 07:47 pm, "David W. Fenton" <dX********@bway.net.invalid>
wrote in news:Xn**********************************@24.168.1 28.78:

Dimitri Furman <df*****@cloud99.net> wrote in
news:Xn****************************@127.0.0.1:

On Jan 02 2005, 07:46 am, Trevor Best <no****@besty.org.uk> wrote
in news:41***********************@news.zen.co.uk:

Dimitri Furman wrote:
And of course, you can always create self-signed certificates
and install them on all machines that will run your application,
which is also described somewhere on MS site.

With a certificate, doesn't it come up with a warning anyway?

Yes for Medium and High, but it doesn't happen if you add the
author to the list of Trusted Publishers. It turns out thought
that you cannot add a self-signed certificate to the list of
Trusted Publishers on any machine other than the one where it was
created. So this is hardly an option for application deployment, after
all.

If I create the certificate on the Windows Terminal Server, and only
WTS users are using A2K3 to run the app (which is actually in A2K
format), won't that do the job?

I suppose it would, although you would have to re-sign on TS every time you
release a new version of the app.

I think that using an external launcher to set AutomationSecurity property
is the most bullet-proof and hassle-free way of addressing macro security.
You can use VBS if you can't compile an executable for any reason. Here are
some details (sample VBS script towards the end):
http://office.microsoft.com/en-us/as...397921033.aspx

--
remove a 9 to reply by email