By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,149 Members | 885 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,149 IT Pros & Developers. It's quick & easy.

Access 2003 security

P: n/a
I distribute some Access 2K applications as mde files using the Access2K
runtime.
Now that I am thinking of updating to Access 2003 I find that, when I launch
an mde file, I get a number of warning messages about macros and security
which are a nuisance to the users.
Is there any way of avoiding these messages?
Alec
Nov 13 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
Paradigm wrote:
I distribute some Access 2K applications as mde files using the Access2K
runtime.
Now that I am thinking of updating to Access 2003 I find that, when I launch
an mde file, I get a number of warning messages about macros and security
which are a nuisance to the users.
Is there any way of avoiding these messages?
Alec


What I do is use selfcert.exe to create a digital signature that can be
applied to the mdb file. Another twist I came across recently was that
for a certain machine I had to run mmc (Microsoft Management Console)
using the Add/Remove Snap-in option to drag and drop the digital
signature into a Trusted Certificates category. So far I have been
able to get rid of all the warnings. Only a few machines have needed
the digital signature fix so I create the digital signature with the
user's name. I haven't had to do this in a more automated way yet. I
hope this helps.

James A. Fortune

Nov 13 '05 #2

P: n/a
ji********@compumarc.com wrote:
Paradigm wrote:
I distribute some Access 2K applications as mde files using the Access2K
runtime.
Now that I am thinking of updating to Access 2003 I find that, when I launch
an mde file, I get a number of warning messages about macros and security
which are a nuisance to the users.
Is there any way of avoiding these messages?
Alec

What I do is use selfcert.exe to create a digital signature that can be
applied to the mdb file. Another twist I came across recently was that
for a certain machine I had to run mmc (Microsoft Management Console)
using the Add/Remove Snap-in option to drag and drop the digital
signature into a Trusted Certificates category. So far I have been
able to get rid of all the warnings. Only a few machines have needed
the digital signature fix so I create the digital signature with the
user's name. I haven't had to do this in a more automated way yet. I
hope this helps.

James A. Fortune


James, you have selfcert.exe generated certs to work on PCs other than the one the cert
was generated on? That's not supposed to happen...

The "proper" procedure is to get a cert from a Certificate Authority but the cost/process
may be unreasonable for some applications.

There are work arounds ranging from modifying registry settings (that is considered rude
to do to a customer/client without their approval) to using Automation to start Access and
modify the security settings for the immediate session.

If you search this group on "macro security 2003" you should get lots of info.

--
'---------------
'John Mishefske
'---------------
Nov 13 '05 #3

P: n/a
ji********@compumarc.com wrote:
Paradigm wrote:
I distribute some Access 2K applications as mde files using the Access2K
runtime.
Now that I am thinking of updating to Access 2003 I find that, when I launch
an mde file, I get a number of warning messages about macros and security
which are a nuisance to the users.
Is there any way of avoiding these messages?
Alec

What I do is use selfcert.exe to create a digital signature that can be
applied to the mdb file. Another twist I came across recently was that
for a certain machine I had to run mmc (Microsoft Management Console)
using the Add/Remove Snap-in option to drag and drop the digital
signature into a Trusted Certificates category. So far I have been
able to get rid of all the warnings. Only a few machines have needed
the digital signature fix so I create the digital signature with the
user's name. I haven't had to do this in a more automated way yet. I
hope this helps.

James A. Fortune


James, you have selfcert.exe generated certs to work on PCs other than the one the cert
was generated on? That's not supposed to happen...

The "proper" procedure is to get a cert from a Certificate Authority but the cost/process
may be unreasonable for some applications.

There are work arounds ranging from modifying registry settings (that is considered rude
to do to a customer/client without their approval) to using Automation to start Access and
modify the security settings for the immediate session.

If you search this group on "macro security 2003" you should get lots of info.

--
'---------------
'John Mishefske
'---------------
Nov 13 '05 #4

P: n/a
John Mishefske wrote:

James, you have selfcert.exe generated certs to work on PCs other than the one the cert
was generated on? That's not supposed to happen...
I'm sorry for being unclear on this point. I use selfcert.exe on the
target PC. After that, I usually modify the mdb by importing the
changes rather than compacting so that I don't have to create the
Digital Signature again.
The "proper" procedure is to get a cert from a Certificate Authority but the cost/process
may be unreasonable for some applications.
I'm not aware of any EULA's being violated by using selfcert.exe. For
a custom app selfcert.exe seems quite "proper." I certainly trust the
author :-). In what situations would a cert from a Certificate
Authority be useful?
There are work arounds ranging from modifying registry settings (that is considered rude
to do to a customer/client without their approval) to using Automation to start Access and
modify the security settings for the immediate session.
I definitely don't want to change any registry settings. With
selfcert.exe I don't have to change the security settings at all.
If you search this group on "macro security 2003" you should get lots of info.


That's a possibility. I'm more interested in why I had to do the
Trusted Sources for only one particular machine.

James A. Fortune

Nov 13 '05 #5

P: n/a
John Mishefske wrote:

James, you have selfcert.exe generated certs to work on PCs other than the one the cert
was generated on? That's not supposed to happen...
I'm sorry for being unclear on this point. I use selfcert.exe on the
target PC. After that, I usually modify the mdb by importing the
changes rather than compacting so that I don't have to create the
Digital Signature again.
The "proper" procedure is to get a cert from a Certificate Authority but the cost/process
may be unreasonable for some applications.
I'm not aware of any EULA's being violated by using selfcert.exe. For
a custom app selfcert.exe seems quite "proper." I certainly trust the
author :-). In what situations would a cert from a Certificate
Authority be useful?
There are work arounds ranging from modifying registry settings (that is considered rude
to do to a customer/client without their approval) to using Automation to start Access and
modify the security settings for the immediate session.
I definitely don't want to change any registry settings. With
selfcert.exe I don't have to change the security settings at all.
If you search this group on "macro security 2003" you should get lots of info.


That's a possibility. I'm more interested in why I had to do the
Trusted Sources for only one particular machine.

James A. Fortune

Nov 13 '05 #6

P: n/a
ji********@compumarc.com wrote:
John Mishefske wrote:

James, you have selfcert.exe generated certs to work on PCs other than the one the cert
was generated on? That's not supposed to happen...

I'm sorry for being unclear on this point. I use selfcert.exe on the
target PC. After that, I usually modify the mdb by importing the
changes rather than compacting so that I don't have to create the
Digital Signature again.


Ahh.. I see. I haven't tried that...
The "proper" procedure is to get a cert from a Certificate Authority but the cost/process
may be unreasonable for some applications.

I'm not aware of any EULA's being violated by using selfcert.exe. For
a custom app selfcert.exe seems quite "proper." I certainly trust the
author :-). In what situations would a cert from a Certificate
Authority be useful?


Didn't mean to imply anything nefarious; only that Microsoft would encourage you to follow
a procdure to get a cert. I don't do it since my clients aren't interested in the extra
expense and lack of benefits for our particular market.
There are work arounds ranging from modifying registry settings (that is considered rude
to do to a customer/client without their approval) to using Automation to start Access and
modify the security settings for the immediate session.

I definitely don't want to change any registry settings. With
selfcert.exe I don't have to change the security settings at all.


Agreed.
If you search this group on "macro security 2003" you should get lots of info.

That's a possibility. I'm more interested in why I had to do the
Trusted Sources for only one particular machine.


Not sure about that; perhaps someone reading this has experienced this problem and
identified the cause?

--
'---------------
'John Mishefske
'---------------
Nov 13 '05 #7

P: n/a
ji********@compumarc.com wrote:
John Mishefske wrote:

James, you have selfcert.exe generated certs to work on PCs other than the one the cert
was generated on? That's not supposed to happen...

I'm sorry for being unclear on this point. I use selfcert.exe on the
target PC. After that, I usually modify the mdb by importing the
changes rather than compacting so that I don't have to create the
Digital Signature again.


Ahh.. I see. I haven't tried that...
The "proper" procedure is to get a cert from a Certificate Authority but the cost/process
may be unreasonable for some applications.

I'm not aware of any EULA's being violated by using selfcert.exe. For
a custom app selfcert.exe seems quite "proper." I certainly trust the
author :-). In what situations would a cert from a Certificate
Authority be useful?


Didn't mean to imply anything nefarious; only that Microsoft would encourage you to follow
a procdure to get a cert. I don't do it since my clients aren't interested in the extra
expense and lack of benefits for our particular market.
There are work arounds ranging from modifying registry settings (that is considered rude
to do to a customer/client without their approval) to using Automation to start Access and
modify the security settings for the immediate session.

I definitely don't want to change any registry settings. With
selfcert.exe I don't have to change the security settings at all.


Agreed.
If you search this group on "macro security 2003" you should get lots of info.

That's a possibility. I'm more interested in why I had to do the
Trusted Sources for only one particular machine.


Not sure about that; perhaps someone reading this has experienced this problem and
identified the cause?

--
'---------------
'John Mishefske
'---------------
Nov 13 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.