By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
464,825 Members | 974 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 464,825 IT Pros & Developers. It's quick & easy.

Suppressing security dialogs when app opens

P: n/a
I have an Access application developed using Access 2003 that I am
trying to distribute. I have used the Package and Deployment Wizard
that comes with the Office 2003 Developers Kit, and have been able to
successfully distribute the application, with the Access runtime
included, to several test PCs. Yes, more testing is necessary, but
one problem is already presenting itself. It is, of course, the hated
security dialogs regarding "unsafe expressions."

I have read everything I can on this newsgroup about this topic and I
am frankly still mystified. My objective is to either 1) suppress
these dialog entirely through some magic of the installation process,
or 2) to allow the user to do so through a procedure that I can
document.

My attempts at number one were focused on two registry settings that I
got out of a post from Albert Kallal on Jun 23 2004. Purportedly,
"Adding the above two keys to the install makes the runtime install
real nice as this eliminates any nag prompts when users run my
applications." However, I don't think Windows XP allows an
application to set them, because my installer produces the following
errors: "Could not write value Level to key Local MachineSoftware
\Microsoft\Office\11.0\Access\Security. Verify you have sufficient
access to that key or contact support."

My attempts at number two led me to digitally sign my app using
selfcert.exe. When installing, I now get another dialog telling me
that app has been digitally signed, and allowing me to install the
certificate. There is a checkbox that says "always trust content from
XXX and open automatically," which I thought was going to take care of
the problem. Unfortunately, after going through all those motions on
a target PC, I still get the two dialogs about the application
containing unsafe expressions.

How on earth can I suppress these things? Again, I am content to
force the user to take action to "trust" the application, as long as I
can adequately document the procedure.

Any help on this topic is very much appreciated, as I am at my whit's
end with it!

Dan

May 29 '07 #1
Share this Question
Share on Google+
4 Replies

P: n/a
On 29 May 2007 04:04:30 -0700, wa******@twcny.rr.com wrote:
>I have an Access application developed using Access 2003 that I am
trying to distribute. I have used the Package and Deployment Wizard
that comes with the Office 2003 Developers Kit, and have been able to
successfully distribute the application, with the Access runtime
included, to several test PCs. Yes, more testing is necessary, but
one problem is already presenting itself. It is, of course, the hated
security dialogs regarding "unsafe expressions."

I have read everything I can on this newsgroup about this topic and I
am frankly still mystified. My objective is to either 1) suppress
these dialog entirely through some magic of the installation process,
or 2) to allow the user to do so through a procedure that I can
document.

My attempts at number one were focused on two registry settings that I
got out of a post from Albert Kallal on Jun 23 2004. Purportedly,
"Adding the above two keys to the install makes the runtime install
real nice as this eliminates any nag prompts when users run my
applications." However, I don't think Windows XP allows an
application to set them, because my installer produces the following
errors: "Could not write value Level to key Local MachineSoftware
\Microsoft\Office\11.0\Access\Security. Verify you have sufficient
access to that key or contact support."
Obviously the registry is locked on that machine ... was the install done with an Administrator login, or do you know?
Besides, I'm not comfortable altering the security mechanism of a machine without the user's knowledge ... doing that in
the environment I normally deploy to - government installations, including NASA and the Naval Research Labs, as well as
several very secretive aerospace companies - would result in the immediate removal of my software, and would lose me
several very valuable customers ... not something I cherish <g>.
>My attempts at number two led me to digitally sign my app using
selfcert.exe. When installing, I now get another dialog telling me
that app has been digitally signed, and allowing me to install the
certificate. There is a checkbox that says "always trust content from
XXX and open automatically," which I thought was going to take care of
the problem. Unfortunately, after going through all those motions on
a target PC, I still get the two dialogs about the application
containing unsafe expressions.
Did you make sure the target machine had Jet SP8 installed, and that the users answered the security questions
correctly? This tends to be the step that's overlooked ...

See this resource for info on dealing with the security warnings:
http://office.microsoft.com/en-us/ac...5981033.aspx#0

Regarding self-certificates, here's what MS has to say about them:
(http://office.microsoft.com/en-us/ac...397921033.aspx)

Quote:

Because a digital certificate you create yourself isn't issued by a formal certification authority, VBA projects signed
by using such a certificate are referred to as self-signed projects. Certificates you create yourself are considered
unauthenticated and will generate a warning in the Security Warning box if the security level is set to High or Medium.
Microsoft Office will only trust a self-signed certificate on a computer that has the private key for that certificate
available (generally, only the computer that actually created the certificate, unless the private key is shared with
other computers).

As you can see, self certiciates are not the best method to use if you plan on deploying this to other machines; in
order to be truly effective at disabling the security warnings, you'd have to distribute the private key that was used
to create it, and that pretty much means that anyone could use that certificate to sign a project ... not something I'd
want my name attached to.

Comodo (www.instantssl.com) is a good source for inexpensive commercial certs.

Remember also that any updates or new deployments will need to be signed with the SAME certificate ... otherwise the
user would have to go through the process again.
Scott McDaniel
scott@takemeout_infotrakker.com
www.infotrakker.com
May 29 '07 #2

P: n/a
On 29 May 2007 04:04:30 -0700, wa******@twcny.rr.com wrote:

Sounds like you did not correctly sign the app. Right-click the file,
and in the Properties you can see if it is signed.
Note that signing is the LAST thing you should do. Do not after that
convert to MDE, compact, or anything else, or you would lose the
signature.

-Tom.

>I have an Access application developed using Access 2003 that I am
trying to distribute. I have used the Package and Deployment Wizard
that comes with the Office 2003 Developers Kit, and have been able to
successfully distribute the application, with the Access runtime
included, to several test PCs. Yes, more testing is necessary, but
one problem is already presenting itself. It is, of course, the hated
security dialogs regarding "unsafe expressions."

I have read everything I can on this newsgroup about this topic and I
am frankly still mystified. My objective is to either 1) suppress
these dialog entirely through some magic of the installation process,
or 2) to allow the user to do so through a procedure that I can
document.

My attempts at number one were focused on two registry settings that I
got out of a post from Albert Kallal on Jun 23 2004. Purportedly,
"Adding the above two keys to the install makes the runtime install
real nice as this eliminates any nag prompts when users run my
applications." However, I don't think Windows XP allows an
application to set them, because my installer produces the following
errors: "Could not write value Level to key Local MachineSoftware
\Microsoft\Office\11.0\Access\Security. Verify you have sufficient
access to that key or contact support."

My attempts at number two led me to digitally sign my app using
selfcert.exe. When installing, I now get another dialog telling me
that app has been digitally signed, and allowing me to install the
certificate. There is a checkbox that says "always trust content from
XXX and open automatically," which I thought was going to take care of
the problem. Unfortunately, after going through all those motions on
a target PC, I still get the two dialogs about the application
containing unsafe expressions.

How on earth can I suppress these things? Again, I am content to
force the user to take action to "trust" the application, as long as I
can adequately document the procedure.

Any help on this topic is very much appreciated, as I am at my whit's
end with it!

Dan
May 29 '07 #3

P: n/a
However, I don't think Windows XP allows an
application to set them, because my installer produces the following
errors: "Could not write value Level to key Local MachineSoftware
\Microsoft\Office\11.0\Access\Security. Verify you have sufficient
access to that key or contact support."
Have you been testing the installs? I suggest you get a copy of virtual pc
so you can test on a clean windows xp box (and, you can then discard the
changes to the session. virtual pc is a must have thing to test this.

As for the install being allowed to change registry? I installed the runtime
more then 100 times..and never had your problem (so, this means:

a) the machine is locked down, and you don't have permissions to install
b) there is some group policy in place...
How on earth can I suppress these things? Again, I am content to
force the user to take action to "trust" the application, as long as I
can adequately document the procedure.
How many machines have you tried this on? The best bet would be to gain
rights to the registry during installs. That means admin privileges. Really,
it highly unlikely that word, excel..or any of the office applications can
be installed on those machines without appropriate permissions...

The most easy approach is to use those registry settings I provided.

--
Albert D. Kallal (Access MVP)
Edmonton, Alberta Canada
pl*****************@msn.com
May 29 '07 #4

P: n/a
Thank you for the information, but a new approach to the issue has
presented itself. Much to my surprise, and in fact my embarrassment,
I've just discovered that the application appears to run ok in sandbox
mode. It seems like all I have to do is allow Access to block the
"unsafe expressions" and everything is ok. After you tell it do that
once you aren't bothered by the annoying dialogs any more. I simply
never tried it that way before.

I'm somewhat confused. What are the types of activities that won't
work in this mode?

Dan

Jun 2 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.