Access 2007 Trusted Locations

M

M Skabialka

I distribute an Access 2007 database to users in a fairly secure
environment. They always get the nag about VBA code and have to select
"Enable this content". I tried to add a trusted location from within one of
the Access databases, but the option to "Add new trusted location" is grayed
out. Their IT people say it must be a group policy but they don't know how
or why it was set that way, and don't know how to change it. Users hate the
nag, but the code is pretty complex, not something you could throw into
macros, which I never use anyway.
Is there a way to programmatically add trusted locations, or is there
another way to do this?
Mich
 
M

M Skabialka

Thanks Graham for this great reference - now to find out who has the power
to do this.
And from my home city no less!
Mich (ex-pat)

Graham Mandeno said:
Hi Mich

The "bible" on the subject is here:
http://technet.microsoft.com/en-us/library/cc178948.aspx

I could give you some code that sets TLs on the local computer, but it
appears their GP disables this, so it wouldn't be much use to you.

--
Good Luck :)

Graham Mandeno [Access MVP]
Auckland, New Zealand


M Skabialka said:
I distribute an Access 2007 database to users in a fairly secure
environment. They always get the nag about VBA code and have to select
"Enable this content". I tried to add a trusted location from within one
of the Access databases, but the option to "Add new trusted location" is
grayed out. Their IT people say it must be a group policy but they don't
know how or why it was set that way, and don't know how to change it.
Users hate the nag, but the code is pretty complex, not something you
could throw into macros, which I never use anyway.
Is there a way to programmatically add trusted locations, or is there
another way to do this?
Mich
 
A

Albert D. Kallal

M Skabialka said:
I distribute an Access 2007 database to users in a fairly secure
environment. They always get the nag about VBA code and have to select
"Enable this content". I tried to add a trusted location from within one
of the Access databases, but the option to "Add new trusted location" is
grayed out. Their IT people say it must be a group policy but they don't
know how or why it was set that way, and don't know how to change it.
Users hate the nag, but the code is pretty complex, not something you could
throw into macros, which I never use anyway.
Is there a way to programmatically add trusted locations, or is there
another way to do this?
Mich

Depending on their environment one possible solution is to simply set their
macro security to low.
In places where security is quite tight, then this may not be a viable
solution for you and I think the other link posted here's the way to go
then.
 
M

M Skabialka

How do you do that in Access 2007? If it's the sandbox registry change,
Group Policy prevents this.
 
G

Graham Mandeno

Hi Mich

Yes, I think you'll find that if group policy disables defining local
trusted locations, then it will certainly also prohibit changing macro
security level.

I can tell you that the user-defined trusted locations are in the registry
at:

HKCU\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations

and the policy-defined ones are at:

HKLM\Software\Policies\Microsoft\Office\12.0\Access\Security\Trusted
Locations

In each case, you create a subkey at that location (it appears the name of
the key is unimportant) and under that key you create the following value:

Path: <SZ - fully qualified path to the trusted location>

You can also create the following optional values:

AllowSubFolders: <DWORD - 0 or 1 (default is 0)>
Date: <SZ - I think this is used for documentation only>
Description: <SZ - documentation only>

If you're setting reg keys in HKLM under Vista, make sure you are running
"as Administrator" otherwise UAC virtualisation will ensure those changes
are visible only to the current user.

I don't know what security privileges are required to set policy locations
in a domain, or if it is even possible.
 
A

Albert D. Kallal

M Skabialka said:
How do you do that in Access 2007? If it's the sandbox registry change,
Group Policy prevents this.

Just try it:

office button->accesss options->trust center->

on right side choose trust center settings

then on left side choose macro settings....try the botton one....
 
F

Fred

All of the above brain surgery is needed make something very basic work.

You'd think Microsoft would get a clue.
 
M

M Skabialka

I will try this when I get to the location again - thanks for your help.
Mich
 
T

Tony Toews [MVP]

Fred said:
All of the above brain surgery is needed make something very basic work.

You'd think Microsoft would get a clue.

Well, I'm going to disagree. If someone was to develop an Access based
virus then everyone would be dumping all over MS complaining why MS
didn't make things secure. Now we've hardly ever seen one but I can
understand why MS is making things secure and making the customers
take the responsibility for setting up trusted locations and such.

Tony
 
G

Graham Mandeno

Hi Mich

Let us know how you get on. I'd be amazed if policies were set up to
disallow the user setting local trusted locations, but to allow setting
macro security to "low"!!
 
M

M Skabialka

You were right - I cannot change this setting either.
The annoying thing is that people consistently forget to enable this
feature, so none of the buttons work since they all use VBA code.
I have had to create a BIG ugly "in your face" label that says "Please
enable content in Options above!". By default it is visible, but after
content is enable the On Load code runs which makes this label invisible.
Users are frustrated, policy makers don't care.
Mich
(Ex-pat from Mt Roskill)

Graham Mandeno said:
Hi Mich

Let us know how you get on. I'd be amazed if policies were set up to
disallow the user setting local trusted locations, but to allow setting
macro security to "low"!!

--
Good Luck :)

Graham Mandeno [Access MVP]
Auckland, New Zealand

M Skabialka said:
I will try this when I get to the location again - thanks for your help.
Mich
 
G

Graham Mandeno

Hi Mich

Funny... I have a client in Mt Roskill with a similarly intractable IT
department! <g>

You said in your original post:
Their IT people say it must be a group policy but they don't know how or
why it was set that way, and don't know how to change it.

Well, now *you* know how to change it or, even better, you know how to add
your trusted location to the group policy for the domain, so why don't you
educate them?

--
Good Luck :)

Graham Mandeno [Access MVP]
Auckland, New Zealand


M Skabialka said:
You were right - I cannot change this setting either.
The annoying thing is that people consistently forget to enable this
feature, so none of the buttons work since they all use VBA code.
I have had to create a BIG ugly "in your face" label that says "Please
enable content in Options above!". By default it is visible, but after
content is enable the On Load code runs which makes this label invisible.
Users are frustrated, policy makers don't care.
Mich
(Ex-pat from Mt Roskill)

Graham Mandeno said:
Hi Mich

Let us know how you get on. I'd be amazed if policies were set up to
disallow the user setting local trusted locations, but to allow setting
macro security to "low"!!

--
Good Luck :)

Graham Mandeno [Access MVP]
Auckland, New Zealand

M Skabialka said:
I will try this when I get to the location again - thanks for your help.
Mich

How do you do that in Access 2007? If it's the sandbox registry
change, Group Policy prevents this.


Just try it:

office button->accesss options->trust center->

on right side choose trust center settings

then on left side choose macro settings....try the botton one....
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top