Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Access 2003 security

0 views
Skip to first unread message

Paradigm

unread,
Aug 2, 2005, 6:36:46 AM8/2/05
to
I distribute some Access 2K applications as mde files using the Access2K
runtime.
Now that I am thinking of updating to Access 2003 I find that, when I launch
an mde file, I get a number of warning messages about macros and security
which are a nuisance to the users.
Is there any way of avoiding these messages?
Alec


jimfo...@compumarc.com

unread,
Aug 2, 2005, 12:53:29 PM8/2/05
to

What I do is use selfcert.exe to create a digital signature that can be
applied to the mdb file. Another twist I came across recently was that
for a certain machine I had to run mmc (Microsoft Management Console)
using the Add/Remove Snap-in option to drag and drop the digital
signature into a Trusted Certificates category. So far I have been
able to get rid of all the warnings. Only a few machines have needed
the digital signature fix so I create the digital signature with the
user's name. I haven't had to do this in a more automated way yet. I
hope this helps.

James A. Fortune

John Mishefske

unread,
Aug 5, 2005, 12:04:22 AM8/5/05
to

James, you have selfcert.exe generated certs to work on PCs other than the one the cert
was generated on? That's not supposed to happen...

The "proper" procedure is to get a cert from a Certificate Authority but the cost/process
may be unreasonable for some applications.

There are work arounds ranging from modifying registry settings (that is considered rude
to do to a customer/client without their approval) to using Automation to start Access and
modify the security settings for the immediate session.

If you search this group on "macro security 2003" you should get lots of info.

--
'---------------
'John Mishefske
'---------------

jimfo...@compumarc.com

unread,
Aug 5, 2005, 2:01:34 AM8/5/05
to
John Mishefske wrote:

>
> James, you have selfcert.exe generated certs to work on PCs other than the one the cert
> was generated on? That's not supposed to happen...

I'm sorry for being unclear on this point. I use selfcert.exe on the
target PC. After that, I usually modify the mdb by importing the
changes rather than compacting so that I don't have to create the
Digital Signature again.

> The "proper" procedure is to get a cert from a Certificate Authority but the cost/process
> may be unreasonable for some applications.

I'm not aware of any EULA's being violated by using selfcert.exe. For
a custom app selfcert.exe seems quite "proper." I certainly trust the
author :-). In what situations would a cert from a Certificate
Authority be useful?

> There are work arounds ranging from modifying registry settings (that is considered rude
> to do to a customer/client without their approval) to using Automation to start Access and
> modify the security settings for the immediate session.

I definitely don't want to change any registry settings. With
selfcert.exe I don't have to change the security settings at all.

> If you search this group on "macro security 2003" you should get lots of info.

That's a possibility. I'm more interested in why I had to do the
Trusted Sources for only one particular machine.

James A. Fortune

John Mishefske

unread,
Aug 5, 2005, 4:31:27 AM8/5/05
to
jimfo...@compumarc.com wrote:
> John Mishefske wrote:
>
>
>>James, you have selfcert.exe generated certs to work on PCs other than the one the cert
>>was generated on? That's not supposed to happen...
>
>
> I'm sorry for being unclear on this point. I use selfcert.exe on the
> target PC. After that, I usually modify the mdb by importing the
> changes rather than compacting so that I don't have to create the
> Digital Signature again.

Ahh.. I see. I haven't tried that...


>
>
>>The "proper" procedure is to get a cert from a Certificate Authority but the cost/process
>>may be unreasonable for some applications.
>
>
> I'm not aware of any EULA's being violated by using selfcert.exe. For
> a custom app selfcert.exe seems quite "proper." I certainly trust the
> author :-). In what situations would a cert from a Certificate
> Authority be useful?

Didn't mean to imply anything nefarious; only that Microsoft would encourage you to follow
a procdure to get a cert. I don't do it since my clients aren't interested in the extra
expense and lack of benefits for our particular market.

>
>>There are work arounds ranging from modifying registry settings (that is considered rude
>>to do to a customer/client without their approval) to using Automation to start Access and
>>modify the security settings for the immediate session.
>
>
> I definitely don't want to change any registry settings. With
> selfcert.exe I don't have to change the security settings at all.

Agreed.

>
>>If you search this group on "macro security 2003" you should get lots of info.
>
>
> That's a possibility. I'm more interested in why I had to do the
> Trusted Sources for only one particular machine.

Not sure about that; perhaps someone reading this has experienced this problem and
identified the cause?

0 new messages