Re: Risks in Disabling Macro Security
- From: LarryP <LarryP@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 24 Aug 2009 10:16:01 -0700
Thanks again for your reply. Yes, if you wouldn't mind please post the class
module and I'll experiment with this. I went into the registry and found the
entries for some Trusted Locations I did manually via the Wizard, so I get
the general idea. I need to see now whether I can find a way to run the
necessary code within our installers, which are pretty rudimentary, not slick
off-the-shelf install wizards.
(If it's very long and you prefer to EMail it, fine with me,
lpaholski@xxxxxxxxxxxx)
"Graham Mandeno" wrote:
Hi Larry.
[Sorry for the slow response - I don't frequent this newsgroup much]
Basically anyone can define a location as trusted - as you know, clearly,
from your comment about "talk 300+ users through finding each folder..."
The trusted location is set up by creating a registry key at the location:
HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Access\Security\Trusted
Locations
(that line probably wrapped, but it's all one registry key path)
The name of the key can be anything, so it might as well be the name of the
app.
The values under the key are:
- Path : the fill path to the trusted location
- AllowSubfolders : 1 to trust any subfolders of Path
- Description : anything you like (optional)
- Date : haven't figured out the use for this (optional)
The code that Arvin posted will create such a key. The problem is that to
put it in the database which you want to trust is a sort of a Catch-22,
because in order to execute the code, you first have to create the trusted
location.
Because of this, the code is rather useless, unless you are creating trusted
locations for other databases.
What I do is create this registry key in my install script. Any install
script worth its salt (I use Inno Setup) can create registry keys as part of
the installation.
--
Good Luck :-)
Graham Mandeno [Access MVP]
Auckland, New Zealand
"LarryP" <LarryP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4C5FEF98-FC9F-4149-BA35-E5E79EC3DA41@xxxxxxxxxxxxxxxx
Trying to get away with one response to so far three very helpful
responses.
Among other things, our company security setup rejects EMails with .mdb
files
attached, which solves one concern. Of course they can still sneak by
renamed as .mdbx or whatever, but that would require a gullible
co-conspirator on the inside.
Beyond that, Graham, help me understand: your code, when properly written
and with the class module, sets up a trusted location for any DB its
contained in? I.e., "wherever I'm located, trust me from now on"? In
effect
preempting the security alert?
"Graham Mandeno" wrote:
Hi Arvin
I can't remember where I posted this, but if it's to work, it needs a
class
module called Registry. I can post the source here if the Larry wants
it,
but it's pretty long.
I'm a bit puzzled by this line:
' Also try: .SetValue hk + 1, "", "Path", Path
That could NEVER work and I'm sure it's not in my code. The variable hk
contains the value of a registry key handle and adding 1 to it would
almost
certainly be an invalid key.
--
Cheers,
Graham
"Arvin Meyer [MVP]" <arvinm@xxxxxxxxxxxx> wrote in message
news:eQqPE1HIKHA.3736@xxxxxxxxxxxxxxxxxxxxxxx
"LarryP" <LarryP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7E46B9B6-7CF6-497C-8A6A-34426DB14EBD@xxxxxxxxxxxxxxxx
We're just moving into Office/Access 2007 on Windows XP, and are
finding
the
security warnings frustrating. I know about the trusted location
business,
but don't want to have to talk 300+ users through finding each folder
where
they have a database and then setting it up as a trusted location.
Seeking opinions, please: our company has very robust firewalls and
anti-virus protection; how big a risk would we be running if we simply
had
users set their Access (and Excel) macro security to the lowest
setting?
As
far as I can tell so far, that pretty much removes all the warnings.
Most of my clients set their Macro security to Low and no one's gotten
a
virus yet. There is always a first time though. Access MVP, Graham
Mandeno
wrote the following code which should build a Trusted Location on any
machine it's run, so if you can connect remotely, it may be a bit
easier:
Public Function CreateTrustedLocation( _
Key As String, _
Path As String, _
Optional AllowSubfolders As Boolean, _
Optional Description As String, _
Optional Version As Integer = 12) As Boolean
Const cProcName = "CreateTrustedLocation"
Dim reg As New Registry, hk As Long
On Error GoTo ProcErr
With reg
hk = .OpenKey(HKEY_CURRENT_USER, _
"Software\Microsoft\Office\" & Version _
& ".0\Access\Security\Trusted Locations\" & Key, True)
.SetValue hk, "", "Path", Path
' Also try: .SetValue hk + 1, "", "Path", Path
.SetValue hk, "", "AllowSubfolders", IIf(AllowSubfolders, 1, 0)
.SetValue hk, "", "Description", Description
.CloseKey hk
End With
CreateTrustedLocation = True
ProcEnd:
On Error Resume Next
If hk <> 0 Then reg.CloseKey hk
Set reg = Nothing
Exit Function
ProcErr:
mb_Error cProcName
Resume ProcEnd
End Function
--
Arvin Meyer, MCP, MVP
http://www.datastrat.com
http://www.mvps.org/access
http://www.accessmvp.com
- References:
- Risks in Disabling Macro Security
- From: LarryP
- Re: Risks in Disabling Macro Security
- From: Arvin Meyer [MVP]
- Re: Risks in Disabling Macro Security
- From: Graham Mandeno
- Re: Risks in Disabling Macro Security
- From: LarryP
- Re: Risks in Disabling Macro Security
- From: Graham Mandeno
- Risks in Disabling Macro Security
- Prev by Date: Re: MSAccess 2003 mdb file does not work well in MSAccess 2007
- Next by Date: Re: Risks in Disabling Macro Security
- Previous by thread: Re: Risks in Disabling Macro Security
- Next by thread: Re: Risks in Disabling Macro Security
- Index(es):
Relevant Pages
|
