Re: Suppressing security dialogs when app opens

On 29 May 2007 04:04:30 -0700, wazdakka@xxxxxxxxxxxx wrote:

I have an Access application developed using Access 2003 that I am
trying to distribute. I have used the Package and Deployment Wizard
that comes with the Office 2003 Developers Kit, and have been able to
successfully distribute the application, with the Access runtime
included, to several test PCs. Yes, more testing is necessary, but
one problem is already presenting itself. It is, of course, the hated
security dialogs regarding "unsafe expressions."

I have read everything I can on this newsgroup about this topic and I
am frankly still mystified. My objective is to either 1) suppress
these dialog entirely through some magic of the installation process,
or 2) to allow the user to do so through a procedure that I can
document.

My attempts at number one were focused on two registry settings that I
got out of a post from Albert Kallal on Jun 23 2004. Purportedly,
"Adding the above two keys to the install makes the runtime install
real nice as this eliminates any nag prompts when users run my
applications." However, I don't think Windows XP allows an
application to set them, because my installer produces the following
errors: "Could not write value Level to key Local MachineSoftware
\Microsoft\Office\11.0\Access\Security. Verify you have sufficient
access to that key or contact support."

Obviously the registry is locked on that machine ... was the install done with an Administrator login, or do you know?
Besides, I'm not comfortable altering the security mechanism of a machine without the user's knowledge ... doing that in
the environment I normally deploy to - government installations, including NASA and the Naval Research Labs, as well as
several very secretive aerospace companies - would result in the immediate removal of my software, and would lose me
several very valuable customers ... not something I cherish <g>.

My attempts at number two led me to digitally sign my app using
selfcert.exe. When installing, I now get another dialog telling me
that app has been digitally signed, and allowing me to install the
certificate. There is a checkbox that says "always trust content from
XXX and open automatically," which I thought was going to take care of
the problem. Unfortunately, after going through all those motions on
a target PC, I still get the two dialogs about the application
containing unsafe expressions.

Did you make sure the target machine had Jet SP8 installed, and that the users answered the security questions
correctly? This tends to be the step that's overlooked ...

See this resource for info on dealing with the security warnings:
http://office.microsoft.com/en-us/access/HA011225981033.aspx#0

Regarding self-certificates, here's what MS has to say about them:
(http://office.microsoft.com/en-us/access/HP010397921033.aspx)

Quote:

Because a digital certificate you create yourself isn't issued by a formal certification authority, VBA projects signed
by using such a certificate are referred to as self-signed projects. Certificates you create yourself are considered
unauthenticated and will generate a warning in the Security Warning box if the security level is set to High or Medium.
Microsoft Office will only trust a self-signed certificate on a computer that has the private key for that certificate
available (generally, only the computer that actually created the certificate, unless the private key is shared with
other computers).

As you can see, self certiciates are not the best method to use if you plan on deploying this to other machines; in
order to be truly effective at disabling the security warnings, you'd have to distribute the private key that was used
to create it, and that pretty much means that anyone could use that certificate to sign a project ... not something I'd
want my name attached to.

Comodo (www.instantssl.com) is a good source for inexpensive commercial certs.

Remember also that any updates or new deployments will need to be signed with the SAME certificate ... otherwise the
user would have to go through the process again.


Scott McDaniel
scott@xxxxxxxxxxxxxxxxxxxxxxxxx
www.infotrakker.com
.

Relevant Pages

  • Re: ?Expired Security Certif for MS Update
    ... MBSA should run fine on a new install. ... faith in the downloads I have, that used the expired certificate to get ... At the risk of sounding like an alien abductee, this security invasion ... Microsoft and signed by a CA that your computer trusts I would not worry ...
    (microsoft.public.windowsxp.security_admin)
  • Re: How do I protect a document out of design mode?
    ... My IT installators initially told me that they would install digital ... the macro security warnings. ... Select the certificate you want to add, ...
    (microsoft.public.word.vba.general)
  • Re: How to Install certificate?
    ... Bob is right that security admins don't like export of private keys...many ... export/import process. ... The sample code does not enable export/import of the private key. ... 2000/2003 Certificate enrollment server. ...
    (microsoft.public.pocketpc.wireless)
  • Re: Web Service Security
    ... The asmx file security is now set to 'ignore client certificates.' ... Viewing the certificate using the View Certificate button under directory ... you must install the certificate with a private key (usually ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Certificates on Floppy Disk?
    ... > give you the option to install this certificate which you want to do. ... > unselect enable strong protection as user will have to enter private key ... > personal folder for the computer store and select import and then browse ...
    (microsoft.public.windows.server.security)