MartyConnelly
martyconnelly at shaw.ca
Mon Aug 2 13:42:47 CDT 2004
Assuming you are not going to spring $ 400 for a version Veritas 2 year
certificate.
and 'Class 2' certificates for individual developers, are
unobtainable, as no
CA Certificate Authority currently sells them.
I never got as far as network deployment. Selfcert won't work you need
makecert
I got it working standalone with this makecert call
Since I have a standalone version of Access2003, I had to download makecert
from here, standalone version of 2003 doesn't have makecert installed.
http://support.microsoft.com/default.aspx?scid=kb;en-us;828407
I created certificates with these parameters in Start-->Run
C:\Security\Makecert\codesigningx86\makecert -sk SelfSignedCerts -n
"CN=MyCert" -b 01/01/2003 -e 01/01/2009 -ss My -r -eku 1.3.6.1.5.5.7.3.3
or
: Use makecert.exe with the "-pe" option to create and store the
certificate with an exportable private key:
This maybe necessary for network deployment but "pe" only available
with makecert.exe version 5.131 or higher.
makecert -r -pe -n "CN=Your Name" -b 01/01/2000 -e 01/01/2099 -eku
1.3.6.1.5.5.7.3.3 -ss My
Then you can export the certificate from the certificate store,
including the private key.
after install of certificate; see it listed on the Trusted Root
Certification Authorities tab in Certificates
window (CntrlPanel-- > Users --> Advanced).
Forgotten how to attach to mdb but it should be here in the url below
To set the security level. It's under tools --> macro --> security
Here is description of how to sign vba project with certificate
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/odeopg/html/deovrsigningvbaproject.asp
and
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/makecert.asp
Two caveats
You need Jet 8 SP installed to stop squawking messages about unsafe
SQL expressions.
Setting security to Low and then running the macro does not register the
certificate in the trusted sources list.
Security must be set to Medium or High before any certificates are posted
to the trusted Trust Publishers list. In cases where security is set to
High on all computers, a Selfcert.exe-signed macro can be deployed, but it
does not have a secure enough certificate level for use by other users
who are
running with the High security level. Only a certificate issued by a
certificate authority can be used to provide a distributable certificate
and signature to others and still pass through Medium and High security
levels in Office.
Theoretically, you could tell your clients to
use selfcert to create a certificate on each workstation,
but even if they were willing to do this, your db security
may prevent them from opening the VBA project to add digital certificate.
If you are developing in-house applications, talk to your network
administrator. Using Certificate Server on Windows
2000/2003 Server, an administrator can create a
certificate that will be valid across the domain.
Also to see if personal certificate is installed properly
run certmgr.exe
This is supposed to work but I never got this far. Since I couldn't find
out how to network deploy a makecert certificate.
This assumes Jet SP8 installed
2. Before you create the MDE file, go to modules open one and in VB
assign a digital certificte to it.
3. Make the MDE
4. Open the app on users pc, when it asks if you want to Block unsafe
expressions answer yes.
5. The next window should tell you that there is a Digital Certificate.
Click on Advanced and install the Certificate.
6. Open the database
7. Close the database and reopen it. You should now have the option of
checking the box to always trust apps with this digital certificate.
Check that and open the database. 8. Close the database and reopen it.
It should open without any prompts, at least mine do now.
--------------------------------------------------------------
A couple of other ways around this.
Get your network guy to change the following registry settings of the
following key, should help you change the security level of the macro in
Access 2003. He should be able to change this globally across the
network for each client PC, there is even a way to do this from Access
VBA code using WMI with proper network permissions.
HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Access\Security\Level
If the value is 1, then the macro security of Access 2003 is set to low.
If the value is 2, then the macro security of Access 2003 is set to medium.
If the value is 3, then the macro security of Access 2003 is set to high.
WARNING: If you use Registry Editor incorrectly, you may cause serious
problems that may require you to reinstall your operating system.
Microsoft cannot guarantee that you can solve problems that result from
using Registry Editor incorrectly. Use Registry Editor at your own risk.
Or
You could also put this vbs code in a file to execute in a user's
shortcut. Just create .vbs file and add to desktop shortcut.
You can create a VB script file with this code and start your app using
this. (Code is from an MS MSDN article)
http://support.microsoft.com/?kbid=235422
This will have problems if vbscript disabled or you are using mdw security
add to file MyMDB.vbs
Const cDatabaseToOpen = "C:\<FileToOpen>.mdb"
On Error Resume Next
Dim AcApp
Set AcApp = CreateObject("Access.Application.11")
If AcApp.Version >= 11 Then
AcApp.AutomationSecurity = 1 ' msoAutomationSecurityLow
End If
AcApp.Visible = True
AcApp.OpenCurrentDatabase cDatabaseToOpen
If AcApp.CurrentProject.FullName <> "" Then
AcApp.UserControl = True
Else
AcApp.Quit
MsgBox "Failed to open '" & cDatabaseToOpen & "'."
End If
Jeff Barrows wrote:
>I have an Access 2003 FE, using the Access 2003 runtime. Every time
>someone opens the app. I get one of those security warnings on the
>user's machine. I am pretty sure that this is this a Digital
>Certificate issue. Do I need to go to each desktop to create a cert, or
>can I distribute the one I created for the test/development machine?
>And how do I distribute it?
>
>
>
>Jeff Barrows
>
>Outbak Technologies, LLC
>
>Racine, WI
>
>
>
>www.outbaktech.com
>
>
>
>
>
--
Marty Connelly
Victoria, B.C.
Canada