 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
MS Access Forum / Security / June 2006self-signing certificate
just upgraded to access2003, and got the Jet4sp8 warning, which I should have Jet4sp8, as I just went to office update. Searched google, and saw that I can either set security to low, or do a self-signing certificate if used with this computer. So, did the self-signing certificate, added it to macro/Security/trusted publishers. I thought that would take care of it, but, now, still get the warning. I had to actually set security to low to avoid the warning. Went back to macro/Security/trusted publishers and viewed my certificate. Looked ok until I looked at the "certification Path" tab, and saw that my certificate had a red X on it, with this comment: This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store. Is that why I still had to set security level to Low, because the certificate, while there, isn't trusted? btw, sandbox mode is set to 2 in registry, not sure whether to set it to 1 or 2 or does it make a difference if security is set to Low? Seems to me that this is an example of "make it too difficult and people will just bypass security", like "make password requirements too complex, therefore people write them down and leave the note by the keyboard" kinda thing. Thanks, Josh hmmmmmmm, went to: http://home.bendbroadband.com/conradsystems/accessjunkie/macrosecurity.html and used his VBscript, but it does NOT set security to Low, for me anyways. I ran the script, and was trying to figure out where to put the line: Application.RunCommand acCmdAppMaximize I tried just putting it in a macro and running that, just to verify that it did maximize access, but got the warning about being blocked, thats when I went and checked, and sure nuff, security was set to low. Josh This just isn't my day.......that last line should have been: "checked, and sure nuff, security was set to MEDIUM. >hmmmmmmm, went to: >http://home.bendbroadband.com/conradsystems/accessjunkie/macrosecurity.html [quoted text clipped - 7 lines] > >Josh Hi, Josh. > but it does NOT set security to Low It will if you're using Access 2003, scripts are not blocked, and User-level Security have not been implemented on the database file. > and was trying to figure out where to put the line: > Application.RunCommand acCmdAppMaximize It should be placed in the start up form's OnLoad( ) or OnOpen( ) event, whichever is more convenient. > but got the warning about being blocked "Unsafe expressions" are checked by Jet's Expression Service, so if you have the Sandbox mode set to 1 or 3 when Jet 4.0 SP-8 is installed, it doesn't matter which Macro Security level you have it set at, because your Macro Security level is an entirely separate issue. Set the Sandbox mode back to 2 and you won't be blocked, although you'll get a warning message that "unsafe expressions" are not blocked if you have the Macro Security level set at Medium or High. > thats when I went and > checked, and sure nuff, security was set to [Medium] As it's designed to do. That script doesn't change the actual Windows Registry setting, which is what you're reading when you open the Security dialog window. That script only changes the Access.Application object's AutomationSecurity Property to the indicated security level for that specific instance of Access, as explained on Jeff's Web page: ". . . a script file which sets the macro security level to low for that single invocation of Access." The script is intended for users who don't have Windows security permissions to make changes in the Windows Registry. HTH. Gunny See http://www.QBuilt.com for all your database needs. See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials. http://www.Access.QBuilt.com/html/expert_contributors2.html for contact info. > hmmmmmmm, went to: > http://home.bendbroadband.com/conradsystems/accessjunkie/macrosecurity.html [quoted text clipped - 10 lines] > > Josh >It will if you're using Access 2003, scripts are not blocked, and User-level >Security have not been implemented on the database file. It has not been set >> and was trying to figure out where to put the line: >> Application.RunCommand acCmdAppMaximize > >It should be placed in the start up form's OnLoad( ) or OnOpen( ) event, >whichever is more convenient. yes, I had placed it in the OnOpen event >> but got the warning about being blocked > [quoted text clipped - 17 lines] >invocation of Access." The script is intended for users who don't have >Windows security permissions to make changes in the Windows Registry. Ok, but , 'for this instance of Access', security should have been set to low via the script, and therefore I shouldn't have gotten a warning...? Thanks, Josh >HTH. >Gunny [quoted text clipped - 18 lines] >> >> Josh Hi, Josh. > It has not been set Your description of "got the warning about being blocked" sounds like you're describing the Sandbox mode, not the Macro Security level. If you want to test which Macro Security level is being used for the current instance of Access, place the following code in your startup form, save, and compile: Private Sub Form_Open(Cancel As Integer) On Error GoTo ErrHandler MsgBox "AutomationSecurity is set to " & Application.AutomationSecurity Exit Sub ErrHandler: MsgBox "Error in Form_Open( ) in" & vbCrLf & _ Me.Name & " form." & vbCrLf & vbCrLf & _ "Error #" & Err.Number & vbCrLf & vbCrLf & Err.Description Err.Clear End Sub If the message box displays "AutomationSecurity is set to 2" when your database opens, then select the Tools -> Macro -> Security... menu to open the Security dialog window. Whichever level you see displayed there is the Macro Security level that the current instance of Access is using. However, if you're using the Automation VB Script on Jeff Conrad's Web site, then you should see "AutomationSecurity is set to 1" displayed, meaning that despite the value set in the Security dialog window (which reflects the Windows Registry setting), the database was opened with Macro Security set to Low. > Ok, but , 'for this instance of Access', security should have been set to > low > via the script, and therefore I shouldn't have gotten a warning...? So you see the question, "Do you want to open this file or cancel the operation?" when you use the script and have three buttons to push, "Cancel," "Open," and "More Info"? That question indicates Macro Security level is Medium and the database file is not digitally signed. If you don't see this question, but instead see "Microsoft Office Access cannot open <DB file name> due to security restrictions," then this indicates that the Macro Security level is High and the database file is not digitally signed. If you see neither of these messages, then the Macro Security level is Low. However, you'll get a warning about the Sandbox mode if your current Macro Security level requires unsafe expressions to be blocked in order to work correctly. Automation Security (to alter the Macro Security level) is a separate issue from Jet 4.0 SP-8's Sandbox mode issue, which is why you get so many different prompts when you're using the new security features of Access 2003. HTH. Gunny See http://www.QBuilt.com for all your database needs. See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials. http://www.Access.QBuilt.com/html/expert_contributors2.html for contact info. >>It will if you're using Access 2003, scripts are not blocked, and >>User-level [quoted text clipped - 62 lines] >>> >>> Josh Hi, Josh. > which I should have > Jet4sp8, as I just went to office update. No. Office Update won't update Access 2003 with Jet 4.0 SP-8, because Access 2003 already contains Jet 4.0 SP-8. Re-read that warning message in the context of Access 2002 users, who didn't have Jet 4.0 SP-8 by default. Microsoft didn't bother updating the message for Access 2003, so you and the other millions of Access 2003 users were confused the first time we saw that message, too. > Is that why I still had to set security level to Low, because the > certificate, > while there, isn't trusted? A Self-Cert digital certificate isn't trusted when the Macro Security level is set to High level. It's only trusted when used for Medium level. > btw, sandbox mode is set to 2 in registry, not sure whether to set it to 1 > or 2 > or does it make a difference if security is set to Low? It makes a difference, because it's a separate issue that has been enabled with Jet 4.0 SP-8. (Remember that warning message? That's what it's for.) If you leave the Sandbox mode setting at 2 (the default), then Sandbox mode is used for non-Access applications, but not for Access. If you set it at 1, then Sandbox mode will only be used for Access applications, not other applications. > Seems to me that this is an example of "make it too difficult and people > will > just bypass security" Yup. Those with common sense will avoid spitting into the wind. HTH. Gunny See http://www.QBuilt.com for all your database needs. See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials. http://www.Access.QBuilt.com/html/expert_contributors2.html for contact info. > just upgraded to access2003, and got the Jet4sp8 warning, which I should > have [quoted text clipped - 32 lines] > > Thanks, Josh >Hi, Josh. > [quoted text clipped - 14 lines] >A Self-Cert digital certificate isn't trusted when the Macro Security level >is set to High level. It's only trusted when used for Medium level. But, it was set for Medium during the time I was experimenting with certificate, so that should have satisfied access and not given me a warning, is that correct? And, if correct, why the warning? >> btw, sandbox mode is set to 2 in registry, not sure whether to set it to 1 >> or 2 [quoted text clipped - 6 lines] >1, then Sandbox mode will only be used for Access applications, not other >applications. I don't understand the default of 2, sandbox mode for non-access applications, but not for Access. Wouldn't the default of 1 be better (from a 'Default' point of view), to make Access more secure and leave non-Access applications alone? Or, am I totally screwed up (which is the most likely case) Thanks >> Seems to me that this is an example of "make it too difficult and people >> will [quoted text clipped - 46 lines] >> >> Thanks, Josh Hi, Josh. >>A Self-Cert digital certificate isn't trusted when the Macro Security >>level [quoted text clipped - 4 lines] > so that should have satisfied access and not given me a warning, is that > correct? And, if correct, why the warning? You also stated that your SelfCert certificate had a red X on it and you were warned that this certificate isn't trusted because it isn't in the Trusted Root Certification Authorities store. Let's assume for a moment that this information is somehow incorrect, and you installed the SelfCert digital certificate on this computer correctly and digitally signed this database file with your SelfCert digital certificate. You set the Macro Security level to Medium, which should allow a SelfCert digitally signed database to open unchallenged. Since you're being challenged when you open this database, it means that your Macro Security level can only be set to Medium (you couldn't open it at all if it were High, and you wouldn't be challenged if it were Low), but either the digital signature on the database file is invalid or the SelfCert digital certificate on that computer is invalid (not trusted). Since you got the warning that your SelfCert digital certificate isn't trusted, we have to assume that this Microsoft Office security feature is complaining for a good reason. You need to troubleshoot why the application is claiming that the digital certificate isn't in the Trusted Root Certification Authorities store. > I don't understand the default of 2, sandbox mode for non-access > applications, > but not for Access. Wouldn't the default of 1 be better (from a 'Default' > point > of view), to make Access more secure and leave non-Access applications > alone? No. Access versus the other applications is comparing apples with oranges. If Sandbox mode were set to 1, then any Access database application without action queries, and without expressions in table, query, field, form, report, or control properties would run as is. Such a simple Access database is trivial, in that the user interface isn't much used, if at all, and most likely the file is only being used as a data source by some other application, which wouldn't have any of its expressions blocked by the Jet Expression Service. But a non-trivial Access database would have its update, make table, and append queries disabled. The other queries or any of the tables, forms, reports, or controls on the forms or reports using the functions listed as blocked on the following Web page in their properties would be disabled: http://support.microsoft.com/default.aspx?id=294698&Product=acc Such an Access database application wouldn't be very useful because it couldn't be very complex or do the things that most database applications do. Non-Access applications in the Microsoft Office Suite don't generally rely on queries or properties of database objects, so preventing them from using these queries or functions in expressions in those other applications isn't much of a penalty. > Or, am I totally screwed up (which is the most likely case) The new security feature of Access 2003 is pretty confusing, which is why most folks are ignoring it completely by using the Low Macro Security setting. HTH. Gunny See http://www.QBuilt.com for all your database needs. See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials. http://www.Access.QBuilt.com/html/expert_contributors2.html for contact info. >>Hi, Josh. >> [quoted text clipped - 101 lines] >>> >>> Thanks, Josh Taking another look at the certificates, I ran the Certificate MMC snap in, and saw that my self-signed certificate (current user) was under the "personal" folder. So, I moved it to "Trusted Root Certification Authorites", and it works now. Now warnings at all when opening with medium security set. Thanks, Josh >Hi, Josh. > [quoted text clipped - 174 lines] >>>> >>>> Thanks, Josh Hi, Josh. > So, I moved it to "Trusted Root Certification Authorites", and it works > now. No warnings at all when opening with medium security set. Excellent. Thanks for reporting back with your solution so that others who have the same problem can research the archive and benefit, too. Gunny See http://www.QBuilt.com for all your database needs. See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials. http://www.Access.QBuilt.com/html/expert_contributors2.html for contact info. > Taking another look at the certificates, I ran the Certificate MMC snap > in, and [quoted text clipped - 207 lines] >>>>> >>>>> Thanks, Josh |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.