I distribute an Access 2007 database to users in a fairly secure
environment. They always get the nag about VBA code and have to select
"Enable this content". I tried to add a trusted location from within one of
the Access databases, but the option to "Add new trusted location" is grayed
out. Their IT people say it must be a group policy but they don't know how
or why it was set that way, and don't know how to change it. Users hate the
nag, but the code is pretty complex, not something you could throw into
macros, which I never use anyway.
Is there a way to programmatically add trusted locations, or is there
another way to do this?
Mich

Hi Mich

The "bible" on the subject is here:
http://technet.microsoft.com/en-us/l.../cc178948.aspx

I could give you some code that sets TLs on the local computer, but it
appears their GP disables this, so it wouldn't be much use to you.

--
Good Luck :-)

Graham Mandeno [Access MVP]
Auckland, New Zealand


"M Skabialka" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I distribute an Access 2007 database to users in a fairly secure
>environment. They always get the nag about VBA code and have to select
>"Enable this content". I tried to add a trusted location from within one
>of the Access databases, but the option to "Add new trusted location" is
>grayed out. Their IT people say it must be a group policy but they don't
>know how or why it was set that way, and don't know how to change it.
>Users hate the nag, but the code is pretty complex, not something you could
>throw into macros, which I never use anyway.
> Is there a way to programmatically add trusted locations, or is there
> another way to do this?
> Mich
>
>

Thanks Graham for this great reference - now to find out who has the power
to do this.
And from my home city no less!
Mich (ex-pat)

"Graham Mandeno" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi Mich
>
> The "bible" on the subject is here:
> http://technet.microsoft.com/en-us/l.../cc178948.aspx
>
> I could give you some code that sets TLs on the local computer, but it
> appears their GP disables this, so it wouldn't be much use to you.
>
> --
> Good Luck :-)
>
> Graham Mandeno [Access MVP]
> Auckland, New Zealand
>
>
> "M Skabialka" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I distribute an Access 2007 database to users in a fairly secure
>>environment. They always get the nag about VBA code and have to select
>>"Enable this content". I tried to add a trusted location from within one
>>of the Access databases, but the option to "Add new trusted location" is
>>grayed out. Their IT people say it must be a group policy but they don't
>>know how or why it was set that way, and don't know how to change it.
>>Users hate the nag, but the code is pretty complex, not something you
>>could throw into macros, which I never use anyway.
>> Is there a way to programmatically add trusted locations, or is there
>> another way to do this?
>> Mich
>>
>>
>
>

"M Skabialka" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I distribute an Access 2007 database to users in a fairly secure
>environment. They always get the nag about VBA code and have to select
>"Enable this content". I tried to add a trusted location from within one
>of the Access databases, but the option to "Add new trusted location" is
>grayed out. Their IT people say it must be a group policy but they don't
>know how or why it was set that way, and don't know how to change it.
>Users hate the nag, but the code is pretty complex, not something you could
>throw into macros, which I never use anyway.
> Is there a way to programmatically add trusted locations, or is there
> another way to do this?
> Mich
>
>

Depending on their environment one possible solution is to simply set their
macro security to low.
In places where security is quite tight, then this may not be a viable
solution for you and I think the other link posted here's the way to go
then.


--
Albert D. Kallal (Access MVP)
Edmonton, Alberta Canada
(E-Mail Removed)

How do you do that in Access 2007? If it's the sandbox registry change,
Group Policy prevents this.


"Albert D. Kallal" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> "M Skabialka" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I distribute an Access 2007 database to users in a fairly secure
>>environment. They always get the nag about VBA code and have to select
>>"Enable this content". I tried to add a trusted location from within one
>>of the Access databases, but the option to "Add new trusted location" is
>>grayed out. Their IT people say it must be a group policy but they don't
>>know how or why it was set that way, and don't know how to change it.
>>Users hate the nag, but the code is pretty complex, not something you
>>could throw into macros, which I never use anyway.
>> Is there a way to programmatically add trusted locations, or is there
>> another way to do this?
>> Mich
>>
>>
>
> Depending on their environment one possible solution is to simply set
> their macro security to low.
> In places where security is quite tight, then this may not be a viable
> solution for you and I think the other link posted here's the way to go
> then.
>
>
> --
> Albert D. Kallal (Access MVP)
> Edmonton, Alberta Canada
> (E-Mail Removed)
>

Hi Mich

Yes, I think you'll find that if group policy disables defining local
trusted locations, then it will certainly also prohibit changing macro
security level.

I can tell you that the user-defined trusted locations are in the registry
at:

HKCU\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations

and the policy-defined ones are at:

HKLM\Software\Policies\Microsoft\Office\12.0\Access\Security\Trusted
Locations

In each case, you create a subkey at that location (it appears the name of
the key is unimportant) and under that key you create the following value:

Path: <SZ - fully qualified path to the trusted location>

You can also create the following optional values:

AllowSubFolders: <DWORD - 0 or 1 (default is 0)>
Date: <SZ - I think this is used for documentation only>
Description: <SZ - documentation only>

If you're setting reg keys in HKLM under Vista, make sure you are running
"as Administrator" otherwise UAC virtualisation will ensure those changes
are visible only to the current user.

I don't know what security privileges are required to set policy locations
in a domain, or if it is even possible.
--
Good Luck :-)

Graham Mandeno [Access MVP]
Auckland, New Zealand


"M Skabialka" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> How do you do that in Access 2007? If it's the sandbox registry change,
> Group Policy prevents this.
>
>
> "Albert D. Kallal" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> "M Skabialka" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>I distribute an Access 2007 database to users in a fairly secure
>>>environment. They always get the nag about VBA code and have to select
>>>"Enable this content". I tried to add a trusted location from within one
>>>of the Access databases, but the option to "Add new trusted location" is
>>>grayed out. Their IT people say it must be a group policy but they don't
>>>know how or why it was set that way, and don't know how to change it.
>>>Users hate the nag, but the code is pretty complex, not something you
>>>could throw into macros, which I never use anyway.
>>> Is there a way to programmatically add trusted locations, or is there
>>> another way to do this?
>>> Mich
>>>
>>>
>>
>> Depending on their environment one possible solution is to simply set
>> their macro security to low.
>> In places where security is quite tight, then this may not be a viable
>> solution for you and I think the other link posted here's the way to go
>> then.
>>
>>
>> --
>> Albert D. Kallal (Access MVP)
>> Edmonton, Alberta Canada
>> (E-Mail Removed)
>>
>
>

"M Skabialka" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> How do you do that in Access 2007? If it's the sandbox registry change,
> Group Policy prevents this.
>

Just try it:

office button->accesss options->trust center->

on right side choose trust center settings

then on left side choose macro settings....try the botton one....


--
Albert D. Kallal (Access MVP)
Edmonton, Alberta Canada
(E-Mail Removed)

All of the above brain surgery is needed make something very basic work.

You'd think Microsoft would get a clue.

I will try this when I get to the location again - thanks for your help.
Mich

"Albert D. Kallal" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "M Skabialka" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> How do you do that in Access 2007? If it's the sandbox registry change,
>> Group Policy prevents this.
>>
>
> Just try it:
>
> office button->accesss options->trust center->
>
> on right side choose trust center settings
>
> then on left side choose macro settings....try the botton one....
>
>
> --
> Albert D. Kallal (Access MVP)
> Edmonton, Alberta Canada
> (E-Mail Removed)
>
>

Fred <(E-Mail Removed)> wrote:

>All of the above brain surgery is needed make something very basic work.
>
>You'd think Microsoft would get a clue.

Well, I'm going to disagree. If someone was to develop an Access based
virus then everyone would be dumping all over MS complaining why MS
didn't make things secure. Now we've hardly ever seen one but I can
understand why MS is making things secure and making the customers
take the responsibility for setting up trusted locations and such.

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
Granite Fleet Manager http://www.granitefleet.com/