I went with VBScript that actually copies the front end from the server to
the local machine and then launches Access and runs the .mde file. It was my
simple solution to distributing new front ends as well as dealing with bloat
due to some temp tables that exist. The script creates an icon on the users
desktop that points to the script, but has the Access icon. They don't know
the difference. The script also creates an IE window and updates it to
provide the user with progress information.

"Tony Toews [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "David C. Holley" <David.C.Holley> wrote:
>
>>Is it possible to create a trusted location via code? Which I'm thinking
>>no,
>>but...
>
> The Auto FE updater can do this for you as well as a whole bunch of
> other, hopefully useful, functionality.
>
> Tony
>
> --
> Tony Toews, Microsoft Access MVP
> Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
> Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
> For a convenient utility to keep your users FEs and other files
> updated see http://www.autofeupdater.com/
> Granite Fleet Manager http://www.granitefleet.com/

"David W. Fenton" <(E-Mail Removed)> wrote:

>> Actually yes. I do realize it doesn't make a lot of sense in some
>> respects but yes. The Auto FE Updater does create those registry
>> keys if desired without requiring any admin privileges.
>
>On Vista/Win7, that surely prompts a UAC prompt, which is a good
>thing, no?

No, this doesn't hit the UAC prompt. I test my Auto FE Updater in a
clean Win Vista/7 OS install with just Office installed and no other
settings changes. And no UAC.

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/

"Tony Toews [MVP]" <(E-Mail Removed)> wrote:

>>[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\A ccess\Security\Trusted
>>Locations\Location1]
>>AllowSubFolders (REG_DWORD) = 1
>>Path (REG_SZ) "FullPathOfTrustedLocation"
>
>Yup, looks about right. Note that you don't need, nor should you,
>name the registry key Location1. It can be anything you like such as,
>for example, "Granite Fleet Manager" or "Auto FE Updater - Fleet". I
>would suggest not using Location1 because that may already have been
>used by Access on some of those systems.

Actually don't use any registry key that starts with Location and then
some digits.

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/

"microsoft" <(E-Mail Removed)> wrote:

>well as dealing with bloat
>due to some temp tables that exist.

See the TempTables.MDB page at my website which illustrates how to use
a temporary MDB in your app.
http://www.granite.ab.ca/access/temptables.htm

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/

I was just looking at this:

http://technet.microsoft.com/en-us/l.../cc179039.aspx

to see how it all worked (the trust registry is controlled by
Group Policy or Local Machine settings, not UAC), and I
saw this:

"Applications in the Office 2010 cannot recognize environment variables that
are stored as String Value (REG_SZ) value types. For applications to
recognize environment variables, you must change the value type of the Path
entry so that it is an Expandable String Value (REG_EXPAND_SZ) value type."

Cool: I never thought of it like that. It's gonna be a generic trick. You
can use an environment variable to control a registry setting if you
re-write the registry setting as a (REG_EXPAND_SZ) including the environment
variable. I bet you can use this to make user-controlled settings in HKLM
without permission!

(david)



"Tony Toews [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "David W. Fenton" <(E-Mail Removed)> wrote:
>
> No, this doesn't hit the UAC prompt. I test my Auto FE Updater in a
> clean Win Vista/7 OS install with just Office installed and no other
> settings changes. And no UAC.

"Tony Toews [MVP]" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> "David W. Fenton" <(E-Mail Removed)> wrote:
>
>>> Actually yes. I do realize it doesn't make a lot of sense in
>>> some respects but yes. The Auto FE Updater does create those
>>> registry keys if desired without requiring any admin privileges.
>>
>>On Vista/Win7, that surely prompts a UAC prompt, which is a good
>>thing, no?
>
> No, this doesn't hit the UAC prompt. I test my Auto FE Updater in
> a clean Win Vista/7 OS install with just Office installed and no
> other settings changes. And no UAC.

Hmm. That means the Trust Center registry key is in a location
editable by users, which seems to me to make it pretty useless!

I've always felt that "macro security" and all of this was just
"security theater" on MS's part, and that just serves to confirm
that suspicion.

--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/

"David W. Fenton" <(E-Mail Removed)> wrote:

>>>> Actually yes. I do realize it doesn't make a lot of sense in
>>>> some respects but yes. The Auto FE Updater does create those
>>>> registry keys if desired without requiring any admin privileges.
>>>
>>>On Vista/Win7, that surely prompts a UAC prompt, which is a good
>>>thing, no?
>>
>> No, this doesn't hit the UAC prompt. I test my Auto FE Updater in
>> a clean Win Vista/7 OS install with just Office installed and no
>> other settings changes. And no UAC.
>
>Hmm. That means the Trust Center registry key is in a location
>editable by users, which seems to me to make it pretty useless!

<shrug> Pretty much. Also given that you can mark a given registry
locations sub folders as trusted too. So that makes it even less
meaningful.

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/

If you look at the link I gave previously, you will see that
this is controlled by Group Policy and HKLM settings.

Group Policy and HKLM settings are indeed the 'old'
way of doing things, but they are also the 'only' way of
doing network management: there is not an independent
(non-group-management) way of doing management of
UAC. UAC would be a very blunt instrument for controlling
the trust centre.

If you want to restrict yourself on your own PC, you
can set a local group policy (you will need elevated rights
to do that) or change the HKLM settings (you will need
elevated rights to do that).

It is still interesting that a user can, by default, change
their own trust settings, when there are so many other
things they, by default, can no longer do. But that
doesn't make it useless: it just makes it less important
for individual users who aren't in locked-down domains.

(david)


"Tony Toews [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "David W. Fenton" <(E-Mail Removed)> wrote:
>
>>>>> Actually yes. I do realize it doesn't make a lot of sense in
>>>>> some respects but yes. The Auto FE Updater does create those
>>>>> registry keys if desired without requiring any admin privileges.
>>>>
>>>>On Vista/Win7, that surely prompts a UAC prompt, which is a good
>>>>thing, no?
>>>
>>> No, this doesn't hit the UAC prompt. I test my Auto FE Updater in
>>> a clean Win Vista/7 OS install with just Office installed and no
>>> other settings changes. And no UAC.
>>
>>Hmm. That means the Trust Center registry key is in a location
>>editable by users, which seems to me to make it pretty useless!
>
> <shrug> Pretty much. Also given that you can mark a given registry
> locations sub folders as trusted too. So that makes it even less
> meaningful.
>
> Tony
> --
> Tony Toews, Microsoft Access MVP
> Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
> Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
> For a convenient utility to keep your users FEs and other files
> updated see http://www.autofeupdater.com/
> Granite Fleet Manager http://www.granitefleet.com/

"Tony Toews [MVP]" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> "David W. Fenton" <(E-Mail Removed)> wrote:
>
>>>>> Actually yes. I do realize it doesn't make a lot of sense in
>>>>> some respects but yes. The Auto FE Updater does create those
>>>>> registry keys if desired without requiring any admin
>>>>> privileges.
>>>>
>>>>On Vista/Win7, that surely prompts a UAC prompt, which is a good
>>>>thing, no?
>>>
>>> No, this doesn't hit the UAC prompt. I test my Auto FE Updater
>>> in a clean Win Vista/7 OS install with just Office installed and
>>> no other settings changes. And no UAC.
>>
>>Hmm. That means the Trust Center registry key is in a location
>>editable by users, which seems to me to make it pretty useless!
>
><shrug> Pretty much. Also given that you can mark a given
>registry
> locations sub folders as trusted too. So that makes it even less
> meaningful.

Security theater, not actual security. That's pretty much the way
I've seen all the alterations to Outlook and macro security starting
back with the ILOVEYOU worm.

Complete idiots they must be.

--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/

[ayseff]

As an after thought...It is NOT counter intuitive to set a trusted location via code for the following 2 reasons:
1) If the current project is not trusted, the code attempting to make it trusted will not run, so there's no security threat. At best, the code will simply not run.
2) The user can "temporarily" allow the given file, but that won't make the location a trusted location. As such, the permissions will have to be granted every time the file is opened. However, once the file is allowed once, the code modules will then be permitted to run, and then you can put in the code to add the file location to the list of trusted ones, making the permissions permanent.