Access 2003 Stand-Alone and Win 2003 Server Certificate Services

[Guest]

We are upgrading our Access 97 stand-alone applications to Access 2003. Once
upgraded, an end-user will get security prompts unless the macros (vb code)
are signed with a certificate. I set up Certificate Services on a Win 2003
Server box but when I open Access 2003 and try to sign the code (using
Tools/Digital Signature from the Visual Basic Editor) and the certificate is
not available for use.

Is it possible to sign an Access 2003 db using a certificate created from a
Win 2003 server (using Tools/Digital Signature) or do I need to use Access
2003 extensions that are part of the Visual Studio Tools for Office Package?

Thank you in advance for your help!

 

[Albert D.Kallal]

Simply add the following keys to your runtime packing (the package wizard
does have provision for adding regs keys).

ROOT:Local Machine
Key: SOFTWARE\Microsoft\Jet\4.0\Engines
Name:SandBoxMode
Value:#00000002

ROOT:Local Machine
Key: Software\Microsoft\Office\11.0\Access\Security
Name:Level
Value:#00000001


If you add both tof the above, then you get no security prompts at
all...even if the later jet sp8 is NOT installed. It is clean...and no
prompts....

 

[Guest]

I am not trying to suppress the warning via reg settings. I want to have the
code signed using at private key and once the user opens the db, the group
policy will push the public key to the machine so that the user does not get
the warning. This is required because we only want them to get a security
warning if the code is not signed by our private key.

Do I need Access 2003 extensions to sign the code?

 

[Brendan Reynolds]

I don't think it's likely to have anything to do with the extensions. I've
never used certificate services, but I do have a third-party certificate
that I've used in Access 2003, and it did not require the extensions. I
think it is more likely to have something to do with either the type of
certificate that was created, or the way that it was installed on the target
PC - have you checked whether you can view the certificate on the target PC
in Internet Explorer? But I'm afraid I don't know enough about certificate
services to help you further. If no one else answers here it may be worth
asking the question in a Windows 2003 Server forum, if you haven't done so
already.

 

[Guest]

Where did you store (on the signing computer) the 3rd party certificate so
that Access 2003 could see it? I have an example of creating a certificate
using certificate services to create a "code signing" certificate and using
Access 2003 to sign it so, I should be all set using that type of
certificate.

Yes, I can see the certificate on the win 2003 server. Once I sign the
Access 2003 db with it, the public key will be put on the user's pc (through
group policy) when they open the db. (from what I read in the "MS Windows
Server 2003 PKI and Certificate Security) book.

 

[Brendan Reynolds]

I'm afraid I don't remember - it was quite some time ago. I just followed
the instructions supplied by the CA. I don't remember encountering any
complications.

I believe there is more than one type of code signing certificate. If I
remember rightly, when I bought the third-party certificate I had to choose
between a 'Microsoft Office/VBA' or 'Authenticode' code-signing certificate.
So possibly the type of certificate could still be the problem.

You say you can see the certificate in IE on the server, but is the server
the PC where you are trying to sign the app? If not, can you see the
certificate in IE on *that* PC? If not, possibly the instructions at the
following URL might be some help ...

http://support.globalsign.net/en/Personalsign/exportcert.cfm

.... but I'm definitely straying outside of my area of experience at this
stage. I really think you'll be more likely to find a solution in a Windows
Server forum.

 

[Guest]

Can you post the link to the correct newsgroup that I should post this
question to?

Thank You!

 

[Brendan Reynolds]

I'm afraid I don't subscribe to any server newsgroups, and don't know which
of them would be the most appropriate for this question.