Auto-certificating Access 2003 mdbs

  • Thread starter Thread starter Christopher Mackie
  • Start date Start date
C

Christopher Mackie

We're looking for a solution that will let us add certificates automatically
to a large number of 'legacy' mdbs, in order to enable our organization to
set Office 2003 security levels to 'high' across the enterprise. The
numbers of files involved are too large, and the need too ongoing, to permit
any solution requiring human interaction. We need something that can add
the certificate in some kind of batch or other automated process (watched
folder, web upload, etc.)--at least for non-password-protected databases.

Is this possible using VB/VBA? Can't find any info in Help or the KB to
show how. If not, is there a third-party option out there somewhere?

If not, can anyone explain to me how a less-than-rigidly-centralized
enterprise is supposed to support the 'high' security level? We don't want
'Medium' if we can avoid it: clicking 'OK' in response to the prompts every
time you open any mdb will become so habitual that the security value will
approach nil as the hassle factor approaches infinity.... From what we can
see, you'd have to have an Absolute Data Czar and a complete inventory of
who has what mdb on their desks to make this work.

But I'd be very happy to be shown how wrong I am. Any advice gratefully
welcomed, --CJ
 
FWIW I've been doing some research on this and similar topics. More
specifically I'm running my own Windows 2003 Server which can issue
certificates. So I'm experimenting if I can somehow create my own
certificate to ship along with my apps.
We're looking for a solution that will let us add certificates automatically
to a large number of 'legacy' mdbs, in order to enable our organization to
set Office 2003 security levels to 'high' across the enterprise. The
numbers of files involved are too large, and the need too ongoing, to permit
any solution requiring human interaction. We need something that can add
the certificate in some kind of batch or other automated process (watched
folder, web upload, etc.)--at least for non-password-protected databases.
Click to expand...

I don't know of anyone who is seriously using A2003 code signing
certificates to any great extent. Thus you may not get a good
answer.

Also this may never be possible. From Microsoft's viewpoint a virus
writer or other malicious individual might be able to use this process
to be, well, malicious.
Is this possible using VB/VBA? Can't find any info in Help or the KB to
show how. If not, is there a third-party option out there somewhere?
Click to expand...
If not, can anyone explain to me how a less-than-rigidly-centralized
enterprise is supposed to support the 'high' security level? We don't want
'Medium' if we can avoid it: clicking 'OK' in response to the prompts every
time you open any mdb will become so habitual that the security value will
approach nil as the hassle factor approaches infinity.... From what we can
see, you'd have to have an Absolute Data Czar and a complete inventory of
who has what mdb on their desks to make this work.
Click to expand...

I completely agree with your concerns here. How do you distinguish
between the mailing list created by the administrative assistant and
the mission critical app produced by the IT department,.
But I'd be very happy to be shown how wrong I am. Any advice gratefully
welcomed,
Click to expand...

The closest thing I've found in searching is the following snippet of
code. This was under a topic "About digital signatures " in the A2003
online help. But this isn't anything even close to what you are
looking for.

But how do you differentiate between the person with a mailing list of
names, address, etc and a full blown mission critical app produced by
your IT department?

"You can use the AutomationSecurity property to suppress the display
of the warning message when opening a database by using automation.
The following is an example of a Visual Basic script that uses the
AutomationSecurity property to suppress the security warning when
opening a database.

Caution This technique should be used only if the database is in a
location that cannot be modified by a virus or any unauthorized
person. Opening databases that are on public network locations or
shared directories on the local machine can be dangerous.

Const cDatabaseToOpen = "C:\<FileToOpen>.mdb"

On Error Resume Next
Dim AcApp
Set AcApp = CreateObject("Access.Application")
If AcApp.Version >= 10 Then
AcApp.AutomationSecurity = 1 ' msoAutomationSecurityLow
End If
AcApp.Visible = True
AcApp.OpenCurrentDatabase cDatabaseToOpen
If AcApp.CurrentProject.FullName <> "" Then
AcApp.UserControl = True
Else
AcApp.Quit
MsgBox "Failed to open '" & cDatabaseToOpen & "'."
End If"

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
 
Thanks for the vbscript. How and where and when do I call the script. Do I
point the app shortcut to the vbscript rather than directly to the mde.
 
Back
Top