none
Bug Report: Access 2010 Package Solution Wizard - Trusted Location

    General discussion

  • Software: Access 2010, Access 2010 Package Solution Wizard Add-In

    Problem: Using the Package Solution Wizard with Access 2010 and an .accdr file will present the "A potential security concern has been identified." warning message on deployed client machines.

    Cause: Packaging and deploying an .accdr database to a client machine results in a new Key/Value made here:

    • Key: "HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\{GUID}"
    • String: Name - "Path", Value - "C:\Users\{user}\AppData\Local\{application name}\"
    • Where {GUID} comes from is unknown, at least to me.

    Solution:

    • When editing your deployment package with the Package Solution Wizard, under "Additional Registry Keys"
    • Click the "Add" button
    • Add the following values in the columns: Root - "Current User", Key - "Software\Microsoft\Office\14.0\Access\Security\Trusted Locations\{GUID}", Name - "Path", Value - "[DATABASEDIR]"
    • For {GUID}, I use the "Upgrade Code" from my package, but I don't think it matters what you use.

    Comments:

    It seems that the ball was dropped in the upgrade of the Package Solution Wizard from 2007 to 2010.  I tried several custom registry settings until I finally opened a generated msi with ORCA and was able to find the correct string name/value of Path/[DATABASEDIR].  The installer will not take SpecialFolder strings such as "%localapppath%\{programname}."  This should be corrected so that the Package Solution Wizard creates the correct Trusted Location to Office\14.0 instead of Office\12.0 for Access 2010.  Access 2010 Runtime end-users don't have the ability in a deployed .accdr to add the database to "Trusted Documents," which is understandable. I haven't tested so see if .accde's were affected by the lack of "Trusted Document" authorization button.

    Unless developers add the custom key above, edit the .msi generated with ORCA or disable the office security through registry flag hacks on the clients' machines, there isn't another way to get quell the security warnings.


    Thursday, June 02, 2011 4:55 PM

All replies

  • Hi Sachieldvangel,

    Thank you for sharing us with your problem and solution. You are welcome.

    Best Wishes,

    Monday, June 06, 2011 5:14 AM
  • I'm having this same issue, but I'm unable to get it working.

     

    Could someone post a working sample of the registry key setup needed? I'm not familiar with modifying the registry and dont know if i'm supposed to replace {GUID} and [DATABASEDIR] for some values when doing this.

     

    Also, my project needs to be packaged in a way that works in windows XP SP3.  Does anyone know if I need to use a specific root install folder for this setup to work?  or will the choices listed there work on all supported windows versions?

     

    One more quirck about my project is that it will be a split database.... Will the packaged front ends "know" where to find the backend, or is there a way to point the packaged front ends to the correct backend?.

     

    The backend will live in a common shared drive that we (about 5 users) share on a server pc.

     

    Thanks in advance... Any help in these questions is greately appreciated.

    Monday, June 27, 2011 5:35 PM
  • Thanks for sharing! One thing...You don't have to use a {GUID}. You can give it any name you want. The reg key I use for setting trusted folders looks like this:

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\LocationNameGoesHere]
    "Path"="FolderPathGoesHere"
    "Description"="DescriptionGoesHere"

     


    Bill Mosca
    http://www.thatlldoit.com
    http://tech.groups.yahoo.com/group/MS_Access_Professionals
    Monday, June 27, 2011 7:13 PM
  • Thanks for the response.

    I'm not sure I get this... I'm still getting problems. This is what i'm doing

    At the package wizard, I'm adding a key as suggested in the first post in this thread. And this is what i'm setting up there.

    File to package = H:\myworkdb.accdb

    Root Install Folder = Program files

    Install Subfolder = workdb

    Require access or access runtime 2010 to be installed is selected.

    Shortcut to start menu named "WORKDB"

    --- PAGE 2 of the wizard ----

    Additional Registry Keys:

    Root = Current User

    Key = Software\Microsoft\Office\14.0\Access\Security\Trusted Locations\WORKDB

    Name = Path

    Value = C:\Program Files\workdb

     

    I click ok to finish the wizard, but when installing the package on another windows (with no access, only runtime installed) I get an error during the installation that says

    "The cabinet file 'Binary.AppFiles.CAB' required for this installation is corrupt and cannot be used.  This could indicate a network error, an error reading from the CD-ROM, or a problem with this package."

     

    Can anyone point out what i'm doing wrong please?

     

    Thanks in advance.

    Tuesday, June 28, 2011 3:58 PM
  • What sachieldvange stated is correct. 

    All you need to do is exactly what has been explained just remember to ignore the speech marks. [DATABASEDIR] typed exactly like this will automatically interchange your user's install location so use it. You don't need to use GUID (you could just use any name you choose) but you may as well - again use it exactly as described: {GUID}

    I have checked this and it works perfectly - so thanks to sachieldvange. Does it work for you now? I realise this is an older post but nice to box it off.


    --- Sam
    Friday, January 20, 2012 10:47 AM
  • Great stuff, I'd been trying to find a way to get a "/runtime" switch added automatically to shortcuts for ages but this worked just as well. Thanks mate.
    Monday, June 18, 2012 8:54 PM
  • Thank you, thank you, thank you... been searching high and low... was getting ready to be resigned in purchasing a Digital Certificate but hated to go this far for some little app I created for a friend... But how do you explain such a vicious warning? I didn't want to have to do it... I did this and it worked like a charm!!

    Anthony Griggs

    Wednesday, June 19, 2013 1:08 AM