In response to growing threats from viruses and worms, Microsoft launched a security initiative in early 2002, called Trustworthy Computing, to focus on making all its products safer to use. In an email sent to employees, Bill Gates summed up the seriousness of the initiative:
“In the past, we’ve made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We’ve done a terrific job at that, but all those great features won’t matter unless customers trust our software. So now, when we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve.”
Prior to Access 2003, it was quite possible for a malicious person to send you a database file that contained code that could damage your system. As soon as you opened the database, the harmful code would run—perhaps even without your knowledge. Alternatively, the programmer could embed dangerous code in a query, form, or report, and your computer would be damaged as soon as you opened that object. In version 11 (Access 2003), you were presented with a series of confusing dialog boxes when you opened an unsigned database file if you had left your macro security level set to Medium or High. After wading through the various dialog boxes, you could still be left with a database you were unable to open.
Access 2007 improved upon the security model by adding a component to the Access interface called the Trust Center. This security interface is far less confusing and intrusive than the Access 2003 macro security feature. With a security level set to High in Access 2003, you would not be able to open any database files because all Access databases could have some type of macros, Visual Basic for Applications (VBA) code, or calls to unsafe functions embedded in their structure. Access 2010 further improves upon the Access 2007 security model by adding Trusted Documents. Any database with queries is considered unsafe by Access 2010 because those queries could contain expressions calling unsafe functions. In Access 2010, each database file opens without presenting you with a series of dialog boxes as in Access 2003. Depending on where your file is located on the local computer drive or network share, Access silently disables any malicious macros or VBA code without any intrusive dialog box messages.
Note
The sample databases included on the companion CD are not digitally signed, because they will become unsigned as soon as you change any of the queries or sample code. We designed all the sample applications to open successfully, but each displays a warning dialog box if the database is not trusted. If you have installed the database in an untrusted location, the application displays instructions in the warning dialog box that you can follow to enable the full application. See Enabling Content by Defining Trusted Locations, for information about defining trusted locations.
When you open an existing database or template, you might see a Security Warning message displayed in the Message Bar, just below the Quick Access Toolbar and ribbon, as shown in Figure 2-24. This message notifies you that Access has disabled certain features of the application because the file is not digitally signed, the file is not a trusted document, or the file is located in a folder that has not been designated as trusted.
To ensure that any restricted code and macros function in this database, you must manually tell Access to enable this content by clicking the Enable Content button on the Message Bar. After you click this button, Access closes the database and then reopens the file to enable all content. Access does not display the Message Bar after it reopens the file, and all functions, code, and macros are now allowed to run in this specific database. Access also adds this database to its list of trusted documents.
If your database is not currently trusted, Access displays the Security Warning information on the Info tab of the Backstage view, as shown in Figure 2-25. Note that if you have enabled the content of the database you are viewing or if the file is located in a folder that has been designated as trusted, Access does not display the Security Warning information on the Info tab of the Backstage view.
Figure 2-25. If your database is not trusted, Access displays the Security Warning on the Backstage view.
When you click the Enable Content button under Security Warning, Access displays two options—Enable All Content and Advanced Options, as shown in Figure 2-26. When you click Enable All Content, Access adds this database to its list of trusted database files. Each time you open this database from this point on, Access does not disable the content for that database. Note that if you move this database to a different file location on your computer, Access disables the content again when you open the database.
Figure 2-26. Click Enable Content to enable all the content of your database or open advanced security options.
Click Advanced Options under Enable Content, and Access opens a dialog box, called Microsoft Office Security Options, as shown in Figure 2-27. This dialog box warns you that this file’s content cannot be verified because a digital certificate was not found.
You can choose to have Access 2010 continue to block any harmful content by leaving the default option set to Help Protect Me From Unknown Content (Recommended). By having Access block any harmful content, you can be assured that no malicious code or macros can execute from this database. However, you also have to realize that because Access blocks all Microsoft Visual Basic code and any macros containing a potentially harmful command, it is quite possible that this application will not run correctly if you continue to let Access disable potentially harmful functions and code. To have Access discontinue blocking potentially harmful content, you must select the option Enable Content For This Session. After you select that option and click OK, Access closes the database and then reopens the file to enable all content. Access does not display the Message Bar after it reopens the file, and all functions, code, and macros are now allowed to run in this specific database.
You might have noticed a link to the Trust Center in the lower-left corner of the Microsoft Office Security Options dialog box. You can also open the Trust Center from the Info tab of the Backstage view by clicking the Trust Center Settings link beneath Security Warning, as discussed earlier. We will discuss the Access Options dialog box later in this chapter; see Modifying Global Settings via the Access Options Dialog Box.
Click Open The Trust Center in the Microsoft Office Security Options dialog box to view the advanced security settings. If the Security Warning on the Info tab of the Backstage view is not currently available, click the File tab and then click Options on the Backstage view. In the Access Options dialog box, click the Trust Center category on the left and then click Trust Center Settings. In the Trust Center dialog box, shown in Figure 2-28, you see nine categories of security settings.
Figure 2-28. The Trust Center dialog box displays various categories, from which you can select trust and privacy options.
Briefly, the categories are as follows:
Trusted Publishers. Use to view and remove publishers that you have designated as being trustworthy. When applications are digitally signed by one of these trusted publishers, Access does not disable any content within the database and the Message Bar does not display any warning. By default, digitally signed applications from Microsoft are trusted. You might see one or more additional trusted publishers if you have ever tried to download and run a signed application and have indicated to Windows that you trust the publisher and want to save the publisher’s certificate. See Chapter 27, “Distributing Your Application,” on the companion CD, for information about digitally signing your own applications.
Trusted Locations. Use to designate specific folders and subfolders as trusted locations. Access considers any database files within this folder as trustworthy, and all content in these folders is enabled. In the Trusted Locations dialog box, each designated trusted folder is listed with the file path, an optional description, and the date the entry was last modified. See Enabling Content by Defining Trusted Locations, for details about using the options in this category.
Trusted Documents. Use to allow databases on a network share to be trusted, disable the Trusted Documents feature, or clear all trusted databases. By default, Access allows you to trust database files on a network share. Clearing this check box disables your ability to trust individual database files on network shares. If you select the option to disable trusted documents, Access disables all content in databases that you previously designated as trusted. If you click Clear, Access removes all database files from its internal list of trusted documents.
Add-Ins. Use to set specific restrictions on Access add-in files by selecting or clearing the three check boxes in this category. An add-in is a separate program or file that extends the capabilities of Access. You can create these separate files or programs by using VBA or another programming language such as C#. You can require that add-in files be signed by a trusted publisher before Access will load and run them. If you select the option to require that add-ins be signed, you can disable notifications for add-ins that are unsigned. For added security, you can disable all application add-in functionality.
ActiveX Settings. Use to configure how Access handles ActiveX controls in databases. Five options are available with this feature, only one of the first four options can be active at any time. Table 2-1 discusses the purpose of each option.
Table 2-1. ActiveX Settings
Macro Settings. Use to configure how Access handles macros in databases that are not in a trusted location. Four options are available with this feature, only one of which can be active at any given time. Table 2-2 discusses the purpose of each option.
Table 2-2. Macro Settings
Option
Purpose
Disable All Macros Without Notification
Access disables all harmful content but does not notify you through the Message Bar.
Disable All Macros With Notification
Access disables all harmful content but notifies you through the Message Bar that it has disabled the content. This is the default option for new installations of Access. This is equivalent to the Medium macro security level option available in Access 2003.
Disable All Macros Except Digitally Signed Macros
Access allows only digitally signed macros (code in digitally signed databases). All other potentially harmful content is disabled. This is equivalent to the High macro security level option available in Access 2003.
Enable All Macros (not recommended, potentially dangerous code can run)
Access enables any and all potentially harmful content. In addition, Access does not notify you through the Message Bar. This is equivalent to the Low macro security option available in Access 2003.
DEP Settings. Use to enable or disable Data Execution Prevention (DEP) mode for your Access installation. This option, selected by default, helps prevent poorly written code from running on your computer. If, for example, an add-in that was not designed to run in a DEP setup tries to execute on your computer, Access might crash to prevent the add-in from damaging your computer. You can view the Add-ins category of the Trust Center to see if DEP is preventing any add-ins from running on your computer.
Message Bar. Use to configure Access either to show the Message Bar when content has been disabled or not to display the bar at all.
Privacy Options. Use to enable or disable actions within Access regarding computing privacy, troubleshooting system problems, and scanning suspicious website links. The first check box under Privacy Options tells Access to scan Microsoft’s Office.com help site when you are connected to the Internet. If you clear this check box, Access scans only your local hard drive when you conduct a search in Help. Selecting the second check box instructs Access to download and activate a special file from Microsoft’s site that helps you troubleshoot Access and Office program installation and program errors. The third check box allows you to sign up for the Customer Experience Improvement Program. Microsoft uses this program to track statistics of the features you use most frequently and gather information about your Office system configuration. These statistics help determine changes in future program releases. The fourth check box, Automatically Detect Installed Office Applications To Improve Office.com Search Results, helps to narrow your search results on Office.com to programs you currently have installed. The fifth check box under Privacy Options allows Access to scan Office documents automatically for possible links to and from suspicious websites. This option is turned on by default to help safeguard your computer against documents containing harmful web links. The final check box, Allow The Research Pane To Check For And Install New Services, allows Access to automatically check for new updates to research services and install them.
You can permanently enable the content in a database that is not trusted by defining a folder on your hard drive or network that is trusted and then placing the database in that folder. Alternatively, you can define the folder where the database is located as trusted. You define trusted locations in the Trust Center dialog box.
Caution
If you are in a corporate network environment, you should check with your IT department to determine whether your company has established guidelines concerning enabling content on Access databases.
To define a trusted location, click the File tab on the Backstage view and then click Access Options. In the Access Options dialog box, click the Trust Center category and then click Trust Center Settings. Access displays the Trust Center dialog box. Click the Trusted Locations category to see its options, as shown in Figure 2-29.
Figure 2-29. The Trusted Locations category in the Trust Center dialog box shows you locations that are currently trusted.
Click Add New Location. Access now displays the Microsoft Office Trusted Location dialog box, as shown in Figure 2-30.
Click Browse and locate the folder that you want to designate as trusted. You have the option of designating any subfolders in that directory as trusted without having to designate each individual folder within the hierarchy. Enter an optional description you want for this folder, and click OK to save your changes. The new location you just specified now appears in the list of trusted locations. Microsoft recommends you do not designate the root folder for your Windows installation (for example, C:\ on a standard installation) as a trusted location. You should instead designate only the individual folders you want trusted.
If you later decide to remove this folder as a trusted location, select that location, as shown in Figure 2-29, and then click Remove. Any Access databases in that folder are now treated as unsafe. Figure 2-29 also shows two check boxes at the bottom of the dialog box. The first check box allows you to define network locations as trusted locations. Microsoft recommends you not select this check box because you cannot control what files others might place in a network location. The second check box disables all Trusted Location settings and allows content only from trusted publishers.