Mike Hosker
All posts
Active Directory Scripts Windows Server

Stop Access Trust Center Warning

· Mike Hosker

Sharing an Access database over a network share is common practice, but anyone who's done it knows how irritating the Trust Center warning is. Every time a user opens the database, Access warns that it can't confirm the file's trustworthiness and restricts functionality. Users end up either dismissing it repeatedly or clicking "Enable Content" without thinking — neither ideal from a security standpoint.

The proper fix is to register the share path as a Trusted Location in Access — but doing this manually on dozens of machines is tedious. A VBScript deployed through a NETLOGON logon script handles it automatically.

The Script

The script adds the network share to the Access 2016 Trusted Locations registry keys. Adjust the version path (16.0) for other Office versions:

Dim oReg, sPath, sDesc, bSubfolders, bNetwork
Dim nKeyCount, sKeyPath, sExistingPath

sPath       = "\\server\share\databases\"   ' The path to trust
sDesc       = "Access Databases"            ' Friendly description
bSubfolders = True                          ' Trust subfolders
bNetwork    = True                          ' Allow network paths

Const HKCU = &H80000001
sBasePath = "Software\Microsoft\Office\16.0\Access\Security\Trusted Locations"

Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

' Count existing trusted location entries
oReg.EnumKey HKCU, sBasePath, aKeys
nKeyCount = 0
If Not IsNull(aKeys) Then
    For Each sKey In aKeys
        ' Check if this path is already trusted
        oReg.GetStringValue HKCU, sBasePath & "\" & sKey, "Path", sExistingPath
        If LCase(sExistingPath) = LCase(sPath) Then
            WScript.Quit ' Already trusted, nothing to do
        End If
        nKeyCount = nKeyCount + 1
    Next
End If

' Add the new trusted location
sNewKey = sBasePath & "\Location" & (nKeyCount + 1)
oReg.CreateKey HKCU, sNewKey
oReg.SetStringValue  HKCU, sNewKey, "Path",            sPath
oReg.SetStringValue  HKCU, sNewKey, "Description",     sDesc
oReg.SetDWORDValue   HKCU, sNewKey, "AllowSubfolders", IIf(bSubfolders, 1, 0)
oReg.SetDWORDValue   HKCU, sNewKey, "UserCreated",     1

Set oReg = Nothing

Deployment

Place the script on your NETLOGON share and call it from the logon script:

wscript "\\domain\NETLOGON\access_trust_db.vbs"

The script runs silently at login, checks whether the path is already trusted, and only adds the registry entries if needed — so it's safe to run every login without creating duplicate entries.

Adjusting for Other Office Versions

Change 16.0 in the registry path for your version of Office:

  • Office 2016/2019/365: 16.0
  • Office 2013: 15.0
  • Office 2010: 14.0