Sharing an Access database over the network for users is very common, generally via an SMB share. However if you have ever done this you will know how frustrating the trust center warning can be for users when first opening a database.
This warning appears because Access cannot verify the database came from a trustworthy source and therefore warns the user in case the database contains malicious code.
A good feature but having to explain that the database is actually safe and to ignore the warning and click “yes” is not only time consuming and annoying but also a poor security mindset to introduce to users that they should just be clicking yes and ignoring security warnings.
So whats the solution? The answer is a .vbs script that creates a registry key. To run it you need to know the following information:
- Path to set as a trusted location e.g SMB network share containing databases. Could also use system variables such as
%userprofile%/Documents, however this is not recommended as its a location users could easily download or copy potentially untrustworthy databases which will avoid genuine flagging. Type string in quotes “”. - A description of the trusted location, this will appear in the MS Access settings for the user. Type string in quotes “”.
- Whether to allow sub folders of the root path as trusted locations. Type
True/False. - Whether to allow network locations, if you are using a UNC path to an SMB share on the network then this will need to be set as
True. TypeTrue/False.
Once you know the above information simply copy the below script into a text file, edit the parameters as required, save as a .vbs file and run.
NOTE: The below script is configured for MS Access 2016, to use with other versions update the office version number in the path to office files found in the variable strParentKey. E.g for Office 2010 you would use \Office\14.0\ instead of \Office\16.0\ for Office 2016.
Option Explicit
Const HKEY_CURRENT_USER = &H80000001
Dim strProgram
Dim strFolder
Dim strDescription
Dim blnAllowSubFolders
Dim blnAllowNetworkLocations
Dim blnCurrentTrusted
Dim strParentKey
Dim objRegistry
Dim intHighest
Dim arrChildKeys
Dim strChildKey
Dim strValueName
Dim strNewKey
Dim strFullPath
Dim strValue
strProgram = "Access" 'Name of Microsoft program that's being set for
strFolder = "\\server\DatabaseShare\" 'Path to set as a Trusted Location
strDescription = "Database Share" 'Description of the Trusted Location
blnAllowSubFolders = True 'Trust sub folders (True or False)
blnAllowNetworkLocations = True 'Trust a network location (True or False)
strParentKey = "Software\Microsoft\Office\16.0\" & strProgram & "\Security\Trusted Locations"
intHighest = -1
blnCurrentTrusted = False
Set objRegistry = GetObject("winmgmts:\\.\root\default:StdRegProv")
objRegistry.EnumKey HKEY_CURRENT_USER, strParentKey, arrChildKeys
'get the highest key number'
On Error Resume Next
For Each strChildKey In arrChildKeys
If Left(strChildKey,8)="Location" Then
If CInt(Mid(strChildKey, 9)) > intHighest Then
intHighest = CInt(Mid(strChildKey, 9))
End If
'check to see if the folder is already trusted'
strValueName = "Path"
strFullPath = strParentKey & "\" & strChildKey
objRegistry.GetExpandedStringValue HKEY_CURRENT_USER,strFullPath,strValueName,strValue
If strValue = strFolder Then
blnCurrentTrusted = True
End If
End If
Next
If blnCurrentTrusted Then
Else
'add new'
If intHighest = 999 Then
Else
strNewKey = strParentKey & "\Location" & CStr(intHighest + 1)
objRegistry.CreateKey HKEY_CURRENT_USER, strNewKey
objRegistry.SetStringValue HKEY_CURRENT_USER, strNewKey, "Path", strFolder
objRegistry.SetStringValue HKEY_CURRENT_USER, strNewKey, "Description", strDescription
objRegistry.SetStringValue HKEY_CURRENT_USER, strNewKey, "Date", CStr(Now())
If blnAllowSubFolders Then
objRegistry.SetDWORDValue HKEY_CURRENT_USER, strNewKey, "AllowSubFolders", 1
End If
If blnAllowNetworkLocations Then
objRegistry.SetDWORDValue HKEY_CURRENT_USER, strParentKey, "AllowNetworkLocations", 1
End If
End If
End If There are many ways to deploy the script at scale to all users however the method I employed for a school environment was to include in the .vbs script within the .bat NETLOGON script for database users, in this case, staff. So upon every login they would get the registry key and be trusted with the school database.
.vbs scripts can be run from .bat scripts by incorporating the following into your .bat script:
wscript "\\server\NETLOGON\access_2016_trust_db.vbs"
And that is all, enjoy no more warnings for your legitimate databases!