Open File Security Warning SP2 - File Saved Locally

[Lori McDonald]

I just got a call from a client who is having a problem opening an Access file.

They download the file from a password-protected area of their website which
is SSL protected. When they download the file it warns them that it is from
an Unknown publisher and they press Save and Save it locally on their hard
drive.

Then when they try and open the file (with Access 2003) from their harddrive
they get the following message:

-----------------
Microsoft Access
Microsoft Access cannot open this file.

This file is located outside your intranet or on an untrusted site.
Microsoft Access will not open the file due to potential security problems.

To open the file, copy it to your machine or an accessible network location.
-----------------

But it is on their machine... and they are unable to open it.

I have also installed SP2, but I am able to download it and open the same
file without a problem. I am unsure why.

Any suggestions?

Lori

 

['69 Camaro]

Hi, Lori.

Microsoft Access cannot open this file.

This file is located outside your intranet or on an untrusted site.
Microsoft Access will not open the file due to potential security problems.

To open the file, copy it to your machine or an accessible network location.

Windows XP SP-2 has added security features to block potentially harmful
files from executing on the computer. Your client is probably hitting one
of these speed bumps.

Tell your client to open Windows Explorer and right-click on the database
file name. Select Properties on the pop-up menu to open the Properties
dialog window. (I haven't personally seen this part, so I'm guessing on
this next step.) In the Attributes section with the "Read only" and
"Hidden" check boxes, Windows XP SP-2 has probably added another check box
for blocking potentially harmful files from executing on the computer. Have
your client mark the check box to "unblock" the file (I'm guessing that
would be to uncheck the check box), then attempt to open the file in Access
2003.

I have also installed SP2, but I am able to download it and open the same
file without a problem. I am unsure why.

Unlike your client's computer, your computer "knows" the publisher of the
file. ;-)

A proper level digitial certificate will identify the publisher of Microsoft
Office files on computers that were not used to create the file.

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)

 

[William Wang[MSFT]]

Hi Lori,

You may want to check if your client has the same issue
when opening any other databases, which will help us
determine if this issue is database-specific. Also, copy
the same database to other machines and try to open it
to determine if the issue is machine-specific.

If the issue is database-specific, we can create a new
database and import the objects from the original
database. If the issue is machine-specific, we can
remove Access completely and reinstall it to see if the
problem can be resolved.

Feel free to post back if you have any updates.

Sincerely,

William Wang
Microsoft Online Partner Support

Get Secure! - <www.microsoft.com/security>

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and
confers no rights.

--------------------

Thread-Topic: Open File Security Warning SP2 - File Saved Locally
thread-index: AcTML05zHiHWCWMnQd+0hWk33tk/3A==
X-WBNR-Posting-Host: 24.209.114.23
From: "=?Utf-8?B?TG9yaSBNY0RvbmFsZA==?="

 

['69 Camaro]

Hi, Lori.

Have your client set the Macro Security level for Access to "Low" and see
whether the database file can be opened. Rebooting may be necessary.
(Note: It's not usually necessary, but sometimes Windows Registry settings
"stick" in memory and rebooting will clear the computer's memory.)

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)

 

[Lori McDonald]

I had him press "Unblock" and now that appears to have Unblocked it
according to the Properties tab, but he is still unable to open the file.

he gets the same message.

 

[Lori McDonald]

I am waiting to hear if this is a problem with other databases.

I am unsure if any other machines in the office have MS Access, but I will
ask him to try moving it to another machine if they do.

 

[William Wang[MSFT]]

Hi Lori,

If you have any further updates or need further
assistance on this issue, feel free to post back.

Sincerely,

William Wang
Microsoft Online Partner Support

Get Secure! - <www.microsoft.com/security>

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and
confers no rights.

--------------------

Thread-Topic: Open File Security Warning SP2 - File Saved Locally
thread-index: AcTMu5jr+9H2CKMwT9OArjnO7jH1Qw==
X-WBNR-Posting-Host: 24.209.114.23
From: "=?Utf-8?B?TG9yaSBNY0RvbmFsZA==?="

References:

 

[Lori McDonald]

My client reports that Access opens any database (other than the one he is
downloading from his website) that he created before November 1st, which was
the last time he created a database locally. There are no other machines in
his office with Access on them.

I think I may have an idea as to the problem. The database actually
contains links to another database on a mapped drive and these links are
deleted as soon as the database is opened after the download. I am guessing
these invalid links may be causing the problem in opening it. I am not sure
how we are going to fix it... but we have a place to start.

Lori

 

[Lori McDonald]

I just spoke to my client again and in working through these steps I
discovered that he has Access 2002. So this security level isn't even an
option.

 

['69 Camaro]

Hi, Lori.

Thanks for the correction. That's a horse of a different color then,
because Access XP has a different security model than Access 2003.

Does this problem database have linked tables that are linked using an IP
address (\\123.123.123.1\SharedDir) or a fully qualified domain name
(\\ComputerName.OurDomain.com\SharedDir), instead of the Unified Naming
Convention (UNC) (\\ComputerName\SharedDir) or a hard-coded mapped drive
(T:\SharedDir)?

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)

 

[William Wang[MSFT]]

Hi Lori,

Since the database does need to access another database
via network, I suggest that your refer to the following
article and try the workarond described:

303650 Intranet site is identified as an Internet site
when you use an FQDN or
http://support.microsoft.com/?id=303650

Please feel free to let us know if this resolves the
problem or if you need further assistance.

Sincerely,

William Wang
Microsoft Online Partner Support

Get Secure! - <www.microsoft.com/security>

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and
confers no rights.

--------------------

Thread-Topic: Open File Security Warning SP2 - File Saved Locally
thread-index: AcTNoeFRjMmmZLvcTMat8s6EelcWHQ==
X-WBNR-Posting-Host: 24.209.114.23
From: "=?Utf-8?B?TG9yaSBNY0RvbmFsZA==?="

References:

<[email protected]>
<[email protected]>

 

[random9q]

I was searching for an answer to a very similar question of my own, and this
seemed to me to be the most relevant thread in which to ask it.

During the course of writing my question, I actually came up with a
completely separate work-around which I can suggest but which still leaves me
with other questions.

Let me start with a bit of exposition —
I, too, have an ".mdb" file I _had_ been unable to open via Access:
* My database is file is currently stored on a local hard-drive.
* My database contains a variety of table-links of various styles which
references machines which are invisible to this machine (i.e., machines at my
office's intranet — I'm at home working on my code base over the weekend).
* I had "un-blocked" this database, and that alone had not permitted me to
open the file.
* I am using Microsoft Access 2002.

Now, here are two additional I tried which were _also_ immediately refused
by Access:
* I attempted to open the database file in safe-mode (held down the
shift-key while opening the database) to suppress any AutoExec macro or
startup-option specified Form (it had both).
* I created a "clean" (File>New>Blank) database and attempted the command
"File>Get External Data>Import" in order to _indirectly_ access the database.
(I had hoped to move unaffected objects — specifically, several VBA modules
— into the blank database.)

Now, something that _did_ work. I tried this as I was composing the
original version of this message simply for the sake of thoroughness. I
created the following VBA procedure within another database:

Public Sub RemoveAllLinksInExternalDatabase(s_FilePath As String)
Dim db As DAO.Database, tdf As DAO.TableDef
Set db = DBEngine.OpenDatabase(s_FilePath)
For Each tdf In db.TableDefs
If tdf.Connect <> "" Then db.TableDefs.Delete tdf.Name
Next tdf
End Sub

I then, in the immedate-mode pane, fed that procedure the path to hte
offending file, which rendered it _usable_.

I have two suggestions:

(1) Forward the above code to the fine folks who administer and edit the
MSKB. I searched there first in an attempt to find a solution and every
article's list of work-arounds suggested one form or another of punching
holes in my security settings — the most radical of which involved taking
down a component of IE's revised security model. This, by comparison, only
affects the file that is in quesiton without affecting the entire OS. (And
if I cared about those file links, I could'a made a backup of the file before
I deleted 'em. All I was after was my code modules!)

(2) Access seems to be hyper-corrective in responding to this "potential
vulnerability". I'll take it as a forgone conclusion that it could, at some
point, constitute a threat of some kind. I'm assuming from both Access's
responses and the timing of those responses that while it is validating the
integrity of the file prior to opening it (for direct AND indirect use) it
reads the connection-strings of any linked tables that are described. Then,
as it inspects the connection string it does a security-check on the machine
the connection specifies. Most unfortunately, rather than simply refusing to
follow the connection (as it ought, given our assumption about the potential
vulerability), the file-validation procedure takes the returned exception and
misconstrues it as an exception applicable to the file as a whole rather than
links within the file.

Since there are _multiple_ points later on during which Access has a chance
to refuse to follow the external connection _after_ the file has been opened,
I say this response is _hyper-corrective_ on its part, and incorrect
behavior. Incorrect in that: (a) first of all, it refuses legitimate access
to a local file and (b) to add further aggravation, it generates an error
message which is factually incorrect when it states the file is outside the
local machine.

My second suggestion would be to resolve this inconsistency.

Anyhow, my two-bits. I know I'm being a bit picky since I _did_ manage to
get into my file. Just prioritize my suggestion(s) amongst the pile of 'em
from everyone as you best think it fits.

--Tal Loos / a.k.a. "random9q"

 

[TC]

Well done for adding this info.

TC