unsafe expressions problems on office 2003 with one user.

E

elmurado

Hi, we just rolled out Office 2003 across domain using GPO and using CIW to
make a transform that changed reg keys for unsafe expressions so that our
existing database would work.

However, I have one user whose upgrade went fine-however, he is having
problems accessing certain parts of the database-specifically certain queries
and reports.
Funny thing is, if I login as domain admin on his machine it works fine but
when I login as him it doesn't work.
Now I thought that the two reg keys for the JET 4.0\engine SandBoxMode and
the MSACCESS security level applied to everyone on the machine.

However, when I compare his HKCU\Software\microsoft\ to mine(which works) I
see that he has a Jet4.0 subkey whereas I don't. Is that right? Even if I
change this to most permissive however, it still doesn't work. Could it be a
registry setting that is causing this?

Thanks
 
G

Graham Mandeno

The HKCU registry hive *is* user specific (the "CU" stands for
"CurrentUser"). It's HKLM ("LocalMachine") that is common to all users.

Now, the macro security level is the one that is usually in HKCU and is
therefore user-specific. SandBoxMode is usually in the HKLM hive.

You say he has a key: HKCU\Software\Microsoft\Jet\4.0\Engines? This is
unusual, but there may be some user settings there for some reason. Does it
have a SandBoxMode value at that key? If so, I suggest you delete it.

Then, open Access and go to Tools>Macro>Security and set the security level
to medium, save it, then set it back to low and say you do not want to block
unsafe expressions.
 
E

elmurado

Thanks Graham, i've tried the deleting of the SandBoxMode key in
HKCU\Software\MS\Jet\engines and then tried opening the dbase again.
Now what happens is that there are no prompts or warnings but the
particular queries in question will not run. So that made me think that
something else is causing the problem. If i elevate him to admin level they
still don't run. That's what's got me stumped and made me wonder if there is
another deeper setting...or is something else broken?
I know that HKCU applies to the user and HKLM is right across the board-but
does one override the other?

Graham Mandeno said:
The HKCU registry hive *is* user specific (the "CU" stands for
"CurrentUser"). It's HKLM ("LocalMachine") that is common to all users.

Now, the macro security level is the one that is usually in HKCU and is
therefore user-specific. SandBoxMode is usually in the HKLM hive.

You say he has a key: HKCU\Software\Microsoft\Jet\4.0\Engines? This is
unusual, but there may be some user settings there for some reason. Does it
have a SandBoxMode value at that key? If so, I suggest you delete it.

Then, open Access and go to Tools>Macro>Security and set the security level
to medium, save it, then set it back to low and say you do not want to block
unsafe expressions.
--
Good Luck!

Graham Mandeno [Access MVP]
Auckland, New Zealand

elmurado said:
Hi, we just rolled out Office 2003 across domain using GPO and using CIW
to
make a transform that changed reg keys for unsafe expressions so that our
existing database would work.

However, I have one user whose upgrade went fine-however, he is having
problems accessing certain parts of the database-specifically certain
queries
and reports.
Funny thing is, if I login as domain admin on his machine it works fine
but
when I login as him it doesn't work.
Now I thought that the two reg keys for the JET 4.0\engine SandBoxMode and
the MSACCESS security level applied to everyone on the machine.

However, when I compare his HKCU\Software\microsoft\ to mine(which works)
I
see that he has a Jet4.0 subkey whereas I don't. Is that right? Even if I
change this to most permissive however, it still doesn't work. Could it be
a
registry setting that is causing this?

Thanks
 
E

elmurado

Okay-here's the weird thing and I'm not sure if this has anything to do with
the security settings now-if I remote desktop to the machine in question as
the user, the query works and the correct fields come up etc but when i am
sitting at the machine and trying it the correct query doesn't work. how
strange is that?
What is meant to happen is that when a button is pressed in the queries
section a dialog box pops up for a parammeter to be entered. This box doesn't
pop up when the user does this on their machine but when i do it via rdp it
works. I can't see how a box shows on rdp but not on the machine itself.
Weird.

elmurado said:
Thanks Graham, i've tried the deleting of the SandBoxMode key in
HKCU\Software\MS\Jet\engines and then tried opening the dbase again.
Now what happens is that there are no prompts or warnings but the
particular queries in question will not run. So that made me think that
something else is causing the problem. If i elevate him to admin level they
still don't run. That's what's got me stumped and made me wonder if there is
another deeper setting...or is something else broken?
I know that HKCU applies to the user and HKLM is right across the board-but
does one override the other?

Graham Mandeno said:
The HKCU registry hive *is* user specific (the "CU" stands for
"CurrentUser"). It's HKLM ("LocalMachine") that is common to all users.

Now, the macro security level is the one that is usually in HKCU and is
therefore user-specific. SandBoxMode is usually in the HKLM hive.

You say he has a key: HKCU\Software\Microsoft\Jet\4.0\Engines? This is
unusual, but there may be some user settings there for some reason. Does it
have a SandBoxMode value at that key? If so, I suggest you delete it.

Then, open Access and go to Tools>Macro>Security and set the security level
to medium, save it, then set it back to low and say you do not want to block
unsafe expressions.
--
Good Luck!

Graham Mandeno [Access MVP]
Auckland, New Zealand

elmurado said:
Hi, we just rolled out Office 2003 across domain using GPO and using CIW
to
make a transform that changed reg keys for unsafe expressions so that our
existing database would work.

However, I have one user whose upgrade went fine-however, he is having
problems accessing certain parts of the database-specifically certain
queries
and reports.
Funny thing is, if I login as domain admin on his machine it works fine
but
when I login as him it doesn't work.
Now I thought that the two reg keys for the JET 4.0\engine SandBoxMode and
the MSACCESS security level applied to everyone on the machine.

However, when I compare his HKCU\Software\microsoft\ to mine(which works)
I
see that he has a Jet4.0 subkey whereas I don't. Is that right? Even if I
change this to most permissive however, it still doesn't work. Could it be
a
registry setting that is causing this?

Thanks
 
G

Graham Mandeno

That is *very* weird! AFAIK, if you RDP into a machine as a particular
user, it is exactly the same as being logged on directly - you would get the
same registry settings and everything.

As to your question about HKCU overriding HKLM, it would depend entirely on
the application. AFAIK there is no facility in the registry API to
automatically return the value from HKCU if it exists, otherwise go look for
it in HKLM. The program developer would need to deliberately code it that
way.

Can you please post the code under your command button's Click event? We
may be able to see some workaround.

Also, is the parameter box the standard query parameter box (shouldn't be
affected by SandBoxMode) or is it something else your code is calling?

Most SandBoxMode issues are very easy to program around.
--
Good Luck!

Graham Mandeno [Access MVP]
Auckland, New Zealand

elmurado said:
Okay-here's the weird thing and I'm not sure if this has anything to do
with
the security settings now-if I remote desktop to the machine in question
as
the user, the query works and the correct fields come up etc but when i am
sitting at the machine and trying it the correct query doesn't work. how
strange is that?
What is meant to happen is that when a button is pressed in the queries
section a dialog box pops up for a parammeter to be entered. This box
doesn't
pop up when the user does this on their machine but when i do it via rdp
it
works. I can't see how a box shows on rdp but not on the machine itself.
Weird.

elmurado said:
Thanks Graham, i've tried the deleting of the SandBoxMode key in
HKCU\Software\MS\Jet\engines and then tried opening the dbase again.
Now what happens is that there are no prompts or warnings but the
particular queries in question will not run. So that made me think that
something else is causing the problem. If i elevate him to admin level
they
still don't run. That's what's got me stumped and made me wonder if there
is
another deeper setting...or is something else broken?
I know that HKCU applies to the user and HKLM is right across the
board-but
does one override the other?

Graham Mandeno said:
The HKCU registry hive *is* user specific (the "CU" stands for
"CurrentUser"). It's HKLM ("LocalMachine") that is common to all
users.

Now, the macro security level is the one that is usually in HKCU and is
therefore user-specific. SandBoxMode is usually in the HKLM hive.

You say he has a key: HKCU\Software\Microsoft\Jet\4.0\Engines? This is
unusual, but there may be some user settings there for some reason.
Does it
have a SandBoxMode value at that key? If so, I suggest you delete it.

Then, open Access and go to Tools>Macro>Security and set the security
level
to medium, save it, then set it back to low and say you do not want to
block
unsafe expressions.
--
Good Luck!

Graham Mandeno [Access MVP]
Auckland, New Zealand

Hi, we just rolled out Office 2003 across domain using GPO and using
CIW
to
make a transform that changed reg keys for unsafe expressions so that
our
existing database would work.

However, I have one user whose upgrade went fine-however, he is
having
problems accessing certain parts of the database-specifically certain
queries
and reports.
Funny thing is, if I login as domain admin on his machine it works
fine
but
when I login as him it doesn't work.
Now I thought that the two reg keys for the JET 4.0\engine
SandBoxMode and
the MSACCESS security level applied to everyone on the machine.

However, when I compare his HKCU\Software\microsoft\ to mine(which
works)
I
see that he has a Jet4.0 subkey whereas I don't. Is that right? Even
if I
change this to most permissive however, it still doesn't work. Could
it be
a
registry setting that is causing this?

Thanks
 
E

elmurado

Thanks Graham. I get the feeling it has nothing to do with SandBoxMode but
maybe be some kind of display setting. What, I'm not sure but I will play
around with it. RDP should basically show everything as you would see it if
you were logged in interactively unless you choose in options not to see
certain things such as wallpaper etc.
I'll grab the code when I can and will post it.

Graham Mandeno said:
That is *very* weird! AFAIK, if you RDP into a machine as a particular
user, it is exactly the same as being logged on directly - you would get the
same registry settings and everything.

As to your question about HKCU overriding HKLM, it would depend entirely on
the application. AFAIK there is no facility in the registry API to
automatically return the value from HKCU if it exists, otherwise go look for
it in HKLM. The program developer would need to deliberately code it that
way.

Can you please post the code under your command button's Click event? We
may be able to see some workaround.

Also, is the parameter box the standard query parameter box (shouldn't be
affected by SandBoxMode) or is it something else your code is calling?

Most SandBoxMode issues are very easy to program around.
--
Good Luck!

Graham Mandeno [Access MVP]
Auckland, New Zealand

elmurado said:
Okay-here's the weird thing and I'm not sure if this has anything to do
with
the security settings now-if I remote desktop to the machine in question
as
the user, the query works and the correct fields come up etc but when i am
sitting at the machine and trying it the correct query doesn't work. how
strange is that?
What is meant to happen is that when a button is pressed in the queries
section a dialog box pops up for a parammeter to be entered. This box
doesn't
pop up when the user does this on their machine but when i do it via rdp
it
works. I can't see how a box shows on rdp but not on the machine itself.
Weird.

elmurado said:
Thanks Graham, i've tried the deleting of the SandBoxMode key in
HKCU\Software\MS\Jet\engines and then tried opening the dbase again.
Now what happens is that there are no prompts or warnings but the
particular queries in question will not run. So that made me think that
something else is causing the problem. If i elevate him to admin level
they
still don't run. That's what's got me stumped and made me wonder if there
is
another deeper setting...or is something else broken?
I know that HKCU applies to the user and HKLM is right across the
board-but
does one override the other?

:

The HKCU registry hive *is* user specific (the "CU" stands for
"CurrentUser"). It's HKLM ("LocalMachine") that is common to all
users.

Now, the macro security level is the one that is usually in HKCU and is
therefore user-specific. SandBoxMode is usually in the HKLM hive.

You say he has a key: HKCU\Software\Microsoft\Jet\4.0\Engines? This is
unusual, but there may be some user settings there for some reason.
Does it
have a SandBoxMode value at that key? If so, I suggest you delete it.

Then, open Access and go to Tools>Macro>Security and set the security
level
to medium, save it, then set it back to low and say you do not want to
block
unsafe expressions.
--
Good Luck!

Graham Mandeno [Access MVP]
Auckland, New Zealand

Hi, we just rolled out Office 2003 across domain using GPO and using
CIW
to
make a transform that changed reg keys for unsafe expressions so that
our
existing database would work.

However, I have one user whose upgrade went fine-however, he is
having
problems accessing certain parts of the database-specifically certain
queries
and reports.
Funny thing is, if I login as domain admin on his machine it works
fine
but
when I login as him it doesn't work.
Now I thought that the two reg keys for the JET 4.0\engine
SandBoxMode and
the MSACCESS security level applied to everyone on the machine.

However, when I compare his HKCU\Software\microsoft\ to mine(which
works)
I
see that he has a Jet4.0 subkey whereas I don't. Is that right? Even
if I
change this to most permissive however, it still doesn't work. Could
it be
a
registry setting that is causing this?

Thanks
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top