Click any image to view a larger version



First Published 28 June 2022                                                Difficulty level : Easy

This article was written partly in response to several forum threads including:
      How to Close Database When Macro errors
      Ribbon Before Autoexec
      Hiding A Form

The Autoexec macro is widely used to run various actions when a database loads.
This is a fairly simple example:

Autoexec
However, there are several fallacies about the autoexec macro that are widely believed, even by experienced developers:

1.   Autoexec runs first before any other code
      WRONG – code in the startup form runs followed by any actions from the autoexec macro

2.   Autoexec doesn’t run if macros are blocked
      WRONG – disabling macros has no effect on the autoexec macro

3.   Autoexec doesn’t run if the database app isn’t trusted
      WRONG (at least partly so) – certain ‘SAFE’ actions still run though ‘UNSAFE’ actions are blocked.

There are two types of macro action:
a)   Safe actions e.g. Message Box or Open Form - these ALWAYS run
b)   Potentially unsafe actions e.g. Quit Access / Import/Export Data are blocked depending on the trust settings

Macro actions flagged as unsafe are by defaulthidden in the macro Action Catalog but can be made visible by clicking Show All Actions on the Macro Design ribbon.
These actions are normally shown with a warning symbol:
UnsafeMacroActions

Default view – safe actions only


MacroAction1

All macro actions visible


MacroAction2ShowAll



By default, database apps that have been downloaded from the internet or email are NOT trusted.

However, an app is trusted if it is in a trusted location or has been trusted by e.g. clicking the security banner

SecurityWarning
The autoexec macro will still run safe actions even if the security banner is visible
However, code from the startup form is blocked – it does NOT run

The Macro settings in the Trust Center can also cause some confusion. There are 4 options:

MacroSettings
1.   Disable all macros without notification: Not trusted – but no security banner displayed
2.   Disable all macros without notification: Not trusted – security banner shown
3.   Disable all macros except digitally signed macros: Not trusted – no banner
4.   Enable all macros (not recommended; potentially dangerous code can run): Trusted – no banner

I strongly RECOMMEND using setting 2 – disable all macros with notification so the security banner is shown where the app isn’t trusted

The ONLY way to prevent any code running is to open the application using the SHIFT BYPASS i.e. hold down the shift key when the application is opened

NOTE:
Developers will often disable the shift bypass before distributing apps to ensure that code DOES run.
However, it is possible to circumvent this and re-enable the shift bypass. I am deliberately not going to explain how to do that in this article

I have created an example app to illustrate what actions are allowed even in apps that have NOT been trusted

Click to download:     Autoexec Trust Example



Test the app by doing the following in turn:

a)   Save the app to a non-trusted location
b)   Open the app using the shift bypass and check that macros are disabled with notifications (macro setting 2 above)

c)   Disable all trusted documents

DisableTrustedDocs
d)   Reopen the app – the security banner is displayed – don’t click it yet.

SecurityWarning
      The Autoexec macro still runs despite itself being a macro!

      This message is shown:

AutoCloseNotTrusted
      . . . followed by this . . .

AutoCloseNotTrusted2
      The app doesn't close as Quit Access is marked as unsafe in the macro designer

AutoCloseNotTrusted3

AutoCloseNotTrusted4
e)   Repeat opening the app from a trusted location.
      First of all this message appears when the startup form loads - BEFORE the autoexec macro runs:

StartupFormMsg
      Next this message is triggered by the autoexec macro:

AutoexecMsgTrusted
      . . . followed by this . . .

AutoexecMsgTrusted2
      Close down then runs successfully as the 'unsafe action' is allowed in a trusted database

f)   Move the app back to a non-trusted location and enable all macros
      (normally this should be avoided for safety reasons)

      Once again it will be shown as non-trusted (see 3 above)

AutoCloseNotTrusted
NOTE:
REMEMBER to change the macro settings back to setting 2 again afterwards!



I hope this article helps clarify what actions occur and in which order when an Access app is opened



Colin Riddington           Mendip Data Systems                 28 June 2022



Return to Access Articles Page




Return to Top