First Published 11 Oct 2022 Last Updated 23 Jan 2025 Difficulty level: Moderate
UPDATED 23 Jan 2025 - Fixed an important bug in the original code.
Section Links:
Trust Me . . . I'm Safe!
Check whether the app is trusted
Check which method has been applied for a particular Access app
Which is better? Trusted Document or Trusted Location?
UPDATE 1 - 13 Oct 2022
UPDATE 2 - 15 Jan 2023
Feedback
1. Trust Me . . . I'm Safe! Return To Top
To reduce the risk of running malicious code, all Office documents including Access apps must first be trusted before any code can be run.
This gives you the opportunity to first examine the code if you are unsure about its safety
If you are certain it is safe, there are two ways that the app can be marked as trusted:
a) Trust the document itself when it is opened
To do so, click the Enable Content button on the security banner
NOTE:
The security banner only appears if the Macro Settings are set to the default value: Disable all macros with notification
b) Run the document from a trusted location
To set a trusted location, click File . . . Options . . . Trust Center . . . Trust Center Settings . . .Trusted Locations
Browse to the folder you want to trust and choose whether to trust subfolders. Then click OK
Doing this adds a new key to the registry. For example:
It is possible to edit the registry using code . . . but only if your app is already trusted!
Alternatively a script file can be created for this purpose. For example, when a text file with a .reg suffix is run, the listed keys are added to the registry
I use this approach when distributing my commercial apps to ensure they ALWAYS run from a trusted location
2. Check whether the app is trusted? Return To Top
Probably the simplest approach is to type the following code in the VBE Immediate window
?CurrentProject.IsTrusted
This returns True if:
a) the Enable Content button has been clicked.
b) the Macros Settings value is Enable All Macros (not recommended; potentially dangerous code can run).
This is because there are no restrictions on code running.
c) the app is running from a trusted location
Of course, if the project isn't trusted, the code cannot run. If so, the following message is shown:
3. Check which method has been applied for a particular Access app Return To Top
UPDATE 21 Jan 2025: The following code has been updated to fix a bug recently reported by João da Cruz Santos. Many thanks for letting me know!
Run the code from a standard module to check if the location is trusted:
CODE:
Option Compare Database
Option Explicit
Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7
'================================================================================
'Purpose: Checks if current location is trusted
'Name: IsTrustedLocation
'Author: Colin Riddington, Mendip Data Systems
'First Release: 2022-10-11
'URL: https://isladogs.co.uk/trusted-location/
'Latest Version: 3.0
'Last Updated: 2025-01-23
'Main Changes: fixed issues with subfolders & added description
' renamed from IsLocationTrusted - now runs from autoexec macro if required
' output changed to FormattedMsgBox (also provided)
'===============================================================================
Function IsTrustedLocation() As Boolean
On Error GoTo Err_Handler
IsTrustedLocation = False
Dim strComputer As String, hDefKey As Long, strKeyPath As String, strSubKeyPath As String, strAccessVersion As String
Dim strValueName As String, strValue As Variant, I As Integer, oReg As Object
Dim strSubkey As Variant, arrSubKeys As Variant, arrValueNames As Variant, arrTypes As Variant, uValue As Variant
Dim strText As String, strLocation As String, strDescription As String
' Get Access version, computer name, registry tree and key path
strAccessVersion = SysCmd(acSysCmdAccessVer)
strComputer = "." ' Use . for current machine
hDefKey = HKEY_CURRENT_USER
' Connect to registry provider on target machine with current user
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Office\" & strAccessVersion & "\Access\Security"
' Enum the keys of the key path we've chosen (if any)
oReg.EnumKey hDefKey, strKeyPath, arrSubKeys
For Each strSubkey In arrSubKeys
'First check in the top level folder for a AllLocationDisabled key
' Get the subkey value names and types
strSubKeyPath = strKeyPath & "\" & strSubkey
oReg.EnumValues hDefKey, strSubKeyPath, arrValueNames, arrTypes
For I = LBound(arrValueNames) To UBound(arrValueNames)
strValueName = arrValueNames(I)
oReg.GetDWORDValue hDefKey, strSubKeyPath, strValueName, uValue
'Check whether all trusted locations are disabled
If strSubkey = "Trusted Locations" And strValueName = "AllLocationsDisabled" And uValue = 1 Then
MsgBox "All Trusted Locations have been disabled for Access " & strAccessVersion, vbCritical, "Trusted Locations Disabled"
Exit Function
End If
Next I
Next strSubkey
'===========================================================
'Now look at each Trusted Location if any exist
strKeyPath = "SOFTWARE\Microsoft\Office\" & strAccessVersion & "\Access\Security\Trusted Locations"
' Enum the subkeys of the key path we've chosen
oReg.EnumKey hDefKey, strKeyPath, arrSubKeys
For Each strSubkey In arrSubKeys
' Get the subkey value names and types
strSubKeyPath = strKeyPath & "\" & strSubkey
oReg.EnumValues hDefKey, strSubKeyPath, arrValueNames, arrTypes
For I = LBound(arrValueNames) To UBound(arrValueNames)
strValueName = arrValueNames(I)
Select Case arrTypes(I)
' Check the REG_SZ values for Path
Case REG_SZ
oReg.GetStringValue hDefKey, strSubKeyPath, strValueName, strValue
If strValueName = "Path" Then
If CurrentProject.Path & "\" <> strValue And InStr(CurrentProject.Path, strValue) <> 0 Then
'match found as subfolder of path
strLocation = strValue
'Now look for Description & AllowSubfolders keys in that path
GoTo MoreInfo
ElseIf CurrentProject.Path & "\" = strValue Then
'match found as subfolder of path
strLocation = strValue
IsTrustedLocation = True
'now get Description & AllowSubfolders keys if these exist
GoTo MoreInfo
Else
'no match - check next Trusted Location
GoTo NextSubkey
End If
End If
MoreInfo:
'Get the Description if it exists
If strValueName = "Description" Then
strDescription = strValue
End If
' Get the REG_DWORD value for AllowSubfolders if it exists
Case REG_DWORD
oReg.GetDWORDValue hDefKey, strSubKeyPath, strValueName, uValue
If strValueName = "AllowSubfolders" And uValue = 1 Then IsTrustedLocation = True
End Select
Next I
NextSubkey:
If IsTrustedLocation = True Then GoTo Trusted
Next strSubkey
Trusted:
' build info for immediate window (if required)
Debug.Print "Current Project Folder = " & CurrentProject.Path
Debug.Print ""
Debug.Print "IsTrustedLocation = " & IsTrustedLocation
' additional info
If IsTrustedLocation Then
Debug.Print "The current project folder is trusted for Access " & strAccessVersion
Debug.Print "-----------------------------------------------------"
Debug.Print "TrustedLocation = " & strSubkey
Debug.Print "Path = " & strLocation
If strDescription <> "" Then Debug.Print "Description = " & strDescription
If uValue <> "" Then Debug.Print "AllowSubfolders = " & uValue & IIf(uValue = 1, " (Yes)", " (No)")
End If
' build message box string (if required)
strText = "IsTrustedLocation = " & IsTrustedLocation & vbCrLf & vbCrLf & _
"Current Project Folder = " & CurrentProject.Path & " "
' additional info
If IsTrustedLocation Then
strText = strText & "@The current project folder is trusted for Access " & strAccessVersion
strText = strText & vbCrLf & "------------------------------------------------------"
strText = strText & vbCrLf & "TrustedLocation: " & String(10, " ") & strSubkey
strText = strText & vbCrLf & "Path: " & String(30, " ") & strLocation
If strDescription <> "" Then strText = strText & vbCrLf & "Description: " & String(18, " ") & strDescription
If uValue <> "" Then
strText = strText & vbCrLf & "AllowSubfolders: " & String(9, " ") & uValue & IIf(uValue = 1, " (Yes)", " (No)") & "@"
Else
strText = strText & "@"
End If
End If
FormattedMsgBox strText, vbInformation, "Trusted Location Info"
Exit_Handler:
Exit Function
Err_Handler:
If Err = 13 Then 'type mismatch
If strSubkey = "Trusted Locations" Then 'AllLocationsDisabled key doesn't exist
Err = 0: Resume Next 'ignore error & continue
Else
MsgBox "There are currently no trusted locations for Access " & strAccessVersion, vbExclamation, "No Trusted Locations"
End If
Else
MsgBox "Error " & Err & " in IsTrustedLocation procedure: " & vbCrLf & Err.Description
End If
GoTo Exit_Handler
End Function
NOTE: The IsTrustedLocation function can be run at start up using an autoexec macro.
Example output (in the VBE Immediate window):
Trusted location
Current Project Folder = G:\MyFiles\ExampleDatabases\TrustedLocation
IsLocationTrusted = True
The current project folder is trusted for Access 16.0
--------------------------------
TrustedLocation = Location2
Path = G:\MyFiles\ExampleDatabases\
Description = Example Databases
AllowSubfolders = 1
Non trusted location
Current Project Folder = C:\Users\isladogs\OneDrive\Desktop
IsLocationTrusted = False
Alternatively, the code can provide output as message boxes. The bold text in the first two messages is done using my Formatted Message Box function.
Trusted location. Subfolders allowed
Trusted location. Subfolders not allowed
Non trusted location.
All trusted locations disabled.
No trusted locations exist.
4. Which is better? Trusted Document or Trusted Location? Return To Top
You would probably expect that both methods are the same in terms of their effect on your application. Surprisingly that is NOT the case.
A fellow Access developer, Aleksander Wojtasz, contacted me about this issue back in 2022.
He had noticed that his code ran far slower when the document was trusted by clicking Enable Content but not run from a trusted location.
This affected his code adversely as his employer prevents users from changing macro settings or assigning new trusted locations.
Aleksander also provided an example app for me to test for myself. Here are the results from my tests - all times in milliseconds
Trusted document
Macro Setting 2 (Enable Content) Trusted document
Macro Setting 4 (Enable all macros) Trusted location
857
37
31
895
41
40
907
31
32
870
43
40
863
39
37
The time to safely run the code as a trusted document was about 20 times longer than when run from a trusted location or with macros unchecked.
It appears that additional checking is done on each occasion the code is run causing a slowdown
I contacted Microsoft about this issue. A long serving member of the Access team, Shane Groff, confirmed my results and added further explanation as follows:
I can reproduce the issue with the Macro setting causing a significant performance impact.
It looks like this may be related to some recent work done by the VBA team to do malware detection, so we will likely direct the issue to the VBA team.
Here is a blog post that describes the feature:
Office VBA + AMSI: Parting the veil on malicious macros - Microsoft Security Blog
This page
Malicious macros were found specifically states that the AMSI scan does not occur if a file is in a trusted location, or if the VBA macros are signed with a certificate.
See my article: Using the new VBA Project Signing feature which discusses code signing certificates in more detail.
If you do not have a code signing certificate, you should ALWAYS run your Access apps from a trusted location if possible.
5. Downloads: Return To Top
The module code is available in the attached (zipped) text file. After unzipping, you can then import the modTrustedLocation.bas file directly into the Visual Basic Editor
modTrustedLocationCode (bas - zipped)
Alternatively, download the example database which also includes the formatted message box and IsTrustedLocation function code.
IsLocationTrusted_v3 ACCDB file (Approx 0.5 MB (zipped)
6. UPDATE 1 - 13 Oct 2022 Return To Top
Changes to the Access 365 'roadmap' were published in a blog article on 13 Oct 2022: Our Road Ahead - Microsoft Access Engineering Priorities Oct 2022
Although disappointingly short of significant new items, the list does include a new feature to support macro signing with a digital signature.
This is a long overdue feature which should fix the code slowdown issue described above where Access apps cannot be run from trusted locations.
7. UPDATE 2 - 15 Jan 2023 Return To Top
The new VBA project signing feature was rolled out to the Access 365 current channel with version 2212 on 4 January 2023.
Unfortunately, it is not available to those running older versions of Access.
8. Feedback Return To Top
Please use the contact form below to let me know whether you found this article interesting/useful or if you have any questions/comments/suggestions.
Please also consider making a donation towards the costs of maintaining this website. Thank you
Colin Riddington Mendip Data Systems Last Updated 23 Jan 2025
Return to Access Articles Page
Return to Top