Frequently asked questions about Access security warnings - Access

Warning: You are viewing this page with an unsupported Web browser. This Web site works best with Microsoft Internet Explorer 6.0 or later, Firefox 1.5, or Netscape Navigator 8.0 or later. Learn more about supported browsers.

Email this link

Printer-Friendly Version Bookmark and Share

Frequently asked questions about Access security warnings

Applies to: Microsoft Office Access 2003

Why does Access display these security warnings?

Question mark Why does the message "Security Warning: Unsafe expressions are not blocked" appear when I open a file in Access?

Question mark I have installed the Microsoft Jet service pack. Now when I restart Access and open a file, I see another message that asks me if I want to block unsafe expressions. Why?

Question mark I enabled sandbox mode, but now it looks as if my application is not working properly. Why?

Question mark Is enabling sandbox mode the only way to hide this message? What if I don't want to enable sandbox mode?

Question mark In addition to blocking harmful functions and properties, Access blocks the harmless CurDir and Environ functions in sandbox mode. Access also blocks all the custom properties of ActiveX controls in sandbox mode. Why?

Question mark I have installed the Jet service pack and clicked Yes when prompted to block unsafe expressions. Now I see the "This file may not be safe" or the "Cannot open file due to security restrictions" warning. Why do these messages still appear?

Question mark Why does the "This file may not be safe" message appear when I open my file in Access?

Question mark I see a message that says "Access cannot open the file due to security restrictions. Security settings restrict access to the file because it is not digitally signed." Why?

Question mark When I open a file, I see the message "This publisher has not been authenticated and therefore could be imitated. Do not trust these credentials." Why?

Question mark When I open a file, I see the message "This file has been digitally signed by (publisher). The file may not be safe if it contains code that was intended to harm your computer." Why?

Question mark Often, when I view or change the macro security level, Access prompts me about enabling sandbox mode. Why?

Question mark My users are complaining about the warnings that appear each time they open one of my databases. Some users cannot even open the database. Why can't I turn off these messages for them?

Question mark At the High macro security level, I can't open my own databases. At the Medium security level, I can't open my own databases without seeing the "This file not be safe" warning each time I open them. Why?

Question mark I created this database and wrote some code. But the code does not do anything malicious. Then, why warn me every time?

Question mark My system is very secure. My computer is not part of a network, and I alone use my databases. Is it okay if I set the macro security level to Low in Access to avoid these messages?

Question mark Should I set the macro security level in Access to High or Medium? What difference does it make when I open a file?

Question mark Do I have to buy a certificate to prevent the "This file may not be safe" warning from appearing?

How do I prevent these messages from appearing each time a file is opened?

Question mark How can I prevent the "Unsafe expressions are not blocked" message from coming up each time I open a file in Access 2003?

Question mark If I enable sandbox mode, it looks as if some expressions will break. How do I identify and fix them so that my database continues to function properly?

Question mark I did not create this database — how can I avoid the "This file may not be safe" message or "Cannot open file due to security restrictions" when I try to open it? What do I do?

Question mark I didn't create this database, but I need to use it. Can I disable the macros and code in a database? Or, how do I find out if it contains harmful code if I can't or shouldn't open it?

Question mark I created this database, and I alone use it. I don't want the "This file may not be safe" or "Cannot open file due to security restrictions" message appearing each time I try to open a database.

Question mark I am part of a team that is developing or testing an Access application. How does our team prevent the "This file may not be safe" or "Cannot open file due to security restrictions" warning from appearing each time the database is opened by a member of our team?

Question mark The users of my database are complaining about the "This file may not be safe" or "Cannot open file due to security restrictions" messages appearing each time they open a database that I created. What do I do?

Question mark How do I obtain a digital certificate? Is it free?

Question mark How do I add a digital signature to a VBA project?

Question mark How do I change the macro security level in Access?

Question mark How do I prevent the "This file may not be safe" warning from interrupting the execution of automation scripts?

I have already taken action, but...

Question mark I have already installed the Jet service pack, but now I see another message that asks me if I want to block unsafe expressions!

Question mark I have already installed the Jet service pack and clicked Yes to enable sandbox mode, but now I see the "This file may not be safe" or "Cannot open file due to security restrictions" warning!

Question mark Sandbox mode is not enabled on my computer. What do I do?

Question mark I have set the macro security level to Low, but I still see a warning.

Question mark I have enabled sandbox mode, and the "Unsafe expressions are not blocked" warning has gone away, but my database isn't functioning properly.

Question mark I signed my database before sharing it with my workgroup or distributing it to my users. Now they say they are getting a warning when they open it.

Question mark I cannot add a publisher to the list of trusted publishers of macros. Why?

Question mark I tried changing the macro security level, but when I click Tools and point to Macro, I don't see the Security menu command.

Question mark Why is the Macro or Security menu command disabled?

Question mark The Security dialog box does not appear, or I cannot make changes in the dialog box.

Why does Access display these security warnings?

1. Why does the message "Security Warning: Unsafe expressions are not blocked" appear when I open a file in Access?

When you open a file for the first time in Access 2003, you might see the following message:

Security warning: Unsafe expressions are not blocked

You see this message if:

Your computer does not have Microsoft Jet 4.0 Service Pack 8 (SP8) or later installed, or
Your computer does have Jet 4.0 Service Pack 8 installed, but you did not choose to block unsafe expressions when prompted to do so and, as a result, sandbox mode has not yet been enabled on your computer.

To help enhance the security of your data, you have the option of running Access 2003 in sandbox mode. In sandbox mode, Access evaluates only those expressions in field properties and controls that are safe. An expression is considered safe if it does not use functions or properties that could be exploited by malicious users to access drives, files, or other resources for which they do not have authorization. For example, functions such as Kill and Shell could be used to damage data and files on a computer, so they are not considered safe. When Access runs in sandbox mode, an expression that calls these functions or properties will result in an error message.

For a list of these functions and properties, see Functions and properties that are blocked in sandbox mode.

Note Sandbox mode does not affect Visual Basic for Applications (VBA) code that is in your files. Code that is digitally signed, even if it includes the blocked functions or properties, will run whether Access is in sandbox mode or not. Unsafe functions and properties are blocked only when used in expressions such as default values, control sources, or SQL statements.

Sandbox mode is implemented by using the Microsoft Jet Expression Service to evaluate expressions. Jet 4.0 Service Pack 8 (SP8) or later allows Access to be fully functional yet still have Jet block unsafe expressions by enabling sandbox mode. However, the Jet Expression Service is not part of Access. You need to download and install Jet 4.0 SP8 or later before you can enable sandbox mode.

Note A critical Windows update includes Jet 4.0 SP8, so installing all of the critical Windows updates will automatically install the latest version of Jet on your computer.

For step-by-step information about how to install the Jet service pack and enable sandbox mode, see Question 18.

2. When I start Access and open a file, I see a message that asks me if I want to block unsafe expressions. Why?

You will see the following message when the macro security level in Access is set to High or Medium. If Jet 4.0 SP8 or later is installed but sandbox mode is not enabled, Access prompts you to enable sandbox mode, which blocks unsafe expressions.

Security Warning: Unsafe expressions are not blocked.

Note The latest version of Jet could have been installed in two ways — either you or another user downloaded the service pack from the Microsoft Download Center, or either you or another user installed all the critical Windows updates from Microsoft Windows Update. One of the critical updates includes Jet 4.0 SP8, so installing the critical updates will automatically install the latest version of Jet on your computer.

Installing the latest Jet service pack does not automatically turn on sandbox mode and block unsafe expressions. You need to click Yes in the message box to complete the process of enabling sandbox mode.

After you enable sandbox mode on your computer, you or anyone using the computer will not be prompted about unsafe expressions when you open a file. However, you will see a prompt related to sandbox mode in the following situations:

Changing the macro security level from High or Medium to Low when Access is running in sandbox mode. You will be asked if you want allow the evaluation of potentially unsafe expressions.

Click Yes to turn off sandbox mode, or click No to continue to be in sandbox mode. We recommend that you click No. Whether you click Yes or No, you will not be prompted when you subsequently open a file.
Changing the macro security level from Low to Medium or High when Access is not running in sandbox mode. You will be asked if you want to block unsafe expressions.

If you click Yes, sandbox mode will be enabled and you will not be prompted when you subsequently open a file. However, if you choose not to enable sandbox mode, you will continue to be prompted each time you open a file. This is because, although you have chosen to be in Medium or High security, you have not enabled sandbox mode, which is an integral part of helping to protect your data.
If you are concerned that blocking unsafe expressions will affect the functionality of your database, see the next question.

3. I enabled sandbox mode, but now it looks as if my application is not working properly. Why?

The reasons depend on whether Jet 4.0 SP8 or later is installed on your computer.

If you enabled sandbox mode without installing the latest Jet service pack Under these circumstances, several Access features will not work properly. For example, trying to run the Form Wizard will display the following message:

Message: This feature isn't installed, or has been disabled.

These features were not installed or are not enabled because the latest version of the Jet service pack is required for Access to be in sandbox mode, yet retain its full functionality.

The following is a list of things that might not work properly if you enable sandbox mode before installing the latest Jet service pack:

Wizards may not start.
Switchboards created by using the Switchboard Manager won't function properly.
You can't use the RunCode macro action to call a Visual Basic for Applications (VBA) procedure.
Event handlers that call VBA procedures won't function.
VBA procedures that are called from a property sheet or used in an SQL statement won't function.
The following VBA functions won't work when called from a property sheet or used in an SQL statement:
- FormatCurrency
- FormatDateTime
- FormatNumber
- FormatPercent
- InStrB
- InStrRev
- MonthName
- Replace
- StrReverse
- WeekDayName

For step-by-step information about how to install the latest Jet service pack, see About Microsoft Jet 4.0 SP8 or later.

If you enabled sandbox mode after installing the latest Jet service pack Your application might not be working properly because, in sandbox mode, Access does not evaluate expressions that refer to potentially unsafe functions and properties. Functionality that depends on such blocked expressions might appear not to be working properly. What you need to do is identify these expressions and rewrite them without referring to the blocked functions and properties.

For more information on how to identify and fix unsafe expressions, see Question 19. For a list of blocked functions and properties, see Functions and properties that are blocked in sandbox mode.

Note If expressions in your database call the CurDir or the Environ function, or refer to the custom properties of Microsoft ActiveX® controls, Access might not evaluate them. For more information about how to work around this limitation, see Question 5.

4. Is enabling sandbox mode the only way to hide this message? What if I don't want to enable sandbox mode?

Yes, if the macro security level is set to Medium or High, enabling sandbox mode is the only way to prevent the message from appearing each time you open a database. This is because Medium or High security is not truly effective unless you prevent Access from evaluating unsafe expressions. If you are concerned about your database not working properly after you enable sandbox mode, see Question 3.

Changing the macro security level to Low will suppress the "Unsafe expressions are not blocked" and the "This file may not be safe" warning, but we do not recommend it. For more information about risks associated with setting the macro security level to Low, see Question 15.

5. In addition to blocking harmful functions and properties, Access blocks the harmless CurDir and Environ functions in sandbox mode. Access also blocks all the custom properties of ActiveX controls in sandbox mode. Why?

We highly recommend installing the latest Jet service pack to block unsafe expressions, but there are a couple of scenarios where sandbox mode restricts a few functions and properties that are harmless in Access. This is because Access is just one of the applications that use the Jet Expression sandbox mode, and to make sure that sandbox mode is completely safe for all applications that use it, the latest Jet service pack blocks all functions and properties that could cause harm in any scenario.

The following section describes the functions and properties that are blocked in Access (although they are harmless), and the workarounds that you can adopt to continue using them in Access.

The CurDir and Environ functions
These two functions are harmless in Access, but are blocked in sandbox mode.

To enable the CurDir and Environ functions in expressions or SQL statements, simply add the following code to a code module:

Public Function CurDir(Optional Drive As String) As String CurDir = VBA.CurDir(Drive) End Function Public Function Environ(Expression) Environ = VBA.Environ(Expression) End Function
Blocked ActiveX control custom properties
Custom properties of ActiveX controls are usually harmless, but they are blocked in sandbox mode because a user could potentially use them maliciously. Standard properties of an ActiveX control, such as Name, Value, and Tag, are allowed in expressions, but custom properties specific to the control, such as the Day and Month properties of a calendar control, are blocked. Properties and methods of an ActiveX control that are accessed by using its Object property, such as MyProgressBar.Object.Min, are also blocked. So an expression that refers to these properties will result in an error message in sandbox mode.

To refer to these properties, do one of the following:
- Reference the property indirectly.
  Create a function that will return the value of a custom property, and call the function in the expression.
- Add the ActiveX control to a list of safe controls.
  Call SysCmd 14 (<ActiveX Control GUID>) on database startup or in the OnLoad event of the form. SysCmd 14 will add the GUID of the ActiveX control to a list of safe ActiveX controls, and you will then be able to reference the control's custom properties and the Object property from any expression.
  Warning SysCmd 14 should only be used with an ActiveX control that has been carefully reviewed to verify that it cannot do anything malicious. For more information on how to review an ActiveX control, see Signing a VBA project.

6. I have installed the Jet service pack and clicked Yes when I was prompted to block unsafe expressions. Now I see the "This file may not be safe" or the "Cannot open file due to security restrictions" warning. Why do these messages still appear?

The "This file may not be safe" and "Cannot open file due to security restrictions" messages are different and independent of the messages that prompted you to install the latest Jet service pack and to enable sandbox mode. The following table summarizes the reasons behind and solutions for each of these warning messages.

Warning message	Why it appears	How to prevent it from appearing each time you open a file
Security Warning: Unsafe expressions are not blocked.	Jet 4.0 SP8 or later is not installed and sandbox mode is not enabled.	See Question 18.
Blocking unsafe expressions affects all users on this computer. Do you want to block unsafe expressions?	Jet 4.0 SP8 or later is installed on the computer, but sandbox mode is not enabled.	See Question 2.
This file may not be safe if it contains code that was intended to harm your computer. Do you want to open this file or cancel the operation?	Access cannot verify that the file is from a trusted source and that it has not been tampered with since you received it or last worked on it.	See Questions 20 through 23.
Access cannot open the file due to security restrictions. Security settings restrict access to the file because it is not digitally signed.	The macro security level in Access is set to High, but the file you are attempting to open is not signed.	See Question 8.

7. Why does the "This file may not be safe" message appear when I open my file in Access?

When you open a file in Access, you may see the following warning:

Security warning: This file may not be safe...

The short answer for why you see this message is that your macro security level is set to Medium, and Access cannot verify that you received this file from a trusted source, nor can it verify that the version you are opening has not been tampered with by an unauthorized user. If this message appears when you open a database that you created, it implies that the file could have been modified by someone without your knowledge since you last worked on it.

So, how do you ensure that the files you work with come from trusted sources and haven't been tampered with? By making sure the file is digitally signed by a trusted source. If you create databases, you ensure this by signing the macros and VBA code in your databases before distributing them to your users, and also ask your users to add you as a trusted source. If you use databases created by others, request that they digitally sign the macros and code in the databases before giving them to you. It might seem like an inconvenience in the beginning, but the time and effort are worth the security risks that you will avoid if you do this.

When you open a file signed by a trusted source, such as an individual or corporation, it will open without any security warnings. When a digitally signed file is altered by an unauthorized user, the signature will no longer be valid, and you will be warned of this at the Medium and High macro security levels.

For more information about digital signatures and trusted sources, see Signing a VBA project. For more information about how to prevent this message from appearing each time you open a database, see Questions 20 through 23 in this topic.

8. I see a message that says "Access cannot open the file due to security restrictions. Security settings restrict access to the file because it is not digitally signed." Why?

You see this message because the macro security level in Access is set to High and the file that you are trying to open is not digitally signed.

If you or a member of your workgroup created this database, you should consider obtaining a certificate and digitally signing the database. You and members of your workgroup should also add your digital signatures to the list of trusted publishers on your computers.

If you receive a database from a third party, you should ask them to sign the database by using a commercial certificate before sending the file to you.

For step-by-step information about how to obtain a certificate and sign a database, see Signing a VBA project.

9. When I open a file, I see the message "This publisher has not been authenticated and therefore could be imitated. Do not trust these credentials." Why?

You see this message when the macro security level is set to High or Medium.

If the macro security level in Access is set to High and the Open button in the Security dialog box is disabled but the "Always trust files from this publisher and open them automatically" check box is enabled, then either you self-signed it by using a certificate created with the Create Digital Certificate utility (SelfCert.exe) or someone you know signed the file by using a certificate that they created with SelfCert and enabled you to install the certificate on your computer.
If you choose to trust the publisher, select the Always trust files from this publisher check box, and then click Open. Subsequently, you will not be prompted when you open files from this publisher.
If the macro security level in Access is set to High and the Open button and the "Always trust files from this publisher and open them automatically" check box are disabled, either the publisher signed the file by using a certificate created with the Create Digital Certificate utility (SelfCert.exe) and you do not have the certificate installed on your computer or the file was signed with a commercial certificate from an untrusted Root Certificate Program member. For more information, see Microsoft Root Certificate Program members.
At the High macro security level, it is not possible to open files that did not originate from trustworthy publishers, so you cannot open the file. You should contact the publisher and request that they sign the database by using a certificate from a trusted root certification authority. If the file is from a member of your workgroup, you can import the certificate that they used to sign the database. For more information, see the section "Backing up or transferring a digital certificate to another computer" in the topic Signing a VBA project.
If the macro security level in Access is set to Medium and the Open button and the "Always trust files from this publisher and open them automatically" check box are enabled, it means that either you self-signed the file by using a certificate created with the Create Digital Certificate utility (Selfcert.exe) or someone you know signed it by using a certificate that they created with SelfCert and enabled you to install the certificate on your computer.
If you choose to trust the publisher, select the Always trust files from this publisher check box, and then click Open. Subsequently, you will not be prompted when you open files from this publisher. If you are not sure, simply click the Open button to open the file. You will continue to see this message each time you open this file or any other file from the same publisher until you choose to trust them by selecting the Always trust files from this publisher and open them automatically check box.
If the macro security level in Access is set to Medium and the Open button is enabled but the "Always trust files from this publisher and open them automatically" check box is disabled, either the publisher signed by using a certificate created with the Create Digital Certificate utility (SelfCert.exe) and you do not have the certificate installed on your computer or the file was signed with a commercial certificate from an untrusted Root Certificate Program member. For more information, see Microsoft Root Certificate Program members.
At the Medium macro security level, if the certificate cannot be authenticated, you cannot add the publisher to the trusted list of publishers on your computer. However, you can open the database at your own risk. You will continue to be prompted each time you open this database or any other database that the publisher signed with the same certificate. You might want to ask the publisher to use a certificate issued by a trusted root certification authority. If the file is from a member of your workgroup, you can import the certificate that they used to sign the database. For more information, see the section "Backing up or transferring a digital certificate to another computer" in the topic Signing a VBA project.

10. When I open a file, I see the message "This file has been digitally signed by (publisher). The file may not be safe if it contains code that was intended to harm your computer." Why?

You see this message because the file was signed with a commercial certificate from a trusted Root Certification Program member. For more information, see Microsoft Root Certificate Program members.

To review the certificate, click Details. If your macro security level is set to High, you will not be able to open the file unless you enable the Always trust files from this publisher and open them automatically check box. Subsequently, you will not see this warning when you open a file that is signed by this publisher. If security is set to Medium, you can choose to postpone adding the publisher to the list of trusted publishers, and simply open the file. However, you will continue to see the warning each time you open a file from this publisher until you add them to the list of trusted publishers by enabling the Always trust files from this publisher and open them automatically check box.

11. Often, when I view or change the macro security level, Access prompts me about enabling sandbox mode. Why?

After you install Jet 4.0 SP8 or later and enable sandbox mode on your computer, you or anyone using the computer will not be prompted about unsafe expressions when you open a file.

However, you will see a sandbox-related prompt in the following situations:

Changing the macro security level from High or Medium to Low when Access is running in sandbox mode. You will be asked if you want to allow the evaluation of potentially unsafe expressions. Click Yes to turn off sandbox mode, or click No to continue to be in sandbox mode. We recommend that you click No. Whether you click Yes or No, you will not be prompted when you subsequently open a file.
Changing the macro security level from Low to Medium or High when Access is not running in sandbox mode. You will be asked if you want to block unsafe expressions. If you click Yes, sandbox mode will be enabled and you will not be prompted when you subsequently open a file. However, if you choose not to enable sandbox mode, you will continue to be prompted each time you open a file. Access will prompt you each time you open a file to remind you that, while you have chosen to be at the Medium or High macro security level, you have chosen to disable sandbox mode.
If you are concerned that blocking unsafe expressions will affect the functionality of your database, see Question 3.

12. My users are complaining about the warnings that appear each time they open one of my databases. Some users cannot even open the database. Why can't I turn off these messages for them?

You cannot turn off these messages for your users. Do not recommend that your users set macro security level to Low because that will open their computer to malicious attacks, which may lead to data loss. Instead, do the following:

Educate your users about the importance of securing their hardware and software, including networks, computers, files, and data.
Assist them with downloading the latest Jet service pack and enabling sandbox mode. Doing both will allow them to suppress the warnings about blocking unsafe expressions.
Sign your databases. Obtain a digital certificate and use it to sign your databases before distributing them to your users. Also, make sure you are added to the list of trusted publishers on their computers, so that your users are not prompted each time they open your files.
For more information about obtaining a certificate from a commercial authority and signing VBA projects and macros, see Signing a VBA project.

13. At the High macro security level, I can't open my own databases. At the Medium security level, I can't open my own databases without seeing the "This file may not be safe" warning each time I open them. Why?

Unless you digitally sign your own databases, this message will appear even if you created the database, you wrote the code, and you alone use it. The primary concern here is not whether you, who created the database, added malicious code. Rather, the intention is to inform you that unauthorized users could have accessed your file without your knowledge and added malicious code. For example, someone could have exported a malicious macro to your database that is on a network share without actually opening it. Or someone who has access to your computer could have opened it and added malicious code.

For more information about how to self-sign your databases to avoid seeing this warning each time you open them, see Signing a VBA project.

14. I created this database and wrote some code. But the code does not do anything malicious. Then, why warn me every time I open it?

See Question 13.

15. My system is very secure. My computer is not part of a network, and I alone use my databases. Is it okay if I set the macro security level to Low in Access to avoid these messages?

We do not recommend setting the macro security level to Low. When you lower the macro security level, you are not protected against the following:

Unsafe expressions. If an expression calls a function or property that could damage your data or compromise the safety of your computer and you have not enabled sandbox mode, Access will still evaluate the expression, which could lead to data loss or other breaches of security.
Unauthorized changes to files. If a file was modified without your knowledge to automatically run code that might damage your data when it is opened, and sandbox mode is not enabled, Access will not warn you. You will not get a warning even when a digitally signed file from a trusted source has been tampered with and the file's signature is no longer valid.

Unless yours is a stand-alone computer (not part of a network), and you don't ever connect to the Internet, and no one ever has physical access to your computer, or your databases and other files are protected with strong passwords, you should not even consider setting the macro security level to Low.

16. Should I set the macro security level in Access to High or Medium? What difference does it make when I open a file?

The macro security feature lets you set the security level in Access to High, Medium, or Low.

When you set the macro security level to High, Access will run code only if the file is digitally signed by a developer on your list of trusted publishers. If you attempt to open a file that is not signed, or if you choose not to trust the publisher when opening a signed file, or if the publisher used a certificate that cannot be authenticated, you will not be able to open the file.

If the macro security level is set to Medium, you have the option of opening unsigned files. Access will display the "This file may not be safe" message, and will open the file if you click Open. If the certificate used to sign the file can be authenticated, you will be able to add the publisher to the list of trusted publishers on your computer, and hence avoid warnings when opening files from this publisher in the future. If the certificate cannot be authenticated, you will be able to open the file, but you won't be able to add the publisher to the trusted list.

For more information about macro security levels, and what impact the current level has on opening files, see the topic Macro security levels.

17. Do I have to buy a certificate to prevent the "This file may not be safe" warning from appearing?

If you create Access solutions for others' use, it is a widely accepted professional practice to obtain a certificate from your organization's internal certification authority, or from a commercial certification authority such as VeriSign, Inc., and digitally sign your databases before distributing them.

If you create databases for your own use or for use by a small workgroup, or you want to avoid this warning during the development and testing phases of a solution, you may want to consider creating your own digital certificate. You can use this certificate to sign your databases. You can export your certificate and share it with your workgroup so that when they open your database, they don't see the warning message.

For more information about how to create your own digital certificate, share it with your workgroup, and sign the databases you create, see Signing a VBA project.

How do I prevent these messages from appearing each time a file is opened?

18. How can I prevent the "Unsafe expressions are not blocked" message from appearing each time I open a file in Access 2003?

You need to do two things to avoid this warning — install Jet 4.0 SP8 or later, and enable sandbox mode.

Perform the following steps to download the service pack and enable sandbox mode.

Download Jet 4.0 SP8 or later.
For more information about downloading the latest Jet service pack, see About Microsoft Jet 4.0 SP8 or later. Installing all the critical Windows updates will automatically install the latest version of the Jet service pack on your computer. If your computer is up to date on critical Windows updates, you can skip this step. To install critical Windows updates or to verify that all critical updates are installed on your computer, visit Microsoft Windows Update.
Exit, and then restart Access.
Open a file.
The "Unsafe expressions are not blocked" warning will be replaced with a message that asks whether you would like to block unsafe expressions.
Click Yes. This will enable sandbox mode.
When prompted to restart Access, click OK, and then exit and restart Access.
The registry will be updated and Access will run in sandbox mode. You will not see the warning when you open a file on your computer as long as Jet 4.0 SP8 or later is installed and sandbox mode is enabled.

19. If I enable sandbox mode, it looks as if some expressions will break. How do I identify and fix them so that my database continues to function properly?

Remember that when you are in sandbox mode, Access will not evaluate expressions that call functions and properties that could damage your files and data.

For a list of these functions and properties, see Functions and properties that are blocked in sandbox mode.

If you have Microsoft Office Access 2003 Developer Extensions installed, you can use the Custom Startup Wizard to search for all the expressions that are blocked in sandbox mode. The Custom Startup Wizard helps you create new databases with custom startup options based on a development database, but it also provides an option to find the expressions that are blocked in sandbox mode.

If you have the Access Developer Extensions installed, here is how you can search for blocked expressions in a database.

On the Start menu, point to All Programs, point to Microsoft Office, point to Microsoft Office Access 2003 Developer Extensions, and then click Custom Startup Wizard.
Choose any template and click Next.
Note It does not matter which template you choose, because you will not complete all the steps in the wizard.
Specify the name of the database as the source file, and click Next.
Click Find expressions blocked by sandbox mode.
Access shows the search result in a separate window.
Save or export the search result, and exit the wizard.
Review, then modify or remove blocked expressions.

For more information about the Custom Startup Wizard or the Access Developer Extensions, see Build with Access 2003 Developer Extensions.

20. I did not create this database — how can I avoid the "This file may not be safe" or "Cannot open file due to security restrictions" message when I try to open it?

Here are a few things that you can do to suppress this message. But you should not, under any circumstances, set the macro security level in Access to Low. Setting the macro security level to Low opens your computer to malicious attacks, and could lead to data loss.

If you received the file from a member of your workgroup who is involved in developing or testing a solution, see Question 23 for more information.
If you received the file from a person or a corporation that develops solutions for you, ask them to obtain a certificate from a commercial certification authority and digitally sign the files before giving them to you. You may want to ask them to see the article Signing a VBA project for step-by-step information.
If you are unable to contact the original owner of the database, you can add your own signature to suppress the warning message. First, verify the contents of the database and make sure that it does not contain any harmful macros or code. For step-by-step information about how to do this, see Question 21. Then create your own certificate and use it to sign the database. For step-by-step information about how to do this, see the article Signing a VBA project.

When you open a file that has been digitally signed by a publisher who is not on your list of trusted publishers, or that is a self-signed file, you may initially be prompted to add the publisher to your computer's list of trusted publishers. If you do so, you will not be prompted again when you open any signed files originating from that specific publisher.

For more information about how to keep the list of trusted publishers up to date, see the Help topic Modify the list of trusted publishers for macros.

21. I didn't create this database, but I need to use it. Can I disable the macros and code in a database? Or, how do I find out if it contains harmful code if I can't or shouldn't open it?

Good question! In Access, you cannot disable macros or automatic code execution on startup. However, there is a way by which you can examine the contents of a database without opening it. You create a blank database and import the contents of the database that you want to work with. Then you open each of the objects in Design view and examine the objects, especially macros and modules.

On the File menu, click New, then click Blank Database.
Specify a name for the database, and click Create. This will create a blank database.
On the File menu, point to Get External Data, and then click Import.
Browse to the target file that you want to examine, and click Import.
In the Import Objects dialog box, on each tab, click Select All.
Click Options to review import settings.
Click OK. Access will import all of the objects into the current database.
Open the objects in Design view. Access does not run code in Design view, so if there is any harmful code, you will able to remove or modify it.

Remember that reviewing this version of the file is no protection against security attacks that might occur in the future. Also, if you receive another copy of this file from the same or from a different source, you must take the necessary precautions before opening it.

22. I created this database, and I alone use it. I don't want the "This file may not be safe" or "Cannot open file due to security restrictions" messages to appear each time I try to open a database.

Earlier in this topic, you may have read that setting the macro security level to Low will suppress all security warnings, but we highly recommend that you do not set the macro security level to Low. Unless yours is a stand-alone computer (not part of a network), and you don't ever connect to the Internet, and no one ever has physical access to your computer and your databases are protected with strong passwords, you should not consider setting the macro security level to Low.

The safest solution for this question might be to create a certificate with the Create Digital Certificate utility (SelfCert.exe), and then use it to digitally sign your databases. Databases signed using a self-signed certificate are recommended for personal use or during testing and development phases of an Access solution. This is because a self-signed database will continue to prompt the user when opened on a computer that does not contain the certificate.

Note that when you open a self-signed database for the first time after signing it, you will see a message indicating that the certificate used to sign the VBA project hasn't been issued by a certification authority and shouldn't be trusted. Obviously, you can safely trust a VBA project that you have signed yourself by using a self-signed certificate, and if you do so, you will not see any warnings the next time you open the file.

Note As part of a general security policy, an organization should either lock the trusted sources list to prevent users from trusting any certificates other than those provided by administrators, or should strongly discourage users from trusting VBA projects signed with self-signed certificates.

If you modify a self-signed VBA project on a computer that has your certificate, Access will automatically sign the project again, so you do not have to sign it manually each time.

For step-by-step information about how to create a certificate and digitally sign a database for personal use, see Signing a VBA project.

23. I am part of a team that is developing or testing an Access application. How does our team prevent the "This file may not be safe" or "Cannot open file due to security restrictions" warning messages from appearing each time the database is opened by a member of our team?

You should create a digital certificate by using the Create Digital Certificate utility (SelfCert.exe), and use that certificate to digitally sign your databases. Databases signed with a self-signed certificate are recommended only for personal use, or during testing and development phases of an Access solution.

After you create the certificate, you will be able to transfer the certificate to the computers that are part of your workgroup so that all members of the team can share the certificate, and avoid the warning messages each time they open the file.

Note that when a self-signed database is opened for the first time after it has been signed, you will see a message indicating that the certificate used to sign the VBA project hasn't been issued by a certification authority and shouldn't be trusted. Obviously, you can safely trust a VBA project signed by yourself or your workgroup with a self-signed certificate, and if you do so, you will not see any warnings the next time you open the file.

If you or a member of your workgroup modifies a self-signed VBA project on a computer that has the certificate, Access will automatically sign the project again, so the file need not be manually signed each time.

For step-by-step information about how to create a certificate and share it with your workgroup, and how to digitally sign a shared database, see Signing a VBA project.

24. The users of my database are complaining about the "This file may not be safe" or "Cannot open file due to security restrictions" messages appearing each time they open a database I created. What do I do?

You cannot turn off this message for your users. And you must not recommend that they change the macro security level setting to Low to avoid security warnings, because it opens up their computer to malicious attacks. What you must do is obtain a certificate and use it to sign your databases before distributing them. You must then ask the users to add your certificate to their computer as a trusted publisher of macros.

Under the Medium or High macro security level, when users open a signed file for the first time, they will not see the "This file may not be safe" message, but they will be prompted to add you to the list of trusted publishers. If they select the Always trust macros from this publisher check box, they will not be prompted subsequently, for as long a period as the signature is valid.

For more information about how to obtain a certificate and sign a VBA project, see the article Signing a VBA project.

25. How do I obtain a digital certificate? Is it free?

See Signing a VBA project. This article explains the various ways in which you can obtain a certificate, and when to use which kind. It also explains how to sign a VBA project by using your own certificate.

26. How do I add a digital signature to a VBA project?

If you have not obtained a certificate, you must first obtain one. It is not possible to sign a VBA project without a certificate.

For step-by-step information about how to obtain a certificate and how to sign a VBA project by using the certificate, see the article Signing a VBA project.

27. How do I change the macro security level in Access?

On the Tools menu, point to Macro, and then click Security. If you do not see the Macro menu item under the Tools menu, or the Security menu item under the Macro menu, click the arrows at the bottom of a drop-down menu to display the hidden menu items.
Tip If you want to see all menu items by default, on the Tools menu, click Customize, click the Options tab, and select the Always show full menus check box.

I still can't see the Security command under the Macro menu
1. On the Tools menu, click Customize, and then click the Commands tab.
2. Click Rearrange Commands, select Menu Bar, and in the Menu Bar box, click Tools, and then click Macro.
3. In the Controls section, click Add.
  The Add command dialog box will appear.
4. In the Categories box, click Tools, and then in the Commands box, click Security.
  The Security command will appear in the Controls box.
5. Use the Move Up and Move Down buttons to position the Security command where you want.
  If you'd like to position the Security command in its own group (between horizontal lines), with Security selected, click Modify Selection and click Begin a Group. Select the menu item below the Security command, and repeat.
6. Click Close twice.
Click the Security Level tab, and then select the macro security level that you want to use.

28. How do I prevent the "This file may not be safe" warning from interrupting the execution of automation scripts?

You can write VBScript code that suppresses the warning, so that your automation script does not require manual intervention. For information about how to write and run this script, see the section "The security warning interrupts the execution of automation scripts" in the topic Troubleshoot macro security level and warnings.

I have already taken action, but...

29. I have already installed the Jet service pack, but now I see another message that asks me if I want to block unsafe expressions!

Merely installing the latest version of the Jet service pack does not automatically enable sandbox mode. For more information, see Question 2.

30. I have already installed the Jet service pack and clicked Yes to enable sandbox mode, but now I see the "This file may not be safe" or "Cannot open file due to security restrictions" warning!

See Question 6.

31. Sandbox mode is not enabled on my computer. What do I do?

If Jet 4.0 SP8 or later is not installed on your computer, see Question 18 for step-by-step information about how to download the service pack and enable sandbox mode.

If Jet 4.0 SP8 or later is installed, and the macro security level in Access is set to High or Medium, you will be prompted to enable sandbox mode each time you open a file. When prompted, click Yes to block unsafe expressions.

If Jet 4.0 SP8 or later is installed, and the macro security level is set to Low, on the Tools menu, point to Macro, and then click Security. In the Security dialog box, click High or Medium, and then click OK. When prompted to block unsafe expressions, click Yes.

Note If you are unable to change the macro security level to High or Medium, see Questions 36 through 38 for troubleshooting information.

32. I have set the macro security level to Low, but I still see a warning.

When you change the macro security level from High or Medium to Low when Access is running in sandbox mode, you will be asked if you want to allow the evaluation of potentially unsafe expressions. Click Yes to turn off sandbox mode, or click No to remain in sandbox mode. Whether you click Yes or No, you will not be prompted again when you subsequently open a file.

If you still see security warning messages when you open a file even after setting the macro security level to Low, it might be because your Office administrator has revoked your privileges to lower the macro security level as part of the organization's security policy. For further assistance, contact your Office administrator.

33. I have enabled sandbox mode, and the "Unsafe expressions are not blocked" warning has gone away, but my database isn't functioning properly.

See Question 3.

34. I signed my database before sharing it with my workgroup or distributing it to my users. Now they say they are getting a warning when they open it.

The warning that appears when a user opens a signed file varies with the type of certificate that you used to sign the file. For more information, see Question 9 and Question 10.

35. I cannot add a publisher to the list of trusted publishers of macros on my computer. Why?

Some of the reasons could be:

The certificate used to sign the file is from an untrusted root certification authority. Contact the publisher for further assistance.
The file was signed by an unknown publisher with a certificate created by the Create Digital Certificate Utility (SelfCert.exe). Contact the publisher for further assistance.
An administrator has revoked your privileges to modify the list of trusted publishers. Contact the administrator for further assistance.

For more troubleshooting information, see Troubleshoot modifying the list of trusted publishers for macros.

36. I tried changing the macro security level, but when I click Tools and point to Macro, I don't see the Security menu command.

You need to add the Security command to the Macro submenu.

On the Tools menu, click Customize, and then click the Commands tab.
Click Rearrange Commands, select Menu Bar, and in the Menu Bar box, click Tools, and then click Macro.
In the Controls section, click Add.
The Add command dialog box will appear.
In the Categories box, click Tools, and then in the Commands box, click Security.
The Security command will appear in the Controls box.
Use the Move Up and Move Down buttons to position the Security command where you want.
If you'd like to position the Security command in its own group (between horizontal lines), then, with Security selected, click Modify Selection and click Begin a Group. Select the menu item below the Security command, and repeat.
Click Close twice.

37. Why is the Macro or Security menu command disabled?

If the Macro command on the Tools menu or the Security command under the Macro submenu is disabled, contact your Office administrator. Your administrator might have revoked your privileges to alter the macro security level settings as part of your organization's security policy.

38. The Security dialog box does not appear, or I cannot make changes in the dialog box.

Contact your Office administrator. Your administrator might have revoked your privileges to alter the macro security level settings as part of your organization's security policy.

Additional Information

For more troubleshooting information, see Troubleshoot macro security level and warnings.