I looked high and low and had an impossible time, when I needed it, to locate an example, or explanation, of how I could create a Trusted Location for Access, Excel, Word,… using a simple vbscript.
If you manually make an entry in the Trusted Locations and then inspect your registry, you’ll see something similar to the following image (in this case for MS Access, but the same principal applies to almost all MS Office applications)
As you can see, each application: Access, Excel, PowerPoint, Word as its own Trusted Locations and every entry has a parent key entitled ‘LocationX’, where X is an incremental number. With this information in mind and a lot of web searching and vbscripting, I eventually managed to piece a script together and below is what it looks like.
Note: You will have to edit the 12.0 in the code below to reflect your version of Access or whatever other Office app you are trying to create a Trusted Location for:
12.0 -> 2007
14.0 -> 2010
15.0 -> 2013
16.0 -> 2016+
'*******************************************************************************
' Purpose :Setup the required trusted location
' Author : Daniel Pineault, CARDA Consultants Inc.
' Website : http://www.cardaconsultants.com
' Copyright : The following may be altered and reused as you wish so long as the
' copyright notice is left unchanged (including Author, Website and
' Copyright). It may not be sold/resold or reposted on other sites (links
' back to this site are allowed).
'
'Revision: 2010-06-23 Initial Release
'*******************************************************************************
Const HKEY_CURRENT_USER = &H80000001
Dim oRegistry
Dim sPath 'Path to set as a Trusted Location
Dim sDescription 'Description of the Trusted Location
Dim bAllowSubFolders 'Enable subFolders as Trusted Locations
Dim bAllowNetworkLocations 'Enable Network Locations as Trusted
' Locations
Dim bAlreadyExists
Dim sParentKey
Dim iLocCounter
Dim arrChildKeys
Dim sChildKey
Dim sValue
Dim sNewKey
'Determine the location/path of the user's MyDocuments folder
'*******************************************************************************
Set oRegistry = GetObject("winmgmts:\\.\root\default:StdRegProv")
sPath = "TheFullPathOfYourTrustedLocation" 'ie: c:\databases\
sDescription = "YourTrustedLocationDescriptionGoesHere"
bAllowSubFolders = True
bAlreadyExists = False
sParentKey = "Software\Microsoft\Office\12.0\Access\Security\Trusted Locations" 'Access
' sParentKey = "Software\Microsoft\Office\12.0\Excel\Security\Trusted Locations" 'Excel
' sParentKey = "Software\Microsoft\Office\12.0\PowerPoint\Security\Trusted Locations" 'PowerPoint
' sParentKey = "Software\Microsoft\Office\12.0\Word\Security\Trusted Locations" 'Word
iLocCounter = 0
oRegistry.EnumKey HKEY_CURRENT_USER, sParentKey, arrChildKeys
For Each sChildKey in arrChildKeys
oRegistry.GetStringValue HKEY_CURRENT_USER, sParentKey & "\" & sChildKey, "Description", sValue
If sValue = sDescription Then bAlreadyExists = True
If CInt(Mid(sChildKey, 9)) > iLocCounter Then
iLocCounter = CInt(Mid(sChildKey, 9))
End If
Next
'Uncomment the following 4 linesif your wish to enable network locations as Trusted
' Locations
' bAllowNetworkLocations = True
' If bAllowNetworkLocations Then
' oRegistry.SetDWORDValue HKEY_CURRENT_USER, sParentKey, "AllowNetworkLocations", 1
' End If
If bAlreadyExists = False Then
sNewKey = sParentKey & "\Location" & CStr(iLocCounter + 1)
oRegistry.CreateKey HKEY_CURRENT_USER, sNewKey
oRegistry.SetStringValue HKEY_CURRENT_USER, sNewKey, "Path", sPath
oRegistry.SetStringValue HKEY_CURRENT_USER, sNewKey, "Description", sDescription
If bAllowSubFolders Then
oRegistry.SetDWORDValue HKEY_CURRENT_USER, sNewKey, "AllowSubFolders", 1
End If
End if
As usual when dealing with code off the net, and especially with registry coding, use it at your own risk! I assume no liability whatsoever. I am simply sharing information on what worked for me in the hopes it might help someone else.
Great code, thank you so much!
A couple notes:
For those using Office 2010, change the “12.0” in sParentKey to “14.0”
Secure location do not have to be named ‘Location0’, ‘Location1’, etc., they can have custom names. Thus, you may error out of you have a location that does not end in an integer (IE: “TemplateLocation”). My code specifically names the location “ABCTemplate”. This way I don’t need to worry about iLocCounter and associated error, if the loop says a location is named “ABCTemplate”, bAlreadyExists = True
In my code, I added an “Else” to the last if statement, so in the event bAlreadyExists = True, I still go through and update the record, just in case I’m changing the template location down the line.
This is exactly what i was looking for. thank you so much
One suggestion, it is a minor one, the code that figures out the location number could be changed a little. If the user has set up a trusted location manually say in excel. say the user makes two trusted locations. Say that creates Location6 and Location7. Then the user decides to delete the first one via excel, it deletes the Location6, but leaves location 7. so then if this script is ran it will create a Location8, when Location6 should be created. not too big of a deal but worth noting. Could just loop from 0 to until a number isn’t found.
Also i know this post is a little dated, but in the registry the location to the trusted location could be different depending on the version of excel the users are using. yours example is set to use folder 12.0. just wanted to note the follow that i have found looking into this. *not verified*
11.0= Excel 2003
12.0= Excel 2007
14.0= Excel 2010
15.0= Excel 2013
Note I’m using Excel 2013, so as you stated I claim no liability in what i just said.
This is but a simple example created years ago to illustrate the basic principle. My own version has evolved tremendously over the past several years to now detect the version of MS Access installed and adjust accordingly.
That said, the sequential numbering is truly not of any importance whatsoever. It really is the same as a Primary Key in a database, its sole purpose is to uniquely identify the registry entry, nothing more. You don’t even need to name the keys “Location #”, you can give it any name you wish. So having gaps in the numbering should not be a concern.
Please show me how to use the above codes for access?
Thanks
Perfect starting point, thanks. Do you know what the registry key is for Trusted App Catalogs?
Here is the Excel version checker function in case anyone needs it.
function ExcelVersion
dim ver
ver = ReadRegValue(“HKCU\Software\Microsoft\Office\12.0\Excel\ExcelName”, “”)
if len(ver)>0 then
ExcelVersion = “12.0” ‘2007
exit function
end if
ver = ReadRegValue(“HKCU\Software\Microsoft\Office\14.0\Excel\ExcelName”, “”)
if len(ver)>0 then
ExcelVersion = “14.0” ‘2010
exit function
end if
ver = ReadRegValue(“HKCU\Software\Microsoft\Office\15.0\Excel\ExcelName”, “”)
if len(ver)>0 then
ExcelVersion = “15.0” ‘2013
exit function
end if
ver = ReadRegValue(“HKCU\Software\Microsoft\Office\16.0\Excel\ExcelName”, “”)
if len(ver)>0 then
ExcelVersion = “16.0” ‘2016
exit function
end if
end function
I use the following code (which is good for almost any program): http://www.devhut.net/2013/10/23/determine-installed-version-of-any-ms-office-program-vbscript/
the big question to me on this code is – are these registry paths (and the above code) basically good for spreading across operating systems – let’s say, from XP to Windows 10 ?
The code to create Trusted Location has never depended on the version of Windows, but rather the version of MS Office as it is an integral part of the Registry Key itself.
So the short answer is Yes, the above works (based on my usage to date) in Windows XP, Vista, 7, 8 & 8.1 for Office 2007, 2010 & 2013. I haven’t tested in Win 10 or Office 2016, but it should not pose any problem.
HI Daniel – do you happen to know offhand if these registry locations are the same for x64 Office installs as well? Thanks
To tell you the truth Jack, I’m not sure as all my clients run 32bit versions of Office/Access and I’ve never explored any further than ensuring it worked for them.
Okay, I fired up a 64x MSI VM and confirmed that they are indeed the same keys.
That said, I haven’t check for a CTR instance. Who knows there. I know nothing seems to be the same with anything where CTR is involved.
I know for sure the CTR install path registry locations are the same, so I’m going to go out on a limb and guess that all of the “basic” CTR reg paths will be the same as they were in MSI. Thanks for looking!
Anytime Jack!!!
Hi
I have found your article very good and works well with Office365 … in 2018
Is there a manner to add a file under
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Access\Security\Trusted Documents\TrustRecords
I have failed to find a solution.
Thank you
Thanks for this, It was very helpful. Now I am facing another challenge which is:
What if I want to remove the Trusted Location we just set?
I would really appreciate the solution.
Thanks!
Similarily to the CreateKey method, StdRegProv class has a DeleteKey method. Be very careful when messing around with the registry!
In my startup windows 10 have file MSTrusted.vbs
Is this virus?
No clue, I’m not familiar with the vbs file.
Where does the file come from?
Did you purchase/install any databases? Perhaps their installer put the file in place?
You would need to open the file in a text editor and review it. Scan it with your antivirus and malware software?
Daniel,
I have a question that I’m sure many folks know the answer to.
How do I implement/deploy the above script?
I have a MsAccess program I’ve written and I want to distribute it. I’m wondering if I just need to add the script to my start up form? Or should it be run separately?
And if I do include it in my program then I’m guessing it would run every time one of my users opens the program. That doesn’t sound right to me, but this is an area I don’t have any experience with so I would appreciate your help.
Thanks
Frank