ACC97: "An ActiveX Object on This Page May Be Unsafe" Message with ASP Form (175294)

SYMPTOMS

When you export a Microsoft Access form to ASP format and then view the result in a browser, you receive the following message:

   An ActiveX object on this page may be unsafe. Do you
   want to allow it to initialize and be accessed by scripts?

You also receive this message each time you move to another record.

CAUSE

The prompt appears because you are using the HTML Layout Control with Microsoft Internet Explorer version 4.0. The HTML Layout Control processes the ActiveX Layout file associated with a form that has been exported to ASP format; the name of this file is in the format <formname>alx.asp.

This behavior is the result of enhancements that have been made to Microsoft Internet Explorer 4.0, and it does not occur if you are using Microsoft Internet Explorer 3.x.

RESOLUTION

To avoid being prompted when you open an ASP file and move to other records, add the server that contains the ASP file to the Trusted sites zone. Then change the security for the Trusted sites zone to enable initialization and scripting of ActiveX controls not marked as safe.

WARNING: You should consider any security implications before implementing this resolution.

Start Microsoft Internet Explorer 4.0.
On the View menu, click Internet Options, and then click the Security tab.
In the Zone box, select Trusted Sites Zone, and then click Add Sites.
In the Trusted sites zone dialog box, type the name of the server on which the ASP file is located in the text box under "Add this Web site to the zone." If you require server verification for all sites in this zone, type https://<servername>; otherwise, type http://<servername> and click to clear the Require Server Verification check box.
Click Add, and then click OK.
On the Security tab in the Internet Options dialog box, click Custom, and then click Settings.
In the Security Settings dialog box, change the setting for "Initialize and script ActiveX controls not marked as safe" from Prompt to Enable, and then click OK.
In the Internet Options dialog box, click OK. Note that you can now open ASP files in Internet Explorer 4.0 and move to different records without receiving a prompt.

MORE INFORMATION

Steps to Reproduce Behavior

Create a System DSN on your Web server that points to the Northwind sample database. For more information about creating a System DSN, please see the following article in the Microsoft Knowledge Base:

159682 ACC97: "Data Source Name Not Found" Err Msg Opening Web Page
Start Microsoft Access 97, and open the sample database Northwind.mdb.
Select the Customers form in the Database window, and on the File menu, click Save As/Export.
In the Save As dialog box, click "To an External File or Database," and then click OK.
In the "Save Form 'Customers' In" dialog box, select Microsoft Active Server Pages (*.asp) in the Save As Type box, and type Customers.asp in the File Name Box. Select a folder in which to store the ASP files, and then click Export; this folder must have WWW Execute permissions.
In the "Microsoft Active Server Pages Output Options" dialog box, type the name of the System DSN you created in step 1 in the Data Source Name box.
In the Server URL box, type the Uniform Resource Locator (URL) that points to the Web Server location where your ASP files have been saved, and then click OK.

For example, if you store the ASP files in the \Scripts folder on the \\PubTest server, type http://pubtest/scripts/ as your Server URL. Microsoft Access creates the files Customers.asp and Customersalx.asp.
Start Microsoft Internet Explorer 4.0.
Type the URL in the address box to view Customers.asp.

For example, if you saved the ASP file in the Scripts folder located in the wwwroot folder of your Web Server, type:

http://<servername>/Scripts/Customers.asp

The URL depends upon where your files are located on the Web server.

Note that you receive the prompt described in the "Symptoms" section when you open the ASP file the Internet Explorer 4.0.