Why does Access show a security warning every time I open my database?

Access shows the 'Security Warning — Some active content has been disabled' bar when a database with macros or VBA is opened from a location that isn't designated as a Trusted Location. Adding the folder containing your .accdb file to Trust Center → Trusted Locations eliminates the warning permanently.

What happened to Access workgroup security (.mdw files) in .accdb?

Workgroup-level security (.mdw files) was removed in Access 2007 and is not supported in .accdb. The only security option in .accdb is database password encryption. If your .mdb used workgroup security to restrict table/query access by user, you need to redesign security using VBA-based login forms and record-level filtering, or migrate the data to SQL Server with its native row-level security.

Does .accdb support database password encryption?

Yes. .accdb supports AES encryption (AES-256 in Access 2010+) via a database password. Set it under File → Info → Encrypt with Password. This is more secure than .mdb's RC4-based encryption, which could be cracked trivially. Note: this encrypts the database file; it doesn't provide user-level or object-level access control.

Access Database Security Settings After Migration to .accdb

January 14, 2026 · 7 min read

After migrating from .mdb to .accdb, you may find your database opens with security warnings, macros refuse to run, or — if you were using workgroup security — access control has disappeared entirely. The security model changed significantly between the Jet 4.0 and ACE eras. This guide explains what changed, what you need to configure, and what you need to redesign.

The Biggest Change: Workgroup Security Is Gone

If your .mdb database used workgroup-level security — the system where users logged in with a name and password, and different users had different permissions on tables, queries, and forms — you need to know this upfront: workgroup security does not exist in .accdb.

Microsoft removed it in Access 2007. The .accdb format has no support for workgroup files (.mdw), user accounts, or object-level permissions at the Access layer. If you try to convert a workgroup-secured .mdb to .accdb, Access will strip the security and ask you to proceed without it.

Replacing Workgroup Security

If your database relied on workgroup security for access control, you have two paths forward:

VBA-based login form: Build a login form that checks a Users table you maintain yourself. Show or hide forms/features based on the logged-in user's role. This is appropriate for simple role-based access (admin vs. read-only).
Migrate to SQL Server: SQL Server has robust, granular user-level and row-level security. Use Access as a front-end with linked tables pointing to SQL Server, and manage all security at the SQL Server layer. This is the right choice for any database handling sensitive data.

Not sure what security features your .mdb uses?

LegacyLeaps's free scan identifies workgroup security, database passwords, and other access controls in your .mdb — before you migrate and lose track of them.

Scan for Free

Trust Center and Macro Security

The yellow security bar that appears when you open an .accdb is Access's way of saying: "This database has VBA or macros, and it's in an untrusted location." Clicking "Enable Content" fixes it for that session but the warning returns every time.

The permanent fix is to designate the database's folder as a Trusted Location:

Open Access and go to File → Options → Trust Center.
Click "Trust Center Settings."
Click "Trusted Locations" in the left panel.
Click "Add new location."
Browse to the folder containing your .accdb file.
Check "Subfolders of this location are also trusted" if needed.
Click OK.

Any .accdb opened from a Trusted Location will run VBA and macros without the security bar. For databases accessed from a network share, check "Allow Trusted Locations on my network" at the bottom of the Trusted Locations panel — network paths aren't trusted by default.

Macro Security Levels

If you don't want to use Trusted Locations, you can adjust the macro security level for all databases:

Setting	Behavior	Recommendation
Disable all macros without notification	All VBA/macros silently blocked	Avoid — breaks all functionality
Disable all macros with notification	Security bar shown, user must enable	Default — OK for occasional use
Disable all macros except digitally signed	Only signed code runs automatically	Best for enterprise deployment
Enable all macros	All code runs without prompts	Only with Trusted Locations as filter

Database Password Encryption in .accdb

The .mdb format supported a database password, but its encryption was RC4-based and trivially reversible — any Access password cracker from the early 2000s could strip it in seconds. The .accdb format uses AES encryption (AES-256 in Access 2010+), which is genuinely secure.

To encrypt a .accdb with a database password:

Open the database with exclusive access: File → Open → browse to the file → click the dropdown arrow on "Open" → "Open Exclusive."
Go to File → Info → Encrypt with Password.
Enter and confirm the password.

Important caveat: database password encryption protects the file at rest — it prevents someone from opening the .accdb without knowing the password. It doesn't prevent authorized users from doing anything they want once they're in. Database-level encryption is not a substitute for proper access control logic.

Access Sandbox Mode

After a Windows update, you may find Access macros that previously worked now throw errors or refuse to run certain actions. This is often due to Access running in "sandbox mode," which restricts certain VBA functions deemed unsafe.

Sandbox mode can be configured via registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access Connectivity Engine\Engines
Value: SandboxMode
Data: 0 = never sandboxed, 1 = sandboxed if untrusted, 2 = always sandboxed, 3 = default

The default (3) means Access determines sandbox mode based on the database's trust status. Databases in Trusted Locations run outside sandbox; others run inside. If you're seeing sandbox-related errors and the database is in a Trusted Location, check whether a Group Policy is overriding your Trust Center settings.

Group Policy Considerations

In corporate environments, Group Policy may override Access Trust Center settings. If a user adds a Trusted Location but the security warning keeps appearing, the most likely cause is a GPO that controls Access macro settings. Check with your IT administrator about Office Trust Center policies. The relevant policy is under User Configuration → Administrative Templates → Microsoft Access → Application Settings → Security → Trust Center.

Post-Migration Security Checklist

Identify whether your .mdb used workgroup security — if yes, plan the replacement strategy before migrating.
After migration, add the .accdb folder to Trusted Locations on every machine that runs the database.
If the database contains sensitive data, encrypt with a database password.
Test that all VBA event handlers fire correctly from a Trusted Location.
For multi-user environments, verify that each user's machine has the Trusted Location configured (or deploy via Group Policy).
If using macro security level "Disable all except digitally signed," sign your VBA project with a code signing certificate.

For the complete migration walkthrough, see the Complete Guide to Access Database Migration. For VBA-specific issues after migration, read the Access VBA Audit guide.

Coming Soon

AccessLeap — Turn Your Access Database Into a Web App

AI-powered code generation from .accdb files. Your data never leaves your machine.

Learn More & Get Notified

Ready to migrate?

LegacyLeaps preserves your VBA, forms, and data when converting .mdb to .accdb — and flags security configurations that need attention before migration day.

Download Free Scanner

Get tips like this in your inbox

Practical fixes for legacy Excel and Access problems. No spam.

← Back to all posts