Title

Prompts to convert older databases must be enforced. (Cat III impact)

Discussion

When users open databases that were created in the Access 97 file format, Access 2013 prompts them to convert the database to a newer file format. Users can choose to convert the database or leave it in the older format. Disabling this setting ensures Access 2013 prompts the user, and is therefore unlikely to cause usability issues. Otherwise, if Access 2013 was allowed to automatically convert the database, it may be converting outdated code which is not compatible or tested with the newer version. In addition, if the database is used by multiple users, there is the potential of making the database inaccessible to other users who may not be using Access 2013.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2013 -> Miscellaneous "Do not prompt to convert older databases" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\access\settings Criteria: If the value NoConvertDialog is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2013 -> Miscellaneous "Do not prompt to convert older databases" to "Disabled".

Additional Identifiers

Rule ID: SV-52773r1_rule

Vulnerability ID: V-17603

Group Title: DTOO137 - Prompt / Convert Older Databases

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.