KB5002984: Configuring Jet Red Database Engine and Access Connectivity Engine to block access to remote databases

Summary

Starting in the May 11, 2021 Windows and Microsoft Office updates, an option to make your applications more secure has been added to allow you to disable remote references in query execution. You might need to do this when you allow unprivileged users to run custom SQL queries by using the Jet Red Database Engine or Access Connectivity Engine (ACE). 

By default, no changes are made to accessing Jet or ACE by installing these updates. 

More information

If you disable using the Jet Red Database Engine or the Access Connectivity Engine (ACE) to access remote databases, you may receive error messages that resemble the following when you run your SQL queries:

  • Microsoft Access: If a user executes a query in Access, the following error message is displayed:

Error message dialog box

Text of error message

Operation is not supported for this type of object

Microsoft Access

Operation is not supported for this type of object.

  • Microsoft Access: If a user executes code that runs a query, a run-time error 3251 is displayed, unless the error message is handled in code:

Error message dialog box

Text of error message

Run-time error 3251

Microsoft Visual Basic for Applications

Run-time error '3251'

Operation is not supported for this type of object.

Warning: If you choose to re-enable the following registry values after disabling them, it might make your device vulnerable to attack by a malicious user or malicious software. We do not recommend that you re-enable these registry values after they are disabled. However, we are providing this information so that you can choose to implement this at your own discretion. Use this at your own risk.

Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Jet Red Database Engine

To disable using the Jet Red Database Engine to access a remote database, add the following to the registry:

For x64-bit systems:

Registry location: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Jet\4.0\Engines
DWORD name: AllowQueryRemoteTables
Value data: 0

For x86-bit systems:

Registry location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Jet\4.0\Engines
DWORD name: AllowQueryRemoteTables
Value data: 0

Note To re-enable the Jet Red Database Engine to access a remote database, change Value data to 1.

Access Connectivity Engine (ACE)

To disable using the Access Connectivity Engine (ACE) to access a remote database, add the following to the registry:

  • For Office 2016, Office 2019, and Microsoft 365 Applications (including 2016 Access Connectivity Engine Redistributable), add the following to the registry:

    Registry location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access Connectivity Engine
    DWORD name: AllowQueryRemoteTables
    Value data: 0

  • For Office 2013, add the following to the registry:

    Registry location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\Access Connectivity Engine
    DWORD name: AllowQueryRemoteTables
    Value data: 0

Note To re-enable the Access Connectivity Engine (ACE) to access a remote database, change Value data to 1.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×