Creating a workgroup, Secure database, join a workgroup????

[Norman Fritag]

Hi there

I have manage to create on my machine a work group and thought that I
secured this database.
I was quite happy until I tested it, accessing the "secured database" on the
network from another machine and look what happened: I was able to open the
database without any effort!! Not prompt no nothing, strait access!!

What am I missing here?

I am using a shortcut string to initiate accessing the secured database. The
Database is although not joint with the system.mdw, but with mysytem.mdw,
which causes that if I want to open any other database, which I thought are
not joint with the mysystem.mdw are requiring all of its sudden passwords
too!!!

Does this method mean that what I have done on my machine only applies to my
machines mysystem.mdw and anyone else uses their system.mdw??

What am I missing here??
What else is required to secure this database??

any hints are much appreciated.

Kind regards

Norman F

 

[Joan Wild]

Hi there

I have manage to create on my machine a work group and thought that I
secured this database.
I was quite happy until I tested it, accessing the "secured database"
on the network from another machine and look what happened: I was
able to open the database without any effort!! Not prompt no nothing,
strait access!!

What am I missing here?

You missed a step in securing it. Either the Admin user still owns the
database, or the Users Group has permission to objects.

I am using a shortcut string to initiate accessing the secured
database. The Database is although not joint with the system.mdw, but
with mysytem.mdw, which causes that if I want to open any other
database, which I thought are not joint with the mysystem.mdw are
requiring all of its sudden passwords too!!!

Databases are not joined to a workgroup file. The workgroup used is session
based. Every time you start Access it uses a workgroup file - even for
unsecured databases. It uses whatever workgroup you are currently joined to
by default. Out of the box, it silently logs you in as Admin using the
system.mdw workgroup. That is why, since you are joined to mysystem.mdw,
you are getting a login prompt for every database.

Leave your computer joined to system.mdw and use desktop shortcuts to start
your secure databases. The shortcut can include the /wrkgrp switch which
will override the default mdw for just that session of Access.

Follow the steps in
Security FAQ
http://support.microsoft.com/?id=207793

I've also outlined the steps at www.jmwild.com/AccessSecurity.htm

 

[Norman Fritag]

Joan,

thank you!

Regards Norman

You missed a step in securing it. Either the Admin user still owns the
database, or the Users Group has permission to objects.


Databases are not joined to a workgroup file. The workgroup used is session
based. Every time you start Access it uses a workgroup file - even for
unsecured databases. It uses whatever workgroup you are currently joined to
by default. Out of the box, it silently logs you in as Admin using the
system.mdw workgroup. That is why, since you are joined to mysystem.mdw,
you are getting a login prompt for every database.

Leave your computer joined to system.mdw and use desktop shortcuts to start
your secure databases. The shortcut can include the /wrkgrp switch which
will override the default mdw for just that session of Access.

Follow the steps in
Security FAQ
http://support.microsoft.com/?id=207793

I've also outlined the steps at www.jmwild.com/AccessSecurity.htm

 

[Denny]

Hi all,

I am stil not clear how to achieve this.
It's true that you can make your database secure through shortcut.
But other user on the network can always access the database straight
to the .mdb file.
In this case they will use their own "default" workgroup file and
still able to make changes.

Am I missing something here?

Many Thanks.

Regards,

Denny

 

[Joan Wild]

Hi all,

I am stil not clear how to achieve this.
It's true that you can make your database secure through shortcut.
But other user on the network can always access the database straight
to the .mdb file.
In this case they will use their own "default" workgroup file and
still able to make changes.

Am I missing something here?

Yes. If they can even open your database using their own default workgroup
file, then you missed a step in securing it.

Check that the users group has no permissions to anything (check the
database object). Check that the Admin user doesn't own any objects. Those
are the two most common reasons.

If you implement security, following *every* step, your users will not be
able to open the mdb without using the correct mdw file.

 

[Denny]

Thanks Joan,

I've redone the steps and made it works!!

 

[Joan Wild]

I've followed your
step-by-step instructions on your website several different times
with several different copies of test databases. Unfortunately, I
haven't been able to secure any one of them. They are all completely
accessable simply by re-joining the default workgroup.

Yes, in
particular I've went over the permissions with a fine tooth comb to
make sure that the User group has no permissions to anything,
including the database. Also, the user "admin" owns no objects, and
is a member of the group Users, and that group only.

Nevertheless, I'm still able to get access to this database via the
default usergroup, and so are my co-workers through their computers.
Do you have any idea what else could be the problem?

The only thing that comes to mind is that you are not using the workgroup
that you think you are, and/or you've modified the system.mdw (or you
started
by copying this file).

One problem I did have, when following your step-by-step instructions
(I followed 1-15, then 22-end): was in step 25. At the end of the
step, you say "It is recommended that you select this user and enter
a password for them." This doesn't make sense to me. Wasn't this
already done in step 13?

True enough. That really is for those that didn't do 1-15, but started at
16.

And even if I didn't concern myself with the
fact that I already did this, I couldn't enter a password because
because the password field was locked with the ghosted message:
"<previously created>". Is this relevant to my problem? Is this an
indication to you that I missed something?

This indicates that you've run the wizard more than once, and you're
modifying a previously created workgroup file. Perhaps you're modifying
system.mdw

It's difficult for me to determine where you've gone wrong, since you've
done the steps multiple times. The only thing I can suggest is that you
start over with an unsecured copy of your database, and delete all the mdw
files that have been created along the way.