ULS Flaw?

M

Milewskp

If I create an Access database on one PC, and then secure it by using the
Security Wizard on a second PC, I find that it is secured on the second PC,
but completely unsecured when I open it on the first.

Can anyone explain this behaviour?

Both PCs are running Windows XP and both are runnign the same copy of MS
Access 2002

Authored by: Milewskp
 
·

·ÉѩƮƮ

"Milewskp" <[email protected]...
If I create an Access database on one PC, and then secure it by using the
ÎÞ·¨ÕÒµ½Ö÷»ú¡°SMTP¡±¡£Çë¼ì²éÊäÈëµÄ·þÎñÆ÷ÃûÊÇ·ñÕýÈ·¡£ ÕÊ»§: 'POP3', ·þÎñÆ÷:
'SMTP', ЭÒé: SMTP, ¶Ë¿Ú: 25, °²È«(SSL): ·ñ, Ì×½Ó×Ö´íÎó: 11001, ´íÎóºÅ:
0x800CCC0D
 
R

Rick Brandt

Milewskp said:
If I create an Access database on one PC, and then secure it by using the
Security Wizard on a second PC, I find that it is secured on the second PC,
but completely unsecured when I open it on the first.

Can anyone explain this behaviour?

That is the expected behavior when a file is secured incorrectly. In some
versions the wizard does NOT produce a properly secured file. Chances are Admin
is still the owner of the database meaning that anyone will be able to open it.
 
M

Milewskp

Thanks Rick.
Can you explain what it is about the permissions set by the Wizard that
appears to make the database secure on one PC but not the other?

Can you point me to a reference that lists bugs related to ULS Security in
general, and the Security Wizard in particular?
 
R

Rick Brandt

Milewskp said:
Thanks Rick.
Can you explain what it is about the permissions set by the Wizard that
appears to make the database secure on one PC but not the other?

Can you point me to a reference that lists bugs related to ULS Security in
general, and the Security Wizard in particular?

You are assuming it is secure on the original PC because you are prompted to log
in. That is a completely separate issue from whether a file is secured or not.

The truth is that the file is totally un-secured because the Admin user as a
member of the Users group is able to open it on the other PC. Neither Admin nor
the group Users should have any permissions or ownership in a properly secured
file.

As stated before, a common mis-step is to leave Admin as the owner of the
database. Owners have rights above and beyond their *permissions*.
 
M

Milewskp

Hi Rick,
I can open the database on the PC that it was created on just by double
clicking the file icon. When I try this on the PC that the database was
secured on, Access will not let me open the file. (To secure the database I
followed steps 16-32 on Joan Wild’s Step by Step instructions at
http://www.jmwild.com/security02.htm.)

Can you explain what it is about the permissions set by the Wizard that
appears to make the database secure on one PC but not the other?

Can you point me to a reference that lists bugs related to ULS Security in
general, and the Security Wizard in particular?
 
J

Joan Wild

Milewskp said:
Hi Rick,
I can open the database on the PC that it was created on just by double
clicking the file icon. When I try this on the PC that the database was
secured on, Access will not let me open the file.

It sounds as though these are different files. The permissions are stored in the mdb file. Securing one copy of the file, doesn't magically secure all copies of it.

You need to copy the secure mdb to the other computer as well.
 
R

Rick Brandt

Milewskp said:
Hi Rick,
I can open the database on the PC that it was created on just by
double clicking the file icon. When I try this on the PC that the
database was secured on, Access will not let me open the file. (To
secure the database I followed steps 16-32 on Joan Wild's Step by
Step instructions at http://www.jmwild.com/security02.htm.)

Without reviewing them, can you explain why you did not follow steps 1
through 15? Access security has no "frill steps". If you leave something
out it does not work.
Can you explain what it is about the permissions set by the Wizard
that appears to make the database secure on one PC but not the other?

Can you point me to a reference that lists bugs related to ULS
Security in general, and the Security Wizard in particular?

There are no "bugs" that I know of (except in the wizards). ULS is just
HARD until you fully understand how it works.
 
M

Milewskp

Hi Rick,
Steps 1-15 are optional, as Joan explains in the link.
You mentioned that in some versions the wizard does NOT produce a properly
secured file. Can you point me to a reference that lists bugs related to the
ULS Security Wizard?
 
M

Milewskp

Joan Wild said:
It sounds as though these are different files. The permissions are stored in the mdb file. Securing one copy of the file, doesn't magically secure all copies of it.

You need to copy the secure mdb to the other computer as well.
Hi Joan,
I can assure you , it is the same file: I create the mdb file on one of my
PCs (call it PC1), load it on my other PC (PC2) and secure it using steps
16-32 of your Step by Step instructions at
http://www.jmwild.com/security02.htm. After being secured, I can no longer
open it on PC2 simply by double-clicking (as expected), but I can on PC1.
Note that when I open it on PC1, the owner of the database and all objects is
shown as <unknown>.

BTW, the information you’ve posted on the internet has been very helpful to
me. Thanks.
 
A

Aaron Kempf

you're full of crap

if JET SECURIT does not work then move to SQL Server

the math is _REALLY_ simple
 
J

Joan Wild

Milewskp said:
Hi Joan,
I can assure you , it is the same file: I create the mdb file on one of my
PCs (call it PC1), load it on my other PC (PC2) and secure it using steps
16-32 of your Step by Step instructions at
http://www.jmwild.com/security02.htm. After being secured, I can no longer
open it on PC2 simply by double-clicking (as expected), but I can on PC1.
Note that when I open it on PC1, the owner of the database and all objects is
shown as <unknown>.

Sorry, but I am not clear here. How are you opening it on PC1? It still sounds as though you are opening the original file that was on PC1. Are you copying back the secure file to PC1? Are you opening it over the network?
 
M

Milewskp

Joan Wild said:
Sorry, but I am not clear here. How are you opening it on PC1? It still sounds as though you are opening the original file that was on PC1. Are you copying back the secure file to PC1? Are you opening it over the network?

Hi Joan,
I create the file on PC1, and call it CreatedOnPC1.mdb
I copy CreatedOnPC1.mdb to a memory stick
I copy CreatedOnPC1.mdb from the memory stick to PC2’s desktop
I secure the copy of CreatedOnPC1.mdb on PC2’s desktop using the Security
Wizard as explained earlier.
I rename the secured mdb file on PC2’s desktop as
CreatedOnPC1.SecuredOnPC2.mdb, and copy it to the memory stick.
I copy CreatedOnPC1.SecuredOnPC2.mdb from the memory stick to PC1’s desktop.
I double click on CreatedOnPC1.SecuredOnPC2.mdb on PC1’s desktop, and it
opens.

Note: I am running the same copy of Access 2002 under Windows XP on both
PC1 and PC2. This problem doesn’t occur on other pairs on PCs that I’ve tried
which are running Access 2003.
 
J

Joan Wild

OK, then you missed a step in securing the database. When you do it right, you won't be able to open the mdb unless you use the correct secure mdw file. It's important to follow *every* step, missing nothing, and in the correct order.
 
M

Milewskp

Joan Wild said:
OK, then you missed a step in securing the database. When you do it right, you won't be able to open the mdb unless you use the correct secure mdw file. It's important to follow *every* step, missing nothing, and in the correct order.

Here are the steps I followed to secure the database:
- Open the database
- Select Tools/ Security/ ULS Wizard
- click Next 7 times and then click Finish
- close the Security report winodw and click No (don't save)
- click OK.
 
J

Joan Wild

Milewskp said:
Here are the steps I followed to secure the database:
- Open the database
- Select Tools/ Security/ ULS Wizard
- click Next 7 times and then click Finish
- close the Security report winodw and click No (don't save)
- click OK.

The security wizard in 2002 and 2003 works well in my experience. I followed the steps you outlined exactly (even though you didn't choose any built-in groups or add any users), and the resulting mdb is secured. It can only be opened using the secure.mdw workgroup that the wizard created.
 
M

Milewskp

Hi Joan,

I've tried to duplicate this problem on other pairs of PCs, including:
- my PC1, and PC3 (running Access 2003)
- my PC2, and PC3 (running Access 2003)
- PC3 and PC4 (both running Access 2003).
but I have only been able to get the problem to occur when I create the mdb
on my PC1 and secure it on my PC2, or create the mdb on my PC2 and secure it
on my PC1. Both PC1 and PC2 run the same copy of Access 2002.

Notes:
- If I both create and secure the mdb on PC1, I don't have the problem (ie
it is secure on both PC1 and PC2).
- If I both create and secure the mdb on PC2, I don't have the problem (ie
it is secure on both PC1 and PC2).

Any guesses as to what it could be about the configuration of MS Access on
these PCs (eg., registry settings, system.mdw characteristics, etc.), that
could be causing this problem? I'd like to find out what is causing this, but
I'm not sure what to check next.
 
J

Joan Wild

It could be that PC1 or PC2 is joined by default to a mdw that isn't a standard system.mdw (or is one that has been modified)?

Since you are using 2002/2003, you can search for *.mdw and rename every one that you find. When you open Access it'll create a new pristine system.mdw

Creating on one, and securing on another shouldn't make a difference

By the way, you can secure without using the wizard.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top