Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    New Lounger
    Join Date
    Feb 2002
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Jet security on a network (Access 97)

    Greetings

    I

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Jet security on a network (Access 97)

    You must put the secured .mdw file on the network and make sure that everyone uses this workgroup file.

    The easiest way to do this is to create a shortcut with a target that looks like this:

    "C:Program FilesMicrosoft OfficeOfficeMSAccess.exe" "PatabaseMyDatabase.mdb" /wrkgrp "PatabaseMyWrkgrp.mdw"

    Replace the path and name of the database and of the workgroup file by the appropriate values for your situation. If Office 97 is installed in a non-standard location, you must substitute the correct path to the Access application too.

    Otherwise, your users will open the database with the standard worksgroup file on their own PC; in that case they will be logged in as Admin.

    If you followed Microsoft's instructions for securing a database, you have taken the Admin user out of the Admins group, and revoked most rights from the Admin user. So even if somebody opens the database as Admin, that user won't be able to mess up things.

  3. #3
    New Lounger
    Join Date
    Feb 2002
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Jet security on a network (Access 97)

    Yes.

    Everything you said works. Thank you.

    Also like you said. MsAccess is in a non-standard directory:

    CrogrammMsOfficeAccessmsaccess.exe or

    CrogrammMsOfficeOfficemsaccess.exe

    Can i have the shortcut try both when clicking? Or should i enter 2 different shortcuts?

    Thank you again!

    Ahara

  4. #4
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Jet security on a network (Access 97)

    Hello Ahara,

    I'd create two different shorcuts for the different installation folders.

    As an alternative, you might write a batch file (yes, I'm that old...) or program an executable in VB, C++ or whatever language you're comfortable with.

    A batch file might look like this:

    <img src=/w3timages/blueline.gif width=33% height=2>

    if not exist "CrogrammMsOfficeAccessmsaccess.exe" goto :alt
    "CrogrammMsOfficeAccessmsaccess.exe" "databasename" /wrkgrp "workgroupname"
    goto end
    :alt
    "CrogrammMsOfficeOfficemsaccess.exe" "databasename" /wrkgrp "workgroupname"
    :end

    <img src=/w3timages/blueline.gif width=33% height=2>

    Of course, you must substitute the database name and workgroup file name.

  5. #5
    Platinum Lounger
    Join Date
    Dec 2001
    Location
    Melbourne, Australia
    Posts
    4,594
    Thanks
    0
    Thanked 27 Times in 27 Posts

    Re: Jet security on a network (Access 97)

    You wrote
    <<(yes, I'm that old...) >>

    How old is that Hans?

  6. #6
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Jet security on a network (Access 97)

    Old enough to have worked with computers before Windows - yea, even before MS-DOS

    <img src=/S/gramps.gif border=0 alt=gramps width=20 height=20> (I look a bit like WendellB, don't I?)

    If you really want to know: I'm 50.

  7. #7
    Platinum Lounger
    Join Date
    Dec 2001
    Location
    Melbourne, Australia
    Posts
    4,594
    Thanks
    0
    Thanked 27 Times in 27 Posts

    Re: Jet security on a network (Access 97)

    There's obviously a few of us around that vintage.
    I'm as old as a <img src=/S/gramps.gif border=0 alt=gramps width=20 height=20> too.
    Pat <img src=/S/cheers.gif border=0 alt=cheers width=30 height=16>

  8. #8
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: Jet security on a network (Access 97)

    Ah! You young whippersnappers will get to be as old as some of us "gramps" types in another 10 years or so!
    Wendell

  9. #9
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: Jet security on a network (Access 97)

    Some follow-ons to the excellent advice from Hans:

    If someone is able to get into your database using their default system.mdw file, then your database has not been completely secured. That may not be that big of a deal if all you really are trying to do is to track who did what to whom and when. On the other hand if the database contains the <font color=red>company jewels</font color=red> so to speak, then that's a big problem. To completely secure a database, you either need to follow the instructions available in the MS Knowledge Base article on security to the tee, or you need to use the security wizard.

    As to dealing with getting everyone to use the right system.mdw, there are various solutions. You could use the Workgroup Administrator to point everyone to a network location, or you could copy the file to the local PC hard drive. The former can be problematic with lots of users - the files will occasionally go corrupt. The latter can be an administrative issue, unless you have tools to automatically copy the file down, if you have lots of staff changes or you make lots of design changes. Also, as Hans noted, you can use a shortcut on the user's PC to specify the location of the security file, and avoid having to use the Workgroup Administrator. Hope this makes the issues more clear.
    Wendell

  10. #10
    New Lounger
    Join Date
    Jul 2002
    Location
    Florida, USA
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Jet security on a network (Access 97)

    I have been trying to learn Access security for 2000 this week and have had some of the same questions. How do you prevent users from by passing the short cut or the Workgroup Administrator and just staying with the generic system.mdw and opening the database sitting on a shared directory on the network drive?

  11. #11
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Jet security on a network (Access 97)

    You remove all permissions from the Admin user and move the Admin user out of the Admins group. That prevents them from being able to modify the database structure OR the security. I always have a routine that checks to see if the current user is ADMIN and simply closes the database if it is. I don't even provide a messagebox, just dump them back to Windows.
    Charlotte

  12. #12
    Super Moderator
    Join Date
    Jun 2002
    Location
    Mt Macedon, Victoria, Australia
    Posts
    3,993
    Thanks
    1
    Thanked 45 Times in 44 Posts

    Re: Jet security on a network (Access 97)

    I don't think you can prevent people trying this, but they will then login as admin, and if permissions are set properly, they will find they don't have persmission to do anything.

    You could write some code that that checked for this, and put it in the onload event for the first form.

    e.g. if currentuser = "admin" then
    msgbox("You don't have permission to use this database. Please see the administrator")
    docmd.quit
    end if

    They can ofcourse bypass the first form by opening with shift held down.
    Regards
    John



  13. #13
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Jet security on a network (Access 97)

    Only if the allowbypasskey property has not been set to false.
    Charlotte

  14. #14
    New Lounger
    Join Date
    Jul 2002
    Location
    Florida, USA
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Jet security on a network (Access 97)

    Thanks for the advice! This is exactly what I needed to know. I'lll give it a try and have it tested.

  15. #15
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: Jet security on a network (Access 97)

    <font color=6495ed>Edited by WendellB on 20-Jul-02 17:40 UCT to fix broken link to MS knowledge base article. Changes are in blue.</font color=6495ed>

    In addition to the comments from Charlotte and John, one of the other things to do is to make sure that Admin is not the database owner. You do that by setting up security, and then creating a new database with an owner other than Admin, and then importing all of the objects. If Admin is the owner of the database, then they can always open it. But if you remove all permissions from Admin, and from the group Users, then Admin can't even open the database. The wizard is a good way of really securing a database - I recommend it unless you are really comfortable with security and can follow a set of complex steps to the tee. BTW, if you haven't run across it yet, this Access Security White Paper is a valuable reference. It was written with Access 95 in mind, but it is still appropriate for any MDB based Access database. <font color=blue>The link will take you to the knowledge base article about the A97 Security Manager Add-In - at the bottom there is a link to article <font color=red>Q148555</font color=red> that you click and it takes you to the download page for the white paper. (The MS path includes a "]" which fouls up the HTML post). Another article you might want to look at is FAQ aboaut Access security. Hope this helps.</font color=blue>
    Wendell

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •