Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    USA
    Posts
    386
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Security (Access 2 - 2000)

    Is there a way to get into old Access 2.0 / Access 97 databases if the security information has been lost?

    I am trying to look back at some old databases, but keep running into the "user does not have permission" problem.
    These are databases I designed long ago in a land far far away, but I did not remember to save the the user id or
    any of the other security settings with the old mdb files.

    Thanks for any help.
    Richard

  2. #2
    3 Star Lounger
    Join Date
    Dec 2000
    Location
    Columbus, Ohio, USA
    Posts
    286
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security (Access 2 - 2000)

    (Edited by HansV to make URL clickable - see <!help=19>Help 19<!/help>)

    Richard:

    Take a look at this site. I bought the Access security decoder for $45.00 3 years ago. It works great.

    http://www.lostpassword.com/access.h...acckey_5_3_105

  3. #3
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Jacksonville,NC, USA
    Posts
    705
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security (Access 2 - 2000)

    I know that nothing is secure under the sun, but does this kit also recover passwords if the passwords is within vba code? I'm not naive, I am aware any security (government agency) has password cracking software that makes nothing sacred, (take a hammer to the hard drive, set it on fire and jump up and down on it...they will still get something off it)...but why are we bothering to password anything if it's as easy as buying a $45.00 kit to crack into any application once secure...are we really keeping honest joes honest, and the hackers are going to crack our security no matter what we do, or is there something in this software that I'm not seeing that only allows the owner to crack their own applications? I'm confused.
    NMP <img src=/S/cool.gif border=0 alt=cool width=15 height=15>

    If you can't convince them, confuse them. - Harry Truman <img src=/S/scratch.gif border=0 alt=scratch width=25 height=29>

  4. #4
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: Security (Access 2 - 2000)

    If you've applied Access User Security, you must have the Security file in order to be able to do much of anything with a database, short of using a hex viewer. And that is really tedious if you have a huge file - been there, done that with other vendor's database and it isn't fun!

    So if you have the .MDA or .MDW file, then a password cracker might be of some use. Otherwise if you really secured it, you have some significant challenges - there are professionals who will have a go at it, but it's expensive. Hope this clarifies a few things.
    Wendell

  5. #5
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: Security (Access 2 - 2000)

    I've not tested any password cracking software for Access, but I know they exist. As I noted in the reply above, they only work if the System.MDW (or whatever it was called) is available. If the security file that was used to create the database is not available, then it becomes a needle in the haystack approach, and get's very expensive. For that reason, we do not ship the security file that the database was created with to our customers, but ship another security file instead.

    As you noted, given enough time and resources, any secured Access database can be hacked. The real reason for applying security is to control who can do what in a database. The presumption is that your users aren't interested enough to invest in cracking software just so they can read the payroll file or whatever. If you have a situation like that, then you need to resort to more secure methods - but even that won't stop the determined and skilled hacker.

    As to VBA passwords in code, we almost never use them because the project can be viewed by anyone with a text editor or VBA - in addition they are a pain to change if the password is inadvertently leaked, expecially if you are using .MDE files which we usually do. On the other hand, we've looked at two commercial products recently that are based on Access and cost a good deal of money, and both simply store userIDs and passwords in an Access table. I certainly don't recommend that either. The Microsoft KB articles actually do a pretty good job of explaining the ins and outs of User Security, though they require several readings to fully understand the concepts behind it.
    Wendell

  6. #6
    3 Star Lounger
    Join Date
    Oct 2001
    Location
    Newport, Gwent, Wales
    Posts
    257
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security (Access 2 - 2000)

    It might be possible to copy items out of a secure database, I just copied a couple of forms out a datbase I secured using MS Access security and could have had the tables as well.

    The database in question uses a different MDW file to the one I have on my HDD, so it might work for you as well. I was surprised it let me though!!

    Ian

  7. #7
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: Security (Access 2 - 2000)

    That is possible if the database wasn't completely secured. One of the important steps is to create the database with an owner other than the admin, and that only exists in the secured MDW file. Unless that is done, objects can be imported into a new database.
    Wendell

  8. #8
    3 Star Lounger
    Join Date
    Oct 2001
    Location
    Newport, Gwent, Wales
    Posts
    257
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security (Access 2 - 2000)

    Thanks for that tip, I'd missed that in the security FAQ.

    Just checked the database I copied the forms out of, the admin user still exists, but the owner of the two forms I copied is my own user name, not the Admin user.

    The Admin privledges are set to the user group and the user group privilidges are nil. Should I have deleted the Admin user totally?

    Apologies for taking this off on a tangent.

    Thanks

    Ian

  9. #9
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Security (Access 2 - 2000)

    You cannot delete Admin - it is a 'built-in' user - but you can remove Admin from the (also built-in) Admins group, and remove all or almost all permissions from the Admin user.

  10. #10
    3 Star Lounger
    Join Date
    Oct 2001
    Location
    Newport, Gwent, Wales
    Posts
    257
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security (Access 2 - 2000)

    I did have a vague idea that both Admin and User could not be deleted.

    I also thought I'd removed all the Admin user priviliedges, I'll have a better look.

    Should I also remove the priviledges from the Admin User group?? I kept this as the easy option and simply removed the Admin user from the Admin group.

    Live and learn, thanks.

    Ian

  11. #11
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Security (Access 2 - 2000)

    No, the Admins group is automatically the group of users who have Admin rights (as opposed to the user named Admin, who should have very few rights in a secured database). Section 1 of Access Security FAQ describes the steps you must take to secure a database.

  12. #12
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    USA
    Posts
    386
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security (Access 2 - 2000)

    I do have the .MDA file for the database in question. As I remember I did set the owner to other than Admin and Admin was removed from the Administrator security group.

    I did try to simply copy the objects from the old db into a new one, but received the same "user does not have permissions" error.

    I think if I could simply remember the ID I was using, I would be able to log into Access with that ID and then pull some of the objects out of the old db into a new one.
    seems like I had done something similar in the past.


    Thanks to all for your help.
    Richard

  13. #13
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: Security (Access 2 - 2000)

    Since you have the MDA file, if you can't recall the ID you were using, one of the cracking tools may be useful. Bear in mind that converting from Access 2 to 2000 and above will almost certainly involve some significant redesign, especially if you used extensive Access Basic.
    Wendell

  14. #14
    3 Star Lounger
    Join Date
    Oct 2001
    Location
    Newport, Gwent, Wales
    Posts
    257
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security (Access 2 - 2000)

    As usual, Hans and Wendell know more about what I've done to my databases than I do!!!!

    I had overlooked the ownership of the forms, fortunately the datatables had been secured properley. Just had a very quick re read of the security FAQ and it's not that obvious about the ownership issue (spotted it now I know about it, but...), I'd understood it that once the Admin user had no priviledges you were safe....

    I must pay more attention at the back of the class in future.

    Thanks again

    Ian

  15. #15
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Jacksonville,NC, USA
    Posts
    705
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security (Access 2 - 2000)

    Thanks Wendell,

    You given me a lot of good information to read and contemplate.

    NMP
    NMP <img src=/S/cool.gif border=0 alt=cool width=15 height=15>

    If you can't convince them, confuse them. - Harry Truman <img src=/S/scratch.gif border=0 alt=scratch width=25 height=29>

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •