Access Security not secure

[Jerry Gaber]

I have a database that was an access97 database it was
secure. If a user attempted to open it directly it forced
a the user to join the workgroup. The database was
converted to access2000 then access2002 in both instances
if the user has allready joined the workgroup the login
appears and all works as expected. however if the user has
not joined the workgrout and is connected to the default
workgroup access is granted to the database with full
permissions. How do i secure the database so someone that
has access to the sharred drive cannot access the database
without joining the correct workgroup?

 

[Martin]

Hi,

First you'll need to create another user(eg. Administrator) and add him to
the admin group.(This is very important or you going to lock yourself out of
the db).

Then you'll need to remove the default admin user from the admin group.

You can then remove all rights that the admin user has on the database.

Also try removing all the rights from the user group.

Should secure your database enough.

Regards,

Martin.

 

[Guest]

I created the Administrator and added him to the admin
group, removed the default admin user from the admin
group, removed all rights that the admin user has on the
database, removed all the rights from the user group.
No luck if I try to open the database from a computer that
is attached to the default workgroup I have full access to
the entire database.
I tried creating a new admin group (admin1), gave admin
rights to admin1, and removed admin rights from the admin
group still same results. Security is nonexistent if I
open the database from a computer with a fresh load of
access2000 or access2002 that has the default workgroup.
Any help would be appreciated

 

[Joan Wild]

It is not secured properly. The first step is to create a new workgroup.
It sounds as though you are modifying the standard system.mdw.

Follow every step outlined in the security FAQ:
http://support.microsoft.com/?id=207793

 

[Guest]

Actually, I am using the workgroup that has been used with
access97 for years. However, I have tried creating a new
database importing the structure and data then creating a
new workgroup when I secure it with the wizard all seems
to work well until I try to access the database on the
shared drive from a computer with a fresh load of
access2000 or access2002 that has the default workgroup.
At that point, there is no security on the database.
The old workgroup has several groups and hundreds of users
so I hesitate to use a new workgroup but I would if I did
not continue to get the same results.

 

[Joan Wild]

From your description, I'd say that it wasn't secure in 97.

In your test with using a new workgroup and running the wizard - what
version are you doing this in?

 

[Guest]

It was and is secure in the access97 version.
In your test with using a new workgroup and running the
wizard it was in access2000 then again in access2002

 

[Joan Wild]

The wizard in 2000 does not work. You should secure it manually. Actually
there is no reason that you can't use the 97 version of the mdw with
2000/2002.

 

[Steve King]

For clarification only. The Admins and Users groups will
always be used as the default by someone opening the
database from a default workgroup. The solution is to
spoof the system by removing all permissions from those
groups and then creating new groups Like AppAdmin or
AppUser with the permissions normally assigned for Admin
or User. The AppUser group permissions would then need to
be manually given to every user and the AppAdmin to all
administrators. As was stated earlier, be careful with
the Admins account.

Steve

 

[Joan Wild]

Since we're clarifying, the Users Group and the Admin user are the only two
things in common with all workgroup files. The Admins Group, however is
different in a workgroup you create. It isn't necessary to create your own
Admins Group.

 

[Guest]

Without using the wizzard how do i secure the database and
assign it to a specific mdw?

 

[Joan Wild]

You join the mdw you want to secure it with. - create a new database (you
should be prompted for a username/password). Then you import all the
objects from your mdb.

Then you remove all permissions (including those for the database object)
for the Users Group, and for the Admin User.

You then assign permissions to your own Groups, create users and make them a
member of your Groups as required.

Once you're done, you'll want to rejoin the default system.mdw (as a test
now you should not be able to even open your secure mdb).

You can then create a desktop shortcut to start your secure mdb. All other
sessions of Access will use system.mdw with no login.

The target of the shortcut would look like:
"path to msaccess.exe" "path to secure mdb" /wrkgrp "path to secure mdw"