Remote Site MDW Problems

  • Thread starter Thread starter Brian Smith
  • Start date Start date
B

Brian Smith

I've created two workgroup files--a developer one and a user one (to be used
for remote site administration). I setup the developer workgroup file first
following the Security FAQ. As far as I can tell, it works the way I want it
to. I then created the site administrator workgroup file, as detailed by the
Security FAQ and other related documents. I made sure this workgroup file
had different Name, Company and Workgroup ID values. Then I recreated the
user groups I had setup in the developer workgroup file making sure that I
used exactly the same names and PIDs. After that I setup a site
administrator account, put it into the Admins group and removed the Admin
user from the Admins group. Then I assigned passwords to both the Admin site
administrator users.

When I try opening the database using the site administrator workgroup file
I get a message that basically says that you don't have the proper
permissions and to consult the administrator of the database. It is my
understanding that because the user groups are identical that the database
would assign people that belong to those groups the identical permissions
that they have in the developer workgroup file. Am I missing something here?

Also, when one sets up a remote site workgroup file does it matter which
database is open at the time they create the file? I'm assuming it
shouldn't.

I'd really appreciate it if someone could tell me where I'm going wrong and
what I need to do to get this to work.

Thanks.

Brian
 
Brian said:
When I try opening the database using the site administrator
workgroup file I get a message that basically says that you don't
have the proper permissions and to consult the administrator of the
database. It is my understanding that because the user groups are
identical that the database would assign people that belong to those
groups the identical permissions that they have in the developer
workgroup file. Am I missing something here?

Nope, that's the way it works. Permissions are stored in the mdb. It has
worked flawlessly for me in the past, so are you certain that the names and
PIDs were exactly the same? - case sensitive and all.
Also, when one sets up a remote site workgroup file does it matter
which database is open at the time they create the file? I'm assuming
it shouldn't.

No, in fact you don't need a database open at all to do this.
I'd really appreciate it if someone could tell me where I'm going
wrong and what I need to do to get this to work.

The steps you outlined are correct, so I'm not sure what to suggest. I have
implemented this at a number of sites and it's worked.
 
Looks good, but
used exactly the same names and PIDs. After that I setup a site
administrator account, put it into the Admins group and removed

you haven't said that you actually gave the site administrator
"open" permission on the database.

Putting someone into the local Admins group allows them to do
Admins tasks - specifically, it allows them to move people into
and out of the security groups defined in that workgroup.

If you also want the site administrator to be able to open
the database, you also need to put the site administrator
into a group which has that permission.

(david)
 
Brian said:
I then created the site administrator workgroup file, as detailed by the
Security FAQ and other related documents. I made sure this workgroup file
had different Name, Company and Workgroup ID values.

Sounds good. Altering any one or more of those three values will ensure
that the Admins group of wgf-site, is not the same as the Admins group
of wgf-dev, from Access/Jet's viewpoint. So, the members of wgf-site's
Admins group, will not have the normal administrative permissions that
accrue to the members of wgf-dev's Admins group.

Then I recreated the
user groups I had setup in the developer workgroup file making sure that I
used exactly the same names and PIDs.

Sounds good. When you use the same exact name & PID for a user (or
group) 'X' in several different workgroup files, all those user (or
group) 'X's are indistinguishable, from Access/Jet's viewpoint,
regardless of which workgroup file they logged in from.

After that I setup a site
administrator account, put it into the Admins group and removed the Admin
user from the Admins group.

Remember the wgf-site Admins group will not have the normal Admins
group permissions. So you possibly can't assume that every member of
that group will necessarily be able to open & run the database. (I'm
not 100% sure of this & don't have Access here to check.)

HTH,
TC
 
David, that was exactly the problem. Thanks for pointing out that
obvious possibility.

Brian
 
Back
Top