Shared Drive Security

  • Thread starter Thread starter lillian
  • Start date Start date
L

lillian

I have worked on the Access security issue for several
days. Now I am so frustrated.

My goal is to set up a database with security, then move
it to a network location where can be accessed by about
25 users. I followed the 15 steps of "Overview of how to
secure a Microsoft Access Database" from Microsoft
Knowledge Base.
(http://support.microsoft.com/default.aspx?scid=kb;en-
us;289885&Product=acc2002)
It works well on my own desktop: I open the database as
administrator, read only user, full permission user. It
works exactly what I want.

Then I move it to the shared drive, which is a Novell
server and protected by password. (the first thing every
morning everybody would logon to the shared drive then
start working. The network administrator told me everyone
log on to the shared drive has permission to open the
application on shared drive.)
I open the database from other user's desktop. It turns
out it is not secured: No logon window pop up; the read
only user can change the database items as they want.
Then I check the security information from this user's
menu: Tool|Security|User and Group Account. "Admin" is
the only user and it seems the user log on as Admin.

I feel I can do nothing except asking for your help.
Please Help!
 
-----Original Message-----
I have worked on the Access security issue for several
days. Now I am so frustrated.

My goal is to set up a database with security, then move
it to a network location where can be accessed by about
25 users. I followed the 15 steps of "Overview of how to
secure a Microsoft Access Database" from Microsoft
Knowledge Base.
(http://support.microsoft.com/default.aspx?scid=kb;en-
us;289885&Product=acc2002)
It works well on my own desktop: I open the database as
administrator, read only user, full permission user. It
works exactly what I want.

Then I move it to the shared drive, which is a Novell
server and protected by password. (the first thing every
morning everybody would logon to the shared drive then
start working. The network administrator told me everyone
log on to the shared drive has permission to open the
application on shared drive.)
I open the database from other user's desktop. It turns
out it is not secured: No logon window pop up; the read
only user can change the database items as they want.
Then I check the security information from this user's
menu: Tool|Security|User and Group Account. "Admin" is
the only user and it seems the user log on as Admin.

I feel I can do nothing except asking for your help.
Please Help!

.
lillian,

I set up a secure database several years ago.

Here is what you need to do. Copy the .mdw or .mda file
to the server directory that contains the database. Go to
each machine and run the workgroup administor program and
join the workgroup file that is on the server.

Everytime someone tries to start your database they should
get the logon screen.

Hope it helps.

Martin
 
Since a user can open it (they are doing so using their default system.mdw
workgroup), you did not secure it properly.

Download and follow *exactly* the steps outlined in the security FAQ.
http://support.microsoft.com/?kbid=207793

When you have it secured properly, copy the secured workgroup file and the
mdb to the server. Give each user a desktop shortcut that specifies the
workgroup file to use.

"path to msaccess.exe" "path to mdb" /wrkgrp "path to mdw"
 
You'll also need to make sure that the Admin user is not in the Admins group... Use the Users group to disable access to anyone (set the permission of Users group to not allow database open/run).

Also, create a custom group name for your actual users. Your logon should be the only Admins group member - unless you have others that you want to grant these permissions to. Your custom group will be for your general population. Your Users group will be used to keep people out of the database.

HTH,
Derek

----- lillian wrote: -----

I have worked on the Access security issue for several
days. Now I am so frustrated.

My goal is to set up a database with security, then move
it to a network location where can be accessed by about
25 users. I followed the 15 steps of "Overview of how to
secure a Microsoft Access Database" from Microsoft
Knowledge Base.
(http://support.microsoft.com/default.aspx?scid=kb;en-
us;289885&Product=acc2002)
It works well on my own desktop: I open the database as
administrator, read only user, full permission user. It
works exactly what I want.

Then I move it to the shared drive, which is a Novell
server and protected by password. (the first thing every
morning everybody would logon to the shared drive then
start working. The network administrator told me everyone
log on to the shared drive has permission to open the
application on shared drive.)
I open the database from other user's desktop. It turns
out it is not secured: No logon window pop up; the read
only user can change the database items as they want.
Then I check the security information from this user's
menu: Tool|Security|User and Group Account. "Admin" is
the only user and it seems the user log on as Admin.

I feel I can do nothing except asking for your help.
Please Help!
 
But before doing that MAKE SURE TO ADD A USER TO THE ADMIN GROUP otherwise
you can easily lock yourself out of your database for good.

--
Scott McDaniel
CS Computer Software
Visual Basic - Access - Sql Server - ASP
Derek Wittman said:
You'll also need to make sure that the Admin user is not in the Admins
group... Use the Users group to disable access to anyone (set the
permission of Users group to not allow database open/run).
Also, create a custom group name for your actual users. Your logon should
be the only Admins group member - unless you have others that you want to
grant these permissions to. Your custom group will be for your general
population. Your Users group will be used to keep people out of the
database.
 
FYI: While this will get around the issue of the logon prompt, it doesn't
address the fact that the db isn't properly secured. If you can open a
supposedly secure database without going through the .mdw file, then the db
isn't properly secured.
 
Okay, I'll keep my fingers away from the keyboard, lest I forget the most important step. Of course. How could I have forgotten that? Thanks, Scott. You guys/gals have earned the MVP status. And I, too, appreciate the help!

Derek

----- Scott McDaniel wrote: -----

But before doing that MAKE SURE TO ADD A USER TO THE ADMIN GROUP otherwise
you can easily lock yourself out of your database for good.

--
Scott McDaniel
CS Computer Software
Visual Basic - Access - Sql Server - ASP
Derek Wittman said:
You'll also need to make sure that the Admin user is not in the Admins
group... Use the Users group to disable access to anyone (set the
permission of Users group to not allow database open/run).be the only Admins group member - unless you have others that you want to
grant these permissions to. Your custom group will be for your general
population. Your Users group will be used to keep people out of the
database.
 
Thanks your guys, It really helps a lot.
The reason is: I didn't disable the user's ability to "open/run" the database.

Now I have a new problem. Can a user automatically join the specified workgroup when he opens the database secured by that Workgroup information file? I opened the secured database from other user's desktop, it says:" you don't have the permission to open that database, ask your administrator to assign your permission.", even though I do give him permission. Then I checked his workgroup, it is still system.mdw.

I joined him to my workgroup, then he can open and has all the permissions I assigned to him. But when he opens other owner's databases (the workgroup should be System.mdw), he is still on my workgroup.

I don't feel comfortable go to every user's desktop and join him to my workgroup.( I will create another database for about 100 users). and I don't think the users should switch to other workgroups manually when they open other owner's database. I don't think everyone can understand the complex security issue the Access has.

So, is there anyway that the user will automatically on my workgroup when he opens my database, and on other's workgroup when he opens other owner's database?

Joan, the MVP, said "Give each user a desktop shortcut that specifies the workgroup file to use." I guess that is the solution. But I don't quite understand how it works exactly. Can you explain more?

Thanks and happy New Year!

Lillian



----- Joan Wild wrote: -----

Since a user can open it (they are doing so using their default system.mdw
workgroup), you did not secure it properly.

Download and follow *exactly* the steps outlined in the security FAQ.
http://support.microsoft.com/?kbid=207793

When you have it secured properly, copy the secured workgroup file and the
mdb to the server. Give each user a desktop shortcut that specifies the
workgroup file to use.

"path to msaccess.exe" "path to mdb" /wrkgrp "path to mdw"
 
Thanks your guys, It really helps a lot.
The reason is: I didn't disable the user's ability to "open/run" the database.

Now I have a new problem. Can a user automatically join the specified workgroup when he opens the database secured by that Workgroup information file? I opened the secured database from other user's desktop, it says:" you don't have the permission to open that database, ask your administrator to assign your permission.", even though I do give him permission. Then I checked his workgroup, it is still system.mdw.

I joined him to my workgroup, then he can open and has all the permissions I assigned to him. But when he opens other owner's databases (the workgroup should be System.mdw), he is still on my workgroup.

I don't feel comfortable go to every user's desktop and join him to my workgroup.( I will create another database for about 100 users). and I don't think the users should switch to other workgroups manually when they open other owner's database. I don't think everyone can understand the complex security issue the Access has.

So, is there anyway that the user will automatically on my workgroup when he opens my database, and on other's workgroup when he opens other owner's database?

Joan, the MVP, said "Give each user a desktop shortcut that specifies the workgroup file to use." I guess that is the solution. But I don't quite understand how it works exactly. Can you explain more?

Thanks and happy New Year!

Lillian
 
lillian said:
Joan, the MVP, said "Give each user a desktop shortcut that specifies the
workgroup file to use." I guess that is the solution. But I don't quite
understand how it works exactly. Can you explain more?

Search for msaccess.exe on your computer (Start, search, files or folders).
Right-click the file and choose Send To, Desktop as shortcut.

Go to the desktop and right-click the shortcut just created, and choose
properties. You'll see a textbox called 'Target' that has the path to the
msaccess.exe file. Modify this by adding the following to the end of it:

"path to mdb" /wrkgrp "path to mdw"

The paths can be UNC pathnames. If all your users have access installed in
the same location, you should be able to copy this shortcut to everyone.

Ensure that you leave everyone joined by default to their system.mdw
workgroup. When they need to use your secure mdb they'll use the desktop
shortcut which will use the specified secure mdw only for that session.
When they launch Access for any other databases, they'll use the standard
system.mdw and won't have to login.
 
Lillian, I have just secured my first database and have
experienced similar frustration but now have it working
great. I used the Security Wizard and selected something
like "create a shortcut on your desktop to access
database" This shortcut directs the user through the
workgroup to the database. You must have selected the
other option which causes many of the problems you
describe. Good luck.
 
Back
Top