Windows 2003 Security Issue

[Mark A. Sam]

Hello,

I wanted to test whether I was able to protect a data backend from being
deleted, so I created a folder, "Test" with a subfolder "data". I am an
admin on the system, and created these folders on my machine. I set
attribute for "Everyone" to Deny Delete and Deny Folders and Subfolders for
the "Data" folder. This did what I wanted. I tested it on a user machine
and was unable to delete files from the "Data" folder as well as use the
app.

Here is the issue. Logged on as a user "Sales", I was able to set the
attribute of the "Data" folder to Deny Full Control. After making the
change, there were no security options available to reset the attibutes and
I could not open the folder or access the tables in the backend db. I
logged on as myself on that machine and was also denied access. I then went
to my machine, logged off and back on as myself and had to reset the
attributes as I was denied access to the folders and database.

Anyone know if this a quirk or normal security functionality? It seems odd
that a user is able to affect the attirubutes to someone elses folder.

Thanks for any info and God Bless,

Mark A. Sam

 

[Paul Overway]

Its really a moot point...users need full control of the folder where the
database resides. There is no getting around this. They need to be able to
create and delete the LDB file...and whenever the database gets compacted,
it inherits permissions from the folder.

Make sure you have good backups.

 

[Mark A. Sam]

Paul,

That makes sense to me. What doesn't make sense is that a user is able to
change permissions.


Mark

 

[Paul Overway]

Well...that would be a Windows 2003 security issue vs Microsoft Access
security issue. But i suspect operator error somewhere along the line vs a
bug, and wouldn't lose any sleep over it. )