Security question (Access 97 win2k)

Topic

New Reply

Hello again.

After all the help I’ve had from people in here with a previous project the company has decided I’m the Access ‘expert’ on site . As a result they’ve given me another ‘little project’. The job is to replace two Excel spread sheets currently used by our Sales Desk with a database. One of the critieria I’ve been asked to look into is the security aspect. I’ve read the FAQ from the Microsoft site, and the help files with Access, and the pages in the Access manual…. All this leaves me with one question (maybe I missed the answer in there somewhere), if I put the security file in the same network directory as the database will I have to go to every PC and carry out the ‘sign up’ procedure, or is there a way to automate this part.

Thanks for the help

Ian

Reply | Quote

Replies

If you follow the instructions completely, you will remove the default Admin user from the Admins group, and leave Admin with a minimum set of rights, or no rights at all. This means that if users “just” open the database (without the secured workgroup file), they won’t be able to get in, or with only minimal privileges.

To have users log in with your secured workgroup file, they don’t need to subscribe to it. Provide them with a desktop shortcut that opens the database with the secured workgroup file. The target of the shortcut should look like:

“C:Program FilesMicrosoft OfficeOfficeMSAccess.exe” “P:DatabasePathDatabaseName.mdb” /wrkgrp “P:WorkgroupPathWorkgroupName.mdw”

where the various path and file names should be replaced by the ones you use. Of course, it’s possible to use UNC paths (serversharefolder) instead of paths with drive letters.

The /wrkgrp startup switch tells Access to use the specified workgroup file.

Reply | Quote

All of the security information that I have come across say one thing for certian, that you must remove permissions from the Admin user and Admins group. The reasoning is, the User to Group relationships are stored in the .mdw file, so if the Admins group still has permissions, so will the Admin user, when a default .mdw is used.

I personally disagree with the removing all approach in some cases. I have had many databases that needed to have ‘general’ access, and Admin access. In those cases, I strip the permissions from the Admins group, and leave the permissions I want in the Admin user. I then have an ‘admin’ .mdw, which has accounts with full access. I then only have to put the ‘admin’ workgroup on the admin user machines (or on the network, but there are cheap hack utilities out there), and setup a shortcut to run the database with that .mdw. That way I don’t have to go around to everyone’s machine.

Drew

Reply | Quote