Replies

Thanks for your reply. I thought that the Access 2000 Security Wizard took care of that part (copying objects into new database) like the Access 97 Security Wizard does, but maybe it does not.
Sally

Thank you for your reply! It gave me enough to think about to realize that my problem was switching to the Security Wizard to do the last few steps (removing the Admin’s ownership, removing the User’s Group permissions). This used to work fine in Access 97, but no longer is okay in Access 2000. I’m not sure why this doesn’t work, though.

I am now convinced that using all the manual steps in Q254372 is good and using exclusively the Security Wizard (as stated in MS Access Help topic “Securing a Database using the User-Level Security Wizard”) is good, but switching from manual steps to Security Wizard is bad.

Has anyone else experienced this loophole?
edited by WendellB to activate link to MS Kbase article

I have been able to duplicate this security loophole on several PCs, all which have only Access 2000 on it (no eariler or later versions of Access). If I set up security exactly as written in MS Access Help and Q254372 (which I have taught to rooms of people for years so I know I am meticulously following these instructions) and then join back to the original, unchanged system.mdw file when I’m all done, I can still log in as the Admin user, who still has all permissions to all objects and even has administrative permissions to modify security in the database!

I am using the Workgroup Administrator with Access 2000 to create the MDW file, then using the Security menu to create users and groups and to remove the Admin user from the Admins group, and finally using the security wizard to remove all permissions of the Users group and remove the Admin’s ownership of the database objects (which is what MS Access Help says to do). I hypothesize that the Admin user is not really removed from the Admin’s group (or not really disabled). This apparent loophole does not exist in prior versions of Access. One theory to explain this behavior is that perhaps the SYSTEM.MDW Admins group is getting changed at the same time as I’m modifying MYSYSTEM.MDW.

If I use the Access 2000 Security Wizard for the entire operation (a procedure not mentioned in MS Access Help) including the first step which is to create a new MDW file, then there is no security loophole. The Admin user is truly locked out even if I join back to the original system.mdw.

This is pretty serious for people who are relying on the database to be secure and are counting on the official instructions from Microsoft to be the best way to proceed.
Thanks- Sally