 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
MS Access Forum / Security / December 2007moved database
Hello! I secured my database and it worked great. I couldn't open it with my default system.mdw only my custom.mdw. But then I had to move the database to a different network drive. I moved the fe and be. Now, everything still looks fine with my custom.mdw but with my default system.mdw, the only user is Admin and it is a member of both Admins and Users. Users has no access and Admins has all access. There is no owner of any objects. What happened and how do I fix it. This is in both fe and be. I appreciate any help. Thanks, Pixie I'm not sure there is a problem. If you've secured it properly then it shouldn't work with the standard system.mdw. You want it to only work with your secure mdw. The usernames/pids/passwords/group membership are stored in the mdw (that's why your groups and users don't appear in system.mdw - they shouldn't). The permissions are stored in the mdb file.  SignatureJoan Wild Microsoft Access MVP > Hello! > I secured my database and it worked great. I couldn't open it with my [quoted text clipped - 9 lines] > Thanks, > Pixie I had thought that if someone tried to open it directly without using the shortcut, they wouldn't have access. If I'm connected to my standard system.mdw, I can access the database without using the shortcut and I don't have to enter a password. > I'm not sure there is a problem. If you've secured it properly then it shouldn't work with the standard system.mdw. You want it to only work with your secure mdw. > [quoted text clipped - 13 lines] > > Thanks, > > Pixie In that case, you missed a step in securing it. Likely the Admin user still owns the database object, or the Users Group has Open permission on the database object. SignatureJoan Wild Microsoft Access MVP >I had thought that if someone tried to open it directly without using the > shortcut, they wouldn't have access. If I'm connected to my standard [quoted text clipped - 18 lines] >> > Thanks, >> > Pixie The Owner of all objects is <<Unknown>>. The Users group has no permissions and the Admins group has all permissions. How can I fix this? Can I just go in with my default system.mdw and add myself to Admins and as the Owner and delete Admin from the Admins group? BTW, thank you so much for your security instructions and help. It's been invaluable. > In that case, you missed a step in securing it. Likely the Admin user still owns the database object, or the Users Group has Open permission on the database object. > [quoted text clipped - 20 lines] > >> > Thanks, > >> > Pixie If you open the mdb using the secure mdw you used to secure it with, then Owner will not be 'unknown'. I think you are looking at it using system.mdw - use your secure mdw instead. The Admins group (in system.mdw) should not have any permissions. But the Admins group (using your secure.mdw) will have all permissions (which is OK, since the Admins Group is different in each mdw). Open your secure mdb using your secure mdw, and verify that the Admin user doesn't own anything (don't forget the Database Object), and that the Users Group doesn't have permission to *anything* SignatureJoan Wild Microsoft Access MVP > The Owner of all objects is <<Unknown>>. The Users group has no permissions > and the Admins group has all permissions. How can I fix this? Can I just go [quoted text clipped - 28 lines] >> >> > Thanks, >> >> > Pixie Everything is secure if I open it using the secure mdw I used to secure it with. The Admins group in secure.mdw has all permissions and Admin is only in the User group which has no permissions. In my system.mdw, Admin is the only user. Admin is in the Admins group and the User group. Admins group has all permissions. User group has no permissions. Admin has no permissions. Owner of all objects is unknown. I've clearly messed up somewhere. Am I able to fix this? > If you open the mdb using the secure mdw you used to secure it with, then Owner will not be 'unknown'. I think you are looking at it using system.mdw - use your secure mdw instead. The Admins group (in system.mdw) should not have any permissions. But the Admins group (using your secure.mdw) will have all permissions (which is OK, since the Admins Group is different in each mdw). > [quoted text clipped - 32 lines] > >> >> > Thanks, > >> >> > Pixie > Everything is secure if I open it using the secure mdw I used to > secure it with. The Admins group in secure.mdw has all permissions [quoted text clipped - 6 lines] > > I've clearly messed up somewhere. Am I able to fix this? As Joan said it's not broken. You are not supposed to be able to open the file unless you use your secure.mdw file. The Admins group in different workgroup files are all different unless they are user created with identical identifiers. So Admins in your System.mdw is NOT the same Admins as the one in Secure.mdw that you gave administrative permissions to. SignatureRick Brandt, Microsoft Access MVP Email (as appropriate) to... RBrandt at Hunter dot com But I CAN open my database without using the secure.mdw! > > Everything is secure if I open it using the secure mdw I used to > > secure it with. The Admins group in secure.mdw has all permissions [quoted text clipped - 14 lines] > the same Admins as the one in Secure.mdw that you gave administrative > permissions to. I meant, I know I'm not supposed to but I can and I understand how opening the database with the secure.mdw is secure but if the database can still be opened by any schlub who happens across it with their default system.mdw, how is the database really secure? That's why I think I've done something wrong. > But I CAN open my database without using the secure.mdw! > [quoted text clipped - 16 lines] > > the same Admins as the one in Secure.mdw that you gave administrative > > permissions to. > But I CAN open my database without using the secure.mdw! Then most likely "Admin" is still the owner of the database. SignatureRick Brandt, Microsoft Access MVP Email (as appropriate) to... RBrandt at Hunter dot com I very much appreciate your patience. I have at least 2 more questions. Can I fix this by going in under my default system.mdw, adding myself as a user under the Users and Admins groups and owner of objects and deleting Admin from the Admins group? And since I'm doing this from my default system.mdw, does this just affect my default system.mdw or will it affect everyone else's also making this a truly secure db? Thank you so much for your help. > > But I CAN open my database without using the secure.mdw! > > Then most likely "Admin" is still the owner of the database. No, you cannot fix it by doing that. Open your mdb using your secure mdw. Go into Tools, Security, Accounts and verify that 'your user' is a member of Admins, and Admin user is not a member of Admins. By the way, you did create your secure mdw by using the workgroup administrator, right (and not just a copy of system.mdw file)? Go into Tools, Security, Permissions, Change Owner tab and verify that Admin is not an owner of any object. SignatureJoan Wild Microsoft Access MVP >I very much appreciate your patience. I have at least 2 more questions. > [quoted text clipped - 11 lines] >> >> Then most likely "Admin" is still the owner of the database. Everything is right in my secure mdw. I'm a member of Admins and Admin user is not a member of Admins just Users. I'm the owner of all objects. I do believe I created my secure mdw using the workgroup administrator. On my default system mdw, the owner of all objects is unknown. I think everything was working fine until I had to move everything to a different drive on our network - I don't why that should make a difference but that's the only thing that I can think of that changed. I appreciate your help. > No, you cannot fix it by doing that. > [quoted text clipped - 19 lines] > >> > >> Then most likely "Admin" is still the owner of the database. > Everything is right in my secure mdw. I'm a member of Admins and Admin user > is not a member of Admins just Users. I'm the owner of all objects. I do > believe I created my secure mdw using the workgroup administrator. > > On my default system mdw, the owner of all objects is unknown. That's as it should be. > I think everything was working fine until I had to move everything to a > different drive on our network - I don't why that should make a difference > but that's the only thing that I can think of that changed. You can test before moving. Rejoin your system.mdw on your computer. Try opening the mdb via Windows Explorer - you shouldn't be able to. If you can, then it isn't secure, and you missed a step somewhere in securing it. SignatureJoan Wild Microsoft Access MVP Yes, my database is not secure. I screwed up. Can I fix it? > > Everything is right in my secure mdw. I'm a member of Admins and Admin user > > is not a member of Admins just Users. I'm the owner of all objects. I do [quoted text clipped - 9 lines] > > You can test before moving. Rejoin your system.mdw on your computer. Try opening the mdb via Windows Explorer - you shouldn't be able to. If you can, then it isn't secure, and you missed a step somewhere in securing it. I would suggest you go back to your original mdb, and try the steps again. It's the best approach. SignatureJoan Wild Microsoft Access MVP > Yes, my database is not secure. I screwed up. Can I fix it? > [quoted text clipped - 11 lines] >> >> You can test before moving. Rejoin your system.mdw on your computer. Try opening the mdb via Windows Explorer - you shouldn't be able to. If you can, then it isn't secure, and you missed a step somewhere in securing it. Thanks for your help. > I would suggest you go back to your original mdb, and try the steps again. > [quoted text clipped - 15 lines] > >> > >> You can test before moving. Rejoin your system.mdw on your computer. Try opening the mdb via Windows Explorer - you shouldn't be able to. If you can, then it isn't secure, and you missed a step somewhere in securing it. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.