Bypassed Security

Navyguy

Navyguy

Registered User.
Local time
Today, 12:36
Joined
Jan 21, 2004
Messages
194
Hi Everybody

I have been going through several posts and not found what I am looking for.

I have been learning the security features of Access and managed to create a secured DB complete with users, etc. I believe that I have correctly eliminated the Admin user and provided the proper security settings for my “users” and created another .mdw file for this DB.

When testing this out, I came across two interesting things…
1. I was able to open a new DB (using the system mdw) and import the entire secured DB to this new blank DB with out getting/requesting permissions;
2. I was able to open the secured DB by directly clicking the DB icon and not the shortcut that points to the DB and the new mdw file.

Any suggestions on what I have done wrong.

As always thanks for your time

Navyguy
 
Thinks

You removed the default Admin User but what about the Default Admin group and default Users group

Section 32 of FAQ's indicates that if you give permissions to either of these groups you are opening things up to the World.

Belive that what you must do is create your own Admin and User groups and apply permissions there and remove ALL permissions from the default groups. If you want a copy of the FAQ's and another file I have that deals with the creation of a secured database then send an email address to me via a private message

Len B
 
Hi Len

I don't have it in front of me right now, but I will check again...I am sure I did that; remove the users. I thought I read that you could not remove/delete the default Groups (Admins and Users)? I thought that there had to be at least one person assigned to the Admins Group, but I didn't think that you had to have anybody assigned to the Users Group? Maybe I misread the FAQ I have. I followed the FAQs that I got from here, what I thought was throughly. If I find out different I will take you up on your offer and get you documents.

Thanks for getting me to double chek my work!!!

Navyguy
 
Not so much about removing the default groups but removing the permissions associated with those groups.

I am not an expert but when I set up security I always remove all permissions from all default groups. Including permission to open the database

I then create my own groups and assign permissions accordingly. Nobody is ever a member of a default group.

Len
 
Hi Len

I took a careful look at the DB and I think that all is in order, but there must be something wrong.

Just to confirm:
I have deleted all the permissions from the users group;
I have created new user accounts with permissions;
I created a new Admin User with full permissions;
I created a new mdw file.

So the symptoms are:

I can open the DB just by clicking on the icon and have full access, it appears to be using the system.mdw file;

I am able to copy/export/import the DB into a new DB without it asking for any permissions.

So my simple mind tells me that for some reason the DB uses the system.mdw file when opened directly, but when using the shortcut it uses the proper mdw file.

I will PM you and request your documentation also as you suggested.

Thanks for your help!!!

Navyguy
 
Navyguy said:
So my simple mind tells me that for some reason the DB uses the system.mdw file when opened directly, but when using the shortcut it uses the proper mdw file.
Click to expand...
That is correct and that is the way it is supposed to be. The system.mdw file is the default unless you "join" the computer to your custom workgroup file BUT you should never do that. You should always use a custom shortcut to open a secured db. If your db is correctly secured then you will not be able to open the db directly from Access or Windows Explorer or link directly to the secured db. You need to remove all permissions for all objects [tables, forms, etc.] for the "Admin" "Users" and the "Admins" "Groups" and the "Users" "Groups". Please ensure that you are making backup copies all the files involved with this process until you know what you are doing. If you lock yourself out of your secured db you will not be able to get back into it!

Good luck!
 
Thanks to both Len and ghudson for their responses.

I had taken the time to write everything down regarding the security and the Admin Groups, User Groups, Users and all their settings/permissions. In the end they had no permissions to anything...I followed all the instructions very carefully. The two conditions still existed as above...

At last I deleted everything and started over. This now works fine...I doubled checked the settings/permissions on the new and compared to the old and they were the same in every detail according to my notes.

All I can do is guess that when I was playing around the DB, it did not like something I did and started to do it's own thing?!

Things that make you go...hmmm

Thanks for all the help, I am learning lots from you guys/gals!!

Navyguy
 
Frequently the problem is that the Admin account still exists because it happens to have a fixed ID number. So if you created a new .mdw file, it has the same ID for Admin as every other .mdw file ever created. If you have not actually removed the Admin account permissions, you could have trouble from someone using the default .mdw file.

What I did was:

1. Create my own special admin account. Made it a member of the Admins (note carefully the 's' on the end of that...) group. Created a new group account to take the place of 'Users' for general read-only access.
2. Logged out from Admin account, logged in to the new admin-equivalent account.
3. Removed Admin account from the Admins group. Left Admin account as a member of the Users group.
4. Made all users members of the new group equivalent to general users. (You cannot make them non-members of the "real" Users group.)
5. Removed as many rights as possible from the "real" Users group. (Usually you cannot remove ALL rights but you can come close. Don't forget that in the User and Group Permissions dialog box, you can select all objects in each category, one category at the time, with the usual Windows Shift-click paradigm. So at worst you are talking about 7 actions for the 7 listed object types.)
6. Closed the database. (Made sure no one else was in it.)
7. Verified that the .ldb file had been deleted by my logout.

At this point, I was good to go.
 
Hi Doc_Man

That system mdw Admin/PID issue sounds like a good idea be be wary of. As I mentioned earlier I am sure that I followed the steps in the FAQ which is basically the same as you have outlined. It must have been some kind of fluke. I have to admit, unlike the typical computer user, I pretty much go around stomping through my computer not afraid to try much. Only way to learn. Mind you I don't have any "live" databases like many here in the forum do. So I am sure that I did something the DB did not like...
 
Last edited:
You must log in or register to reply here.

Similar threads

D
Darshan Hiranandani : How to Access a Password-Protected MDB Database with an MDW File and Unknown User Password?
Replies
3
Views
682
Isaac
Isaac
P
Solved Imported DB to windows 11 does not show objects or top panel
2
Replies
23
Views
827
Gasman
Gasman
M
Solved Can I access the user passwords in the MDW file?
Replies
13
Views
1,043
gemma-the-husky
gemma-the-husky
M
Poor performance over WiFi
Replies
16
Views
562
mounty76
M
L
Solved Lock file errors on FE. Multiple access tasks in task manager.
Replies
2
Views
458
likecricketilovesit
L

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom