Explaining MDW files

Before you do anything, please

Backup your MDB file. Before you attempt any sort of recovery, check everywhere possible for a copy of your database, and make backups of each copy. You never know what you've forgotten, so be on the safe side. For clarity, place the backups in seperate folder(s). If you have made a custom workgroup (MDW) file, Backup any MDW files you find. You may want to Backup the default System.MDW file, even if you don't know why yet.



2. Get a copy of the MS Access Security FAQ - available in many forms. This is less of a FAQ and more of a comprehensive manual and how-to guide. I cannot stress enough the quality and completeness of the Security FAQ. Get it now; read it later. Let me first attempt to explain the immediate problem.
Microsoft Access Security FAQ:
http://support.microsoft.com/support/kb/articles/Q165/0/09.asp
http://download.microsoft.com/download/access97/faq1/1/WIN98/EN-US/Secfaq.exe
(This is the Security FAQ for *ALL* version of Access)
http://support.microsoft.com/support/access/content/secfaq.asp
(On-Line version of the Security FAQ)


3. Figuring out what is happening

Let me explain an (unintuitive) Access/JET security feature: the workgroup file. The workgroup information file, or WIF, stores your user and group information. It stores the usernames and passwords. Each workgroup information file, or .MDW file, contains a unique set of IDs that Access uses for its security encryption. In fact each user has a 'PID' which, combined with their username and the workgroup PIDs, generates an unique code that Access uses to determine your permissions. So where am I going with this?

Every Access install, for every version of Access, uses a default workgroup file that has the same workgroup PIDs, the same username ("Admin") and the same PID for that user. So if you are trying to secure a database by modifying the default workgroup file, you're already out of luck! Anyone using another computer already has the appropriate set of PIDs, by default, to walk right through your security. So this is a big gotcha.


Access has a default workgroup file named 'System.MDW'. Depending on your version of Access and your OS version, this file can be stored in a multitude of places. For me (Access 97/Win2K) it is stored in [tt]C:\WINNT\SYSTEM32\System.MDW[/tt] . Older versions of Access use one MDW file for an entire computer; newer versions are more multi-user savvy and will install a separate System.MDW file for each user in the system. New NT-based operating systems use the C:\WINDOWS folder by default. Older OS's (Win2K/NT4) use the C:\WINNT folder by default. In all cases (Access 97 and newer), you can find the file by searching for "System.MDW".


Obviously then, it is not intended that you use the provided-by-default workgroup file. What then shall you do? Create a new, custom MDW file with PIDs you specify. To create a new workgroup file, you can (again, depending on Access version) find and run WRKGADM.EXE or go to Tools->Security->Workgroup Administrator. For me, the file is located at: [tt]C:\WINNT\SYSTEM32\WRKGADM.EXE[/tt]


I'm not going to run through securing your new workgroup file; the Access security FAQ does an excellent job already.


Now that you have a custom workgroup file for use, how do you go about getting Access to use it?

Shortcuts (.LNK files) - The proper way to open a database using Access/JET security - Use the command-line [tt]/wrkgrp[/tt] parameter to specify the workgroup you will use for your secured database. This will always involve the creation of a custom shortcut. An example of the shortcut's 'Target' line is:

[tt]
"C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" "C:\atemp\dev\rq_fe.mdb" /wrkgrp "C:\atemp\dev\icg.mdw" [/tt]

This would open the 'rq_fe.MDB' file using my custom 'icg.mdw' workgroup file.