Now I use a unique System.mdw, how to restrict casual

[SidCharming]

I have the separate mdw established and am using the shortcut I created to gain access to the mdb. Works great, but if I open the mdb directly (not using the shortcut) it opens fine. What am I doing wrong? I am missing something.



Sid from Minnesota

 

[FancyPrairie]

I'm betting that when you created your new workgroup file (mdw) it became your default workgroup (rather then System.mdw being your default.) A quick way to determine this is to search the registry for either System.mdw or YourNewWorkgroup.mdw (Start|Run|Regedit). If you see YourNewWorkgroup.mdw, then you've made that your default. (You should see it under the key ...Office|10.0|Access|Jet|4.0|Engines)

It's real easy to fix but you should be very careful when you're messing around with the registry (should back it up first). That said, Simply double click on the Name column and enter "\\path\System.mdw" where \\path is the path to where System.mdw can be found.

 

[easyit]

This has nothing to do with the registry. if you can open the DB, it means it is not secured. If it was and the new MDW is set as default, you would be prompted for a password.

 

[FancyPrairie]

easyit, that's not necessarily true. The system registry does indicate the mdw file Access is to use. And when you create a new mdw file (via the security wizard) you can inadverantly set the new one to be your default. Also, just because you have security setup doesn't mean you're going to be prompted for a password. If user Admin does not have a password, noone will be prompted.

 

[easyit]

...disagree. Applying security means that you set a password for the admin account. No password = no security, because anybody with standard access installed has by default an admin account with a blank password.

 

[SidCharming]

Okay, this is what I am finding:

Build a private system.mdw (isolated from default Access installed) let's callit PrivateSystem.mdw.

1. Create a few accounts (User1, User2, Admin1, Admin2)
2. Create a new group: (DataEntry)

Building a new secure db using the known good PrivateSystem.mdw.

1. open a good database using the PrivateSystem.mdw. Log in using an id that is NOT 'admin'.
2. close the db, leaving Access still open
3. File; New (Create new db anywhere... local or network)
4. Secure it from casual opening:
(make sure admin id in PrivateSystem.mdw is only member of group 'Users'
Tools; Security; User & Group Permissions
List: Groups
Object Type: Database
Group Name: Users
5. Remove all permissions
6. Close

Close the new db and access
try and gain access to the mdb directly without using the PrivateSystem.mdw. Should be blocked.

With the PrivateSystem.mdw create new users in a group other than 'Users'. I use 'DataEntry' as my default group. I enforce average users security with this group.

NOTE: to remove the Admin ID from the group 'admin' you need to have at least one other ID in the PrivateSystem.mdw. set the other ID to group 'admin' and then remove Admin ID from the group 'admin'.

I hope this helps. I now have my mdb's locked from direct access. You have to use the PrivateSystem.mdw.

Note2: I talked with another user and they make the admin user only able to view the mdb. They don't completelty disable the account... just restrict to read only. Just a thought.




Sid from Minnesota

 

[easyit]

...that is similar to the steps that I would take(below). By the way who are you helping???

1 create a new workgroupfile (use WRKGADM.EXE). DO NOT NAME IT SYSTEM.MDW. If you use only one MDW then continue, else start WRKGADM.EXE again and switch back to the default system.mdw.
2 open access using this new workgroupfile (use a shortcut if needed see example)
3 open the database (file menu >> open) that you want to secure.
4 create a new user and add him to the admins group (this wil be the new administrator)
5 check that the admins group has rights to all objects in your DB!
6 change the default admins password from blank to something you will remeber.
7 remove all permisions from the users group in the database
8 close the database
9 reopen the database the database you are securing (use shortcut if needed!) and log in as the new administrator
10 run the security wizzard on the new DB (saves time)
11 remove the (standard) Admin user from the admins group
12 create the users and groups your application needs
13 join your users to their rspective groups
14 assign the appropriate permissions to the groups
15 add or remove group permissions as needed.

You need a shortcut if you use several mdw's. If you're sure you will use only one mdw, than access wil always use the same mdw (as is set to default with WRKGADM.EXE) and you do not need a shortcut.
A shortcut example is: c:\program files\..\path to access.exe "path&filename of the database" /WRKGRP "pathname and filename of the newly created MDW file

 

[SidCharming]

I am helping myself and others at the same time... I am giving my 2 cents and looking for feedback at the same time.

Kind of a different approach, but helpful (so far).

Does the security wizard change the 'database' owner? because your method leaves the owner as 'admin', right? I don't want to mess with the wizard due to us having over 20 mdb's using the one central (on the LAN) system.mdw. So all our db's need to be accessed using the LAN system.mdw in a shortcut. I have not seen a good use of the wizard that leaves me satisfied on what it did and did not do.



Sid from Minnesota

 

[Lightning]

A quick way to determine this is to search the registry for either System.mdw or YourNewWorkgroup.mdw (Start|Run|Regedit).

A quicker way to check is to simply open a new blank database, then open the Workgroup Administrator. This will show you the name of the current default .mdw file.
And it's safer than playing around with the Registry.

HTH
Lightning