Deleting .mdw file removes security

[Guest]

I have an ACCESS db set up with user groups and restrictions, but when I
delete the .mdw file, ACCESS automatically sets up a new .mdw file where the
ADMIN user is in the ADMINS user group with no password. Remember that any
user in the ADMINS user group automatically has unrestricted access to the
db. Remember, also, that no password for the ADMIN user means that anybody
accessing my db is automatically brought in as the ADMIN user.

What this means is that anybody can over-ride my security restrictions by
simply deleting my .mdw file or copying the db to a location that cannot
access my .mdw file.

What am I missing here?

 

[Joan Wild]

What am I missing here?

I have an ACCESS db set up with user groups and restrictions, but
when I delete the .mdw file, ACCESS automatically sets up a new .mdw
file where the ADMIN user is in the ADMINS user group with no
password.

It sounds as though you implemented security using the standard system.mdw
that ships with Access. This workgroup is common to all installations of
Access. The first step in securing a mdb is to create a *new* mdw using the
workgroup administrator.

Since Access always uses some mdw in every session, when you delete
system.mdw, it will create a new one.

Remember that any user in the ADMINS user group
automatically has unrestricted access to the db. Remember, also, that
no password for the ADMIN user means that anybody accessing my db is
automatically brought in as the ADMIN user.

Partially true. Only the Admin User and the Users Group is common to every
mdw. The Admins group is different (but only if you create a new mdw). The
Admins Group in another mdw should not have unrestricted access to the db,
if you implement security properly.

Study the FAQ and follow every step
http://support.microsoft.com/?id=207793

Security Whitepaper
http://support.microsoft.com/?id=148555

I've also outlined the detailed steps at
www.jmwild.com/AccessSecurity.htm

 

[Guest]

Thank you Joan Wild

This is a sticky problem for me and I appreciate somebody stepping up to the
plate so quickly.

I think I need to explain the problem a bit better. I did create my own
..mdw file using the WIZARD. ADMIN was moved out of the ADMINS user group. I
put all my intended database gods into a new user group with full privaliges
and set up other user groujps to taste.

I tried to restrict (actually to illiminate) privilages to the ADMINS user
group, but ACCESS seems to always put them all back (which seems consistent
with the documentation if I'm reaidng it right).

My security works fine as long as the database has access to the .mdw file.
The problem is that if a malicious snooper wants full privilages to my
database, all he has to do is delete the .mdw file.

With the mdw file not available at run time, ACCESS creates a new .mdw file
with ADMIN in ADMINS (with full privilages). With the new .mdw, ADMIN has no
password, so my hacking smoothy is escorted in under the user, ADMIN without
even having to log in.

I have tried everything I know to close this back door. Any suggestions?

Thanks again,

Phone Home

 

[Joan Wild]

I think I need to explain the problem a bit better. I did create my
own .mdw file using the WIZARD. ADMIN was moved out of the ADMINS
user group. I put all my intended database gods into a new user
group with full privaliges and set up other user groujps to taste.

See that's not the exact steps to follow, and I think that is the source of
your problem. You *must* follow *every* step outlined in the faq. What
version of Access are you using? You shouldn't rely on the wizard in
version 2000.

It sounds to me as though you missed a crucial step - you mention giving
full privileges to your new group, however it sounds as though the Admin
user owns everything.

I tried to restrict (actually to illiminate) privilages to the ADMINS
user group, but ACCESS seems to always put them all back (which seems
consistent with the documentation if I'm reaidng it right).

This should not be a problem. You can remove permissions to the Admins
Group (but I don't think this has anything to do with your problem).

My security works fine as long as the database has access to the .mdw
file. The problem is that if a malicious snooper wants full
privilages to my database, all he has to do is delete the .mdw file.

With the mdw file not available at run time, ACCESS creates a new
.mdw file with ADMIN in ADMINS (with full privilages). With the new
.mdw, ADMIN has no password, so my hacking smoothy is escorted in
under the user, ADMIN without even having to log in.

You have definitely missed a step in securing it. Follow the detailed steps
in order. If someone deletes the mdw you used to secure it with, they
should not be able to even open the database.

 

[Guest]

I was successful.

FYI: The one thing that I can clearly identify that I did different was to
end the process by setting the "database" priviliges for the ADMIN user ane
USERS uer group as follows:

1. I checked the run and run exclusive boxes and then I clicked on the
Apply button.

2. I then unchecked these same two boxes and again hit the Apply button.

I did this because the documentation you refered me to said that ACCESS
2000 had a bug where under certain conditions (having to do with the
WIZARD), these privilges might appear unchecked in the security menus yet
still be some-how active.

I don't know if this final step was the magic bullet that made things work
(or for that matter did anything at all), but it might be something to
suggest if somebody else runs into this problem.

By the way, I am working under ACCESS 2003.

Thanks Joan Wild. Without your input, I might well have given up and
settled for some clumsy-sort-of-effective workaround. And while I'm at it,
thanks for getting back to me so quickly.

Sincerely

Phone Home