No login prompt

[Guest]

I created user and group accounts using Tools-Security-User group accounts. I
also changed the password of 'Admin' user.
But when I open a database that I am trying to secure, it doesn't prompt me
for a username and a password?

 

[Scott McDaniel]

Which workgroup were you joined to when you changed the Admin password?

Did you secure the db according to the steps spelled out in the Security
FAQ? There's much more to securing your database than simply building groups
and adding users. The FAQ is here:
http://support.microsoft.com/default.aspx?scid=/support/access/content/secfaq.asp.
Read this thoroughly, then read it again, the practice on a copy of your
database - ULS is tricky and complex, and few devs get it right the first
time. Make a copy of your db and store it off-machine in case something goes
wrong.

 

[Guest]

I am not sure what you mean by that. I have several workgroup files but I
created a new workgroup file today before I even opened my database. And
then created users. I was able to open my database without any login. Then i
thought that it may ask for a login if I change the password so I went back
into Usr and Group accounts and changed the password from blank to a value
for admin user. But when I open the datase, it still doesn't me for username
and passwrd and simply opens

 

[Rick B]

If you could open it with no login, you have a much bigger issue here. Your
database is not secured!

You must follow all the steps to implement User-Level Security. You skipped
a few.

 

[Guest]

I have gone through the FAQ and all of MVP's tips. But I guess this concept
will become clear only with more practice.
What I now found was that it asks for a username and a password for my
database and I am able to get into it using 'admin' username and the password
that I created. But once I am in and then close the db window but let the
Access window stay open, and then try to open a db, it does not prompt me for
username and password and lets me in. Can you shed more light please...

 

[TC]

Neeraj, I think you do not fully understand the concept of "workgroup
information files" & how they are used in Access security.

Your PC probably has several workgroup information files at this stage.
Each of those files contains an Admin user. The Admin user might /have/
a password in some of those files, and /not have/ a password in others.
So, depending on which workgroup file Access decides to use, you might
or might not be prompted for a username/password, when you start
Access, or double-click an mdb file.

Google this group for the term "/wrkgrp switch" (without the quotes)
and you will find more information on this.

HTH,
TC

 

[Joan Wild]

I have gone through the FAQ and all of MVP's tips. But I guess this
concept will become clear only with more practice.
What I now found was that it asks for a username and a password for my
database and I am able to get into it using 'admin' username and the
password that I created. But once I am in and then close the db
window but let the Access window stay open, and then try to open a
db, it does not prompt me for username and password and lets me in.
Can you shed more light please...

That makes perfect sense. The workgroup file is used for the session of
Access (doesn't matter how many databases you open, or how many times you
open your database). You are prompted once for your username/password. As
long as you keep Access open, it won't prompt you again for that session.

If you close Access, then open your db again, you will be prompted for the
username/pwd.

 

[Scott McDaniel]

Access User Level Security is "session" based, and it's always on ... when
you open Acces (either directy or by opening an Access database) you ALWAYS
log in through a workgroup file - even on a new, fresh install of Access,
all users log in through the system.mdw file, and all use the same account
(the Admin account), and every database is owned by Admin. Since all
system.mdw files are identical across all similar Access versions, you can
transfer a database to any machine with Access installed and open it.

So when you open a "session" of Access and use the default system.mdw, you
would be able to open ANY database that is "secured" with the system.mdw
file. You would not be able to open any databases correctly secured with
another workgroup file.

If you PROPERLY secure a database, you woudn't be able to open that database
from an Access session opened with another workgroup.

A workgroup file stores Users, Groups, Group Memberships, and Passwords
(encrypted). The database itself stores object permissions ... in other
words, the workgroup file authenticates the user and allows you to open a
SESSION of Access ... once in that session, you would not be prompted for a
user/pass combo again because you've already been authenticated. From this
point, any db secured with the in-use workgroup file could be opened
(assuming your user account had permissions to do so). To change workgroups,
you must close and re-open the Access session - since you didn't do this,
you would NOT be prompted for the user/pass again.

To put it a little more simply - you weren't prompted for a new user and
pass because the user/pass info doesn't "travel" with an individual
database.

Note also that the "database password" method of security (if you can call
it that) travels with the database, so if you set a db password, you would
be prompted for a password anytime you open the database.

As TC suggested, you would be well advised to read and re-read the Security
FAQ, this newsgroup and other resources regarding security before moving
ahead with your project.

 

[Guest]

It also seems that when I close Access session and reopen it again, it opens
with the same WIF as Access was closed with.For example, if a WIF called
system7.mdw were open at the time when Access was open and I was working in a
db1 and then I close Access and then reopen db2, it would want to reopen with
username and passwords in system7.mdw (unless I rejoin to a different WIF).
Say if I were to go ahead and supply a valid username and password in
system7. mdw to open db2, then the db2 would open. From here, if I were to go
User Group and Accounts, it would still have show the username and groups as
in system7.mdw even though these usernames may not apply to db2. Similarly,
user permissions would show only for users in system7.mdw. It seems it is
also important to join to the correct WIF before opening a db. Is this
correct?

 

[Joan Wild]

Yes that is correct. Access always uses a workgroup file. It ships with
one called system.mdw and uses that (it silently logs you in as Admin).

In your case the default workgroup has been changed to system7.mdw. So it's
using that for all sessions. The workgroup file is tied to the Access
session, not a database. You can open any number of databases using
system7.mdw as long as the user has permission to do so.

Normally one leaves their computer joined by default to the standard
system.mdw (with no login). For secure databases, create a desktop shortcut
that utilizes the /wrkgrp switch that specifies a different mdw to use *for
that session only*. This then doesn't affect you when you open unsecured
databases. The shortcut target would look like:
"path to msaccess.exe" "path to secure mdb" /wrkgrp "path to secure mdw"

 

[Guest]

Thanks, I set the default wif to system.mdw (no password set to admin
account)and I was able to create a shortcut with that path to system7.mdw.
Now when I open the shortcut, it opens the assigned WIF and asks for the
appropriate username and password (though when I go to workgroup
administartor, it still shows the wif as system.mdw). But if I choose to
bypas the shortcut, I am able to open the same database directly without any
prompt for a password. So how has this made my db secure if its secure
through the shortcut and not otherwise?
Also I have to upload this db on a Windows Sharepoint so that the users of
my db can access it. I have assigned appropriate usernames and passwords in
system7.mdw. I understand that the WIF does not travel with the db. What are
my options with regards to uploading the db in a secure mode.

 

[Joan Wild]

Thanks, I set the default wif to system.mdw (no password set to admin
account)and I was able to create a shortcut with that path to
system7.mdw. Now when I open the shortcut, it opens the assigned WIF
and asks for the appropriate username and password (though when I go
to workgroup administartor, it still shows the wif as system.mdw).

The workgroup administrator just tells you the default WIF; not necessarily
the one in use. Hit Ctrl-G and type
?DBEngine.SystemDB
That will tell you the one in use.

But if I choose to bypas the shortcut, I am able to open the same
database directly without any prompt for a password. So how has this
made my db secure if its secure through the shortcut and not
otherwise?

If you are able to even open it using the standard system.mdw, then you
missed a step in securing it. Every step is vital; you can't skip anything.

Also I have to upload this db on a Windows Sharepoint so that the
users of my db can access it. I have assigned appropriate usernames
and passwords in system7.mdw. I understand that the WIF does not
travel with the db. What are my options with regards to uploading the
db in a secure mode.

Once you fix the above, and get it secured properly, you'd put the mdw in
the same folder as the mdb. Users will need read/write/create/delete
permissions on the folder.

 

[Guest]

What could be the step that I missed due to which I am able to open the db
(say db1)without any username and password prompt using the standard
system.mdw. One thing that I can think of is setting a password to the
'Admin' user in system.mdw. Once I do that, it does ask me for a password as
expected. But then it prompts me for a password for opening any db. This
defeats the purpose of creating a shortcut. I did not use the wizard to
secure this db (that is db1). However, there is another db (say db2) which I
secured using the wizard. When I try to open db2, it gives me the message
'You dont have the necessary permissions...'. Its associated shortcut prompts
me for a password. How can I secure my db1 in the same way as db2.

 

[TC]

Neeraj, I suspect that you are not actually following the FAQ
instructions /precisely/.

You must do exactly what the instructions say - no more, no less - in
the exact order that they say to do it - adding & omitting nothing.

If you omit any single step, or do things in a different order, or add
a step of your own at any point, the db might not be secured.

If you follow a proper list of instructions, you will /not/ be able to
open your secured db using the default system.mdw workgroup file, and
you will /not/ be prompted for a username/passsword for every database
including unsecured ones.

If you /can/ open your secured db using the default system.mdw
workgroup file, or if you /are/ prompted for a username/passsword for
every database including unsecured ones, this means that you are not
following the instructions correctly, or the instructions themselves
are not correct.

For example, you have said that you added a password to the Admin user
in the default system.mdw. No proper set of instructions, will tell you
to do that.

HTH,
TC

 

[Guest]

I have been following 'Access 2002/2003 Security Step by Step' to secure
database. I did the same again and used wizard. I followed Steps 16 through
32 ( I didn't do Steps 1 through 15 as I didn't want a different username
from my Windows username). Except in Step 24, I did assign a few permissions
to users.
I observed that after I click on 'Finish' in wizard, it takes an unusually
long time to show the One Step Security Wizard. In the report, it lists
Groups ( I didn't create any new groups so it shows only the defaults: Admins
and Users) and the users in each of these 2 groups ( It shows the new users
that I created here but doesn't include admin in the group of Users). It also
lists Users as a separate category and the groups that they belong to. Here
it doesn't show the new users that I created.
The wizard did create a shortcut though which prompts for username and
password which on being inputted opens the database. But the problem is still
there: I am able to open my mdb file by just double clicking on it.
I realize that I had set the password to Admin account in system.mdw only as
a test step and not as a part of recommended steps but thats the only thing
that I did additionally last time. Please advise me from here...

 

[TC]

Sorry, I don't know the document that you refer to. Also I don't use
the wizard.

If you can open a secured database by double-clicking the mdb file
directly, this means one of two things.

(1) The database /is/ secured correctly, except that you have
mistakenly used the system's default workgroup file (system.mdw) to do
the securing; or,

(2) The database is /not/ secured correctly. This could be for dozens
of reasons. For example, perhaps the database (or the objects within
it) are still owned by the Admin user. Or, perhaps the Admin user is
still a member of the Admins group. And, it seems that you assigned
permissions to the Users group, instead of creating new groups for that
purpose? Remember, just as the Admin /user/ is common across all
installations of Access, the Users /group/ is also common across all
installations of Access. Any permissions that you give to the users
group, will be shared by every user of every Users group in every other
workgroup file in the world.

HTH,
TC