Admins Group Has No Permissions With Recreated 2002 MDW

[John Slattery]

I recreated my Access 97 MDW in 2002 and discovered that the Admins group in
the new MDW has no permissions on any of the objects it did with the old
MDW. Concerned that I might have the name, company, and WID wrong, I
created a new 97 MDW with the same information and found that the Admins
group had all of the expected permissions. The only thing that is a little
out of the ordinary is that the WID is composed of 20 randomly generated
characters selected from byte values 1 through 255 (i.e., null excluded).

In all other respects, the Admins group in the 2002 MDW seems to be normal.
For instance, if I create a new MDB, the Admins group has all permissions.

Thanks.

 

[TC]

It is my understanding that if you keep the identical, case-sensitive
company, organization & WID then the Admins groups should be the same.

There are some products on the web that will print the Security
Identifier (SID) values from a workgroup file. If you can find one,
that would give you a definitive answer - the two Admins groups should
have the same SID. Alternatively I will look at the two files, if you
email them to me (zipped) via the relevant button on the "show options"
panel of the new google groups interface. (You'd want to create two new
files with values different to your existing files.)

As for the "randomly chosen characters", are you sure that the WID
allows all those values? I've searched, briefly, but can not find, a
technical description of the WID, on MSDN. I assume you're using Alt
key sequences to type them in?

HTH,
TC

 

[Joan Wild]

It is my understanding that if you keep the identical, case-sensitive
company, organization & WID then the Admins groups should be the same.

will be..

As for the "randomly chosen characters", are you sure that the WID
allows all those values? I've searched, briefly, but can not find, a
technical description of the WID, on MSDN. I assume you're using Alt
key sequences to type them in?

It's likely that the workgroup was created by the security wizard. It will
use 'randomly chosen characters'.

 

[John Slattery]

I appreciate your post and offer, TC. I've nearly come to the conclusion
that I have reached a deadend here. Something has apparently changed since
I created the MDW with Access 97 on Win97 and where we are now, Access 2002
on WinXP. With the name, org and WID I have recorded I can create perfectly
functioning new MDWs all day long, but somehow our current environment is
handling things differently and producing a different Admins SID.

What's worse is that I have not been able to duplicate the problem with
another WID yet. I created a 97 MDW with a trivial WID, created a new
database with it, created a 2002 MDW with the same credentials, converted
the new database, and opened it to find the expected Admins permissions. I
also tried the same experiement with a WID consisting of a single byte with
a value of 252 and had the same result. I intend to generate a few WIDs in
the manner I originally used (a function using Rnd to send a string to the
Immediate window and then pasting to the WID text box). If I can produce
one that duplicates the problem, I will send the credentials and the MDWs as
you suggested.

Long ago, when I created the 97 MDW, I couldn't find a technical desrciption
of the WID, either, beyond the fact that it must be between 4 and 20
characters, is case-sensitive, and accepts alphanumeric characters.
Experimentation demonstrated that I could produce 97 MDWs with WIDs
containing any bytes other than null and consistently reproduce the MDW.

Hope to have an example of an offending WID later today.

Thanks.

 

[John Slattery]

Joan, thanks for your post. Please see my 6/24/2005 reply to TC describing
experience that would seem to call into question a truth I too have always
accepted, that the Admins SID of workgroups created with the same
credentials "will be" identical. The WID I used and the ones I created for
testing were produced with the following function and pasted from the
Immediate window to the WID text box of the Workgroup Administrator.
Thanks, again.

Public Function strPID() As String
'verified that all ascii characters except nul are valid for PID

Const bytcChrBoundLower As Byte = 1
Const bytcChrBoundUpper As Byte = 255
Const bytcPIDLen As Byte = 20

Dim bytChr As Byte
Dim strPIDHold As String

Randomize
For bytChr = 1 To bytcPIDLen
strPIDHold = strPIDHold & Chr$(Int((bytcChrBoundUpper -
bytcChrBoundLower + 1) * Rnd + bytcChrBoundLower))
Next bytChr

strPID = strPIDHold

End Function

 

[John Slattery]

Credentials that reproduce the problem for me are as follows:

Name: CSM
Organization: CSM
Workgroup ID: Ê{ {>hÃT§süíâ_Â;Z

The hex values for the bytes of the WID are: CA 7B 20 7B 3E 68 C3 99 12 A7
1C 8F 73 FC ED E2 5F C2 3B 5A

Decimal values are: 202 123 32 123 62 104 195 153 18 167 28 143 115 252 237
226 95 194 59 90

(I've attached a text file with the credentials. Testing the attachment
with a post to microsoft.test showed that it works fine with a news reader
but not so well at google.)

To reproduce the issue:

1) Create an Access 97 MDW using the supplied credentials, pasting the WID
into the WID text box of the Workgroup Administrator.
2) Open Access 97 with the 97 MDW.
3) Create a new Access 97 MDB.
4) Create and Access 2002 MDW using the supplied credentials, pasting the
WID into the WID text box of the Workgroup Administrator.
5) Open Access 2002 with 2002 MDW.
6) Convert the Access 97 MDB to Access 2002 file format.
7) Open the Access 2002 MDB.
8) Examine the permissions of the Admins group on the Access 2002 MDB.
(None will be found.)
9) Create another Access 97 MDW using the supplied credentials, pasting the
WID into the WID text box of the Workgroup Administrator.
10) Open Access 97 with the second 97 MDW.
11) Open the Access 97 MDB.
12) Examine the permissions of the Admins group on the Access 97 MDB. (All
expected permissions are present.)

Thanks.

 

[TC]

But he meant randomly chosen characters /including non-displayable
ones/:

"composed of 20 randomly generated characters selected from byte values
1 through 255 (i.e., null excluded)"

This would include (eg.) CR and LF.

Cheers,
TC

 

[TC]

Ok, I'll give that a go. But I did expect that you'd just send me the
two files Then I'd simply run them through my custom code which
accesses workgroup & database files without Access or Jet.

But I will try it manually as per your instructions. This will take 2
(maybe 3) days because it is currently the week-end here, & I'm just
about to go out to lunch! I will definitely post back here within 4
days one way or the other.

Cheers,
TC

 

[TC]

John, sorry, I now realize that I do not currently have easy access to
Access versions > 97 on my current PC. I develop everything in 97, then
use someone else's PC when I have to generate new builds in the higher
versions. It will not be convenient for me to access that other PC for
the purpose of testing your process.

Therefore, if possible, could you please email me the two files in
question? Obviously you would change the various values, so this would
not, in any way, be a breach of your security. The thing is, I can run
my custom software to examine those files, whatever version of Access
they are in, without having any particular version of Access on my PC.

Cheers,
TC

 

[John Slattery]

In the end, a workgroup file decryption program determined that the 97 and
2002 workgroup administrators /translated/ the WID I provided, each in
different ways, but consistently. The moral is constrain your WIDs to
keyboard characters, perhaps even just a-z A-Z 0-9. Thanks to everyone for
their input.