Hi, Damien.
Is there a better way to create / modify users and groups than using that
awful standard dialog?
That "awful standard dialog" window is the _easy_ way. The hard way (at
least for non-programmers) is to use SQL or VBA code with the DAO library to
create/modify users and their permissions.
I can't even set a user's password in there
When you create a new user, close the database, then log in as the new user
and set a password. Create a password sufficiently difficult to remember,
such as hE4wbpQnLB8avP, and then close the database. Tell the users their
new User ID's and passwords, then give the users instructions on how to
change their passwords themselves. They'll usually make the effort to
change a password like this.
I can't even <SNIP> force
them to create a password if I erase it.
Whenever you reset a user's password, create a new one that is difficult to
remember and give the user the instructions on how to change it. If you
suspect that they've removed the password, then periodically try to open the
database using this user's UserID without a password. (You could write a
VBA routine to automate this.) If the database opens with that user's
UserID but without a password, then you set a new password for that UserID
and give it to the user. Explain that the new security features prevent
users from having a blank password after a certain period of time (24 hours?
72 hours? You decide what's best), and will create a random password for
that user and create a report for the DBA whenever a blank password is
found.
It would be better if I could authenticate them on our domain and assign
permission via Windows rather than this mdw file thing
You can. Have the Windows network administrator create a new Windows Group
and assign "Full Control" Windows security permissions on the directories
containing the database files and the workgroup information file to members
of that Group. Have the Windows network administrator remove all Windows
security permissions for all other Windows Groups and user accounts. Then,
have the Windows network administrator assign all users authorized to use
the database to this new Windows Group.
Any Windows user account that does not have authorization to use the
database has no Windows security permissions on these directories, not even
"List Contents," so unauthorized users will never even know the database is
there.
HTH.
Gunny
See
http://www.QBuilt.com for all your database needs.
See
http://www.Access.QBuilt.com for Microsoft Access tips.
(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)