How to allow users to change their password?

[Guest]

MS Access 2K, Windows XP
====================
Hi,

So, crossed the first hurdle of testing the security setup and splitting the
secured database. Thanks, Joan, TC, David, Rick and others who patiently
answered my questions over the past couple of weeks.

I have some more questions regarding password for a user (who only has
permissions to use the Forms and not make any design changes to db objects).

How does a user change her/his password after I create the username? The way
my database is set up, they won't be seeing the Tools option in the menu as I
have the following unchecked - "Display database window", "Allow full menus",
"Allow Built-in toolbars" and "Use Access Special Keys".

Does that mean all password change/reset request from users will have to go
through the data admin? Meaning they tell me the new password, and I go in
and set it for them? Also, please correct me if I'm wrong, but to _change_ a
user's password for her/him, I'll have to login using their login
name/password first.
Logged in as myself (with all the privileges), I can only _clear_ the
password of another user, but cannot _change_ it.

Is it OK for a data admin person to be privy to all passwords?
The other option is that whenever someone needs to change her password, it
will entail me making a trip to their desktop and logging in as them with the
"shift" key pressed to make the Menu options visible.....which I'm not sure I
like.

Am I missing something here?? Is there a simpler way to do this?

Thanks.

-Amit

 

[Guest]

Hi.

How does a user change her/his password after I create the username?

Allow the user to do it himself. Create a form with a text box for the User
ID and three more text boxes: the old password, the new password, and to
verify the new password. Use the CurrentUser( ) method to automatically fill
in the User ID text box. All of the password text boxes will have the
"Password" input mask so no one can look over the user's shoulder to read the
password.

Once the user has typed the passwords correctly (verify that the new
password matches in both "New Password" text boxes), the form calls your
ChangePassword( ) function that you will write. You will find code that uses
the NewPassword( ) method to reset a User's password in section 5, "How can I
clear a user's forgotten password?" of the Security FAQ on the following Web
page:

http://support.microsoft.com/default.aspx?scid=/support/access/content/secfaq.asp#_Toc493299666

This code sets the User's password to an empty string, but you should change
the code to use the variable for the new password, instead. You'll need to
add error handling and to set the object variables to Nothing to release
memory before the function exits.

If the user types an invalid password, the password change will fail, so you
won't have people accidentally changing other people's passwords while using
this form. This password form can be set up to be opened by a button on
another form that the users have access to. That way, no custom toolbar need
be set up to provide the Security dialog window for password changes.

Also, please correct me if I'm wrong, but to _change_ a
user's password for her/him, I'll have to login using their login
name/password first.

If you want to use the Security dialog window to change the password, then
you'll have to sign in as that user first. However, the owner of the
database and members of the Admins group can programmatically change other
user's passwords with the NewPassword( ) method while signed in under their
own User ID's.

Logged in as myself (with all the privileges), I can only _clear_ the
password of another user, but cannot _change_ it.

Then all is right in the world. No user can arbitrarily change someone
else's password with that GUI.

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)
Beware to those who use munged addresses: known newsgroup E-mail harvesters
for spammers are (e-mail address removed) and (e-mail address removed)

- - -
When you see correct answers to your question posted in Microsoft's Online
Community, please sign in to the Community and mark these posts as "Answers,"
so that all may benefit by filtering on "Answered questions" and quickly
finding the right answers to similar questions. Remember that questions
answered the quickest are often from those who have a history of rewarding
the contributors who have taken the time to answer questions correctly.

 

[Guest]

Hi Gunny,

Thanks, once again, for your response which answered my question(s)
correctly

Cheers,

-Amit

 

['69 Camaro]

You're very welcome! And thanks for marking my responses as answers to your
questions. It's much appreciated!

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)
Beware to those who use munged addresses: known newsgroup E-mail harvesters
for spammers are (e-mail address removed) and (e-mail address removed)

 

[Guest]

You're very welcome! And thanks for marking my responses as answers to your
questions. It's much appreciated!

Sure thing! That's the least I can do.

-amit

 

[Guest]

Hi Gunny,

I have a follow-up question. Based on your response, I designed and tested a
form that allows a user to change her password. The only modification I made
is that I ended up using

DBEngine.Workspaces(0).Users(CurrentUser()).NewPassword Me.txtOldPwd,
Me.txtNewPwd

in the form instead of a function in a module, as I was getting an error #
3033 when I used the code in the module (even though I was logged in as a
user with ALL privileges).

Anyways, that's done.

What I tried to do was design a similar form that will allow a user to _set_
her password when she logs in the FIRST time. That didn't work with
NewPassword, as "txtOldPwd" is null(?)/not set. So, it gave me an error
message saying old password does not match.

I've been looking at some posts from a year or two back with the same issue,
and Lynn Trapp answered one of them (I think, or maybe Joan Wild). Seems like
this is not possible (allowing a user to _set_ the password from blank the
first time using a form).

So, I'm thinking the way around this is:
a. I create a new user
b. I log in as that user and set the password
c. inform the user of this password
d. when a user logs in for the first time, the first form she sees is
"change password"
e. the user changes her password
f. I add that information (that the password has been changed) to the table
I used in the first place to display the form in step d (so that next time
the same user logs in, she does not get the "change password" form).

Is there a better way to skin this cat?

Thanks.

-Amit

 

[Chris Mills]

I have a follow-up question. Based on your response, I designed and tested a
form that allows a user to change her password.

Why go to all the trouble when you can use the built-in one? (even in Runtime
and with "low" permissions)

I'm sure there's a better way to avoid Sendkeys etc, but anyway this macro
works.

&Change Password

Echo/Yes
SelectObject/Table//Yes (In Database Window)
Sendkeys "+{TAB}^{RIGHT}^{RIGHT}"/No
Runcommand/UserAndGroupAccounts
SelectObject/Form/Menu/No

You might consider this a bit crude, because they can see all the other user
names if they want to, but they can't change anything except their own
password.

Chris

 

[Chris Mills]

Wow, that must have been written a long time ago LOL!

All you need, in a macro or code is:
RunCommand acCmdUserAndGroupAccounts

 

[Chris Mills]

OTOH the macro puts them in the right Tab.

 

[Guest]

Why go to all the trouble when you can use the built-in one? (even in Runtime
and with "low" permissions)

Hi Chris,

Because I would like to give the users the ability to change their own
password instead of me (or some other data admin) doing it for them. As I
mentioned in my original post above, the "Tools" option is not available to
the users.

-amit

 

[Chris Mills]

Because I would like to give the users the ability to change their own

password instead of me (or some other data admin) doing it for them. As I
mentioned in my original post above, the "Tools" option is not available to
the users.

It works the two ways I suggested - it's just the toolbar or menu is not
visible, but the facilities still work if run in code (or macros).

Chris

 

[Guest]

It works the two ways I suggested - it's just the toolbar or menu is not
visible, but the facilities still work if run in code (or macros).

Thanks Chris. I'll try it out.

-Amit

 

[TC]

The advantage of "rolling your own" is that you could check for weak
passwords (eg. "password") and refuse to accept those.

HTH,
TC

 

[Guest]

Amit:

I have just run into exactly the same scenario (this explains the time gap).
The work-around I have found for this is as follows:

I have created a wlecome screen, which upon opening "tries" to reset the
user password from empty to empty.

If the user password is not empty this would create an error message (i.e.
the user has already set a password during a previous login. If it no error
is generated, i.e. the user password is empty during the first login, you can
then redirect the user to a form to enter a new password:

Private Sub Form_Open(Cancel As Integer) 'runs when opening welcome screen
(fdlgSplashScreen)

Dim strCurrUser As String
Dim usrCurrent As User
Dim wrkDefault As Workspace

On Error GoTo ErrCode

strCurrUser = CurrentUser()

Set wrkDefault = DBEngine.Workspaces(0)
Set usrCurrent = wrkDefault.Users(strCurrUser)

usrCurrent.NewPassword "", ""

DoCmd.Close acForm, "fdlgSplashScreen" 'close welcome screen
DoCmd.OpenForm "fdlgNewPassWord" 'open form prompting for new password

Exit Sub

ErrCode: 'run in case a password had been set earlier, i.e. is not empty

'do nothing and show welcoe screen

End Sub

 

[TC]

Another way to see if user 'X's password is 'Y', is to try creating a
workspace for that combination:

dim w as workspace
on error resume next
set w = createworkspace ("", "X", "Y")
if err.number = 0 then
' user 'X's password IS 'Y'
else
' user 'X's password IS NOT 'Y'
endif
on error goto 0

HTH,
TC

 

[Guest]

Hi.

Could you send me an exemple of this? I seewaht you written but I didn't
understand if I have to create those forms or I could simple create a button
with that.
Regards,
Marco