Security nightmare - 2 mdw's mixed up

[Guest]

Sorry for the long post, but I'm hoping to give enough info to get a quick
resolution. Thanks in advance.

In testing stages of a security on database... I had security set and was
testing it with another user and myself. The db was on a network server, and
only one of us could get in at a time. (Hadn't yet taken steps to split db
into front/back ends.) Her login was working, and I could access through my
login or through Admin... Not sure what one thing triggered the malfunction
today.

Someone else, who was trying to help her in my absence, had deleted the db
shortcut and created a new one. I didn't pay attention to the logon that
popped up and went through Tools/Security to make sure she was added to the
database. Turns out it was her server login (used at Start Up) that I added.

Now it appears the security applied to our main system of record (DB#1),
which is Access based is linked the .mdw of the test database (DB#2).

When she tried logging into DB#1 she was getting a logon prompt, which is
not required as it is initiated during server login. If I was in either db,
she couldn't get in either.

I've deleted the .mdw file for the test db, and now we can get in DB#1
(separate, or at the same time), but neither of us can get in DB#2. I was
smart enough to save the .mdw file, so it's lost.

How can I fix this mess and salvage the test databse, which now has a lot of
data in it. The last backup was Many data entry hours ago.

Thank you,
Janice

 

[Keith Wilby]

Hi Janice.

I've deleted the .mdw file for the test db, and now we can get in DB#1
(separate, or at the same time), but neither of us can get in DB#2. I was
smart enough to save the .mdw file, so it's lost.

Oh dear, you've just learned the hard way that you should only work on
backups when you're learning security.

How can I fix this mess and salvage the test databse, which now has a lot
of
data in it. The last backup was Many data entry hours ago.

There is no legitimate way to get into a secured file without it's workgroup
file (mdw) so you're now on the path of paying for a utility (of which there
are may if you care to Google) to break into it. Is your server not backed
up periodically?

Keith.
www.keithwilby.com

 

[Guest]

how long it took to become and security specialist and MSCDA

Cameron

 

[Guest]

I mistyped. I did save the MDW can restore it, however I still have the
problem of the two unrelated databases being linked through security.

DB#1, the company's main system, should not ask for a login but now it does
(as if it were DB#2). How do I delete the security I set on DB#1, which was
intended for DB#2? Is this in the System MDW, or...??

Janice

 

[Keith]

I mistyped. I did save the MDW can restore it, however I still have the
problem of the two unrelated databases being linked through security.

DB#1, the company's main system, should not ask for a login but now it does
(as if it were DB#2). How do I delete the security I set on DB#1, which was
intended for DB#2? Is this in the System MDW, or...??

Janice

You're confused ;-)

If your PC asks for logon credentials then you are joined to a modified
WIF (mdw) and you need to re-join the default "system.mdw". If you've
modified the default WIF then delete or move it and Access (2k and
above) will re-generate a new, clean "system.mdw" on startup.

HTH - Keith.
www.keithwilby.com

 

[Guest]

I'm still confused. Still learning some of this... Not sure what this means:

you are joined to a modified
WIF (mdw) and you need to re-join the default "system.mdw".

If I open up DB#2 (the one I developed and was testing) and try to open up
DB#1 (the main system db which has an Access interface), a login prompt
appears for DB#1 (which was never there before). Prior to this nightmare,
once I logged into my machine (thus accessing the network) I did not need a
login to open DB#1.

I removed DB#2 from the server, and am accessing direct from my machine
while I clean this mess up. Are you saying that by deleting system.mdw from
my machine it will clear the login prompt from DB#1?

Sorry, I need a little remedial (and possibly step-by-step) help here...
Thank you,

Janice

 

[G. Vaught]

This is how Access security works. If you create security on any database in
Access, all Access databases will prompt you to login regardless. This is
the default by design. What you need to do is create a shortcut on your
desktop to the database with security and set the shortcut to open the
database, open the correct mdw file. For the other databases to work without
a login, you need to go back to the Workgroup program and join to the
System.mdw file. If joining this does not allow your other databases to
work, then see next paragraph. The Workgroup is set within Access 2003 and
has a separate file for all other versions. You should be able to get to
this just by opening Access without opening any databases.

If you used the System.mdw file to create the security and did not give it a
new name, then you need to establish the generic System.mdw file that gets
installed when you install Access. This can be as simple as copying the
System.mdw file from someone else's machine. However before you do this,
keep a copy the current System.mdw file in case it does contain you current
security info and you use it for your shortcut mentioned in the first
paragraph.

Another thing to remember is passwords are not implemented when you first
set up security. All you are doing is setting PIDs. Therefore when first
opening the database you do not need to enter a password, you just need to
enter the username. Hopefully, somewhere you gave yourself Admin privileges
when you setup the PIDs.

Microsoft's Knowledge base has an excellent whitepaper on setting up
security for Access. I would suggest you search for this whitepaper on the
website before you go any further in this matter. The reason for this is
once you mess up security on the database, there is no way to recover the
database data.

 

[Keith Wilby]

If you create security on any database in Access, all Access databases
will prompt you to login regardless. This is the default by design.

Well not quite, just to clarify, this is the behaviour you'll get if you
either modify the default WIF or join your custom WIF by default. You
should NEVER IMO modify the default system.mdw but create your custom WIF
and use a desktop shortcut to join it on a session-by-session basis (which
is what you go on to state).

Keith.

 

[Keith Wilby]

I'm still confused. Still learning some of this... Not sure what this
means:

I think you need to start with a clean sheet and read the MS FAQ. There's a
link to it on my web site and it's essential reading if you want to
understand how security works in order to set it up correctly. Be aware
that there's no filler in the FAQ, all of it is pertinent.

Keith.
www.keithwilby.com

 

[Joan Wild]

The Workgroup is set within Access 2003 and has a separate
file for all other versions.

The workgroup administrator is also built in to 2002.

If you used the System.mdw file to create the security and did not
give it a new name

Are you suggesting that using system.mdw and giving it a new name is OK?
(it's not)

, then you need to establish the generic System.mdw
file that gets installed when you install Access.

Another thing to remember is passwords are not implemented when you
first set up security. All you are doing is setting PIDs.

Not necessarily true. You can set passwords if you use the security wizard
in 2002 or 2003.

The reason
for this is once you mess up security on the database, there is no
way to recover the database data.

Again not true. If you mess things up, it's quite likely you'll be able to
undo or get around whatever you've done, especially if you've messed it up.

 

[Joan Wild]

Sorry for the long post, but I'm hoping to give enough info to get a
quick resolution. Thanks in advance.

In testing stages of a security on database... I had security set and
was testing it with another user and myself. The db was on a network
server, and only one of us could get in at a time. (Hadn't yet taken
steps to split db into front/back ends.) Her login was working, and I
could access through my login or through Admin... Not sure what one
thing triggered the malfunction today.

Is this DB#1 or DB#2?
Only one getting in at a time suggests that the windows user does not have
enough permissions on the folder where the mdb is. All users need
read/write/create/delete permissions on the folder.

Someone else, who was trying to help her in my absence, had deleted
the db shortcut and created a new one. I didn't pay attention to the
logon that popped up and went through Tools/Security to make sure she
was added to the database. Turns out it was her server login (used at
Start Up) that I added.

It's possible that this 'someone else' created a shortcut using the wrong
mdw file, or none at all meaning that it now was using system.mdw. However
since you got a login prompt, I doubt it. If you didn't pay attention to
the login, then how do you know what username you logged in with; what
password did you use. From the password you used, you should know what the
username must have been. "Turns out it was her server login" - how do you
know?

Now it appears the security applied to our main system of record
(DB#1), which is Access based is linked the .mdw of the test database
(DB#2).

How did you come to this conclusion?

When she tried logging into DB#1 she was getting a logon prompt,
which is not required as it is initiated during server login. If I
was in either db, she couldn't get in either.

How did she log into DB#1 - via a shortcut or double-clicking in Windows
Explorer? What steps?

I've deleted the .mdw file for the test db, and now we can get in DB#1
(separate, or at the same time), but neither of us can get in DB#2. I
was smart enough to save the .mdw file, so it's lost.

Which is the one that you secured? DB1 or 2? What version of Access?

 

[Billy]

I am working on different Access databases for my company. I am
expected to provide security features and make sure that the databases
are running well. There are about 8 databases being used so far, each
with multiple users.
I have tried setting up security features on the first database. After
following the right procedure in User-Security and giving permission to
users, I went to a collegue's computer to test. She had full access
and admin privileges. There was no logon prompt.
This was very disappointing because I thought I followed the procedure
very carefully.
We are using a common drive on the network.
Please help me get this thing done!
Billy

 

[Rick Brandt]

I am working on different Access databases for my company. I am
expected to provide security features and make sure that the databases
are running well. There are about 8 databases being used so far, each
with multiple users.
I have tried setting up security features on the first database.
After following the right procedure in User-Security and giving
permission to users, I went to a collegue's computer to test. She
had full access and admin privileges. There was no logon prompt.
This was very disappointing because I thought I followed the procedure
very carefully.
We are using a common drive on the network.
Please help me get this thing done!
Billy

Get a different procedure to follow and try again because that definitely
means you missed one or more steps. I suggest you try the procedure as
outlined at the link below...

http://www.jmwild.com/security02.htm

 

[Billy]

Do I need to delete the rest of the files that have been created for
this to be successful?

 

[Rick Brandt]

Do I need to delete the rest of the files that have been created for
this to be successful?

Most likely. Security learning is best done on junk files until you are
comfortable with it.

 

[Billy]

I followed the procedure, I am showing it is running "Enhancing
Security" but kind of stuck. Do I need to close the database or just
wait until it stops running and the green light is gone?
Thanks a lot for your help.

 

[Billy]

I am really in some big problem here guys. Add or Remove buttons are
greyed out in the User/Accounts. What do I need to do? Got some
pressure on me here.

 

[Joan Wild]

You need to log in as a member of the Admins Group - log in with that
username and you can delete/add users/groups.

 

[Billy]

I have tried this, not working. I have been trying to set up security
features. I set up about 3 mdw files that I have been using. Could
this be the cause of the problem?
Billy

 

[Joan Wild]

Probably in your multiple attempts to set up security, you created the three
mdw files.

Access ships with a workgroup file called system.mdw that's used in every
session (even unsecured databases). It uses this one and silently logs you
in as a user called 'Admin'.

When you secure a database, you create a new workgroup file. You only need
one.

I gather from this thread that you are practising on a copy of your
database.

I suggest at this point, that you go to your backup of the unsecured mdb,
delete all the mdw files you created, and start over.

Also ensure that you don't modify the default system.mdw workgroup.

You need to follow every step outlined in securing your database or it won't
work properly.

Some resources:

Security FAQ
http://support.microsoft.com/?id=207793

Security Whitepaper
http://support.microsoft.com/?id=148555

Although the whitepaper is old, it contains information to help you
understand security.

I've also outlined the detailed steps at
www.jmwild.com/AccessSecurity.htm