Jim Dettman
jimdettman at earthlink.net
Mon Aug 8 09:42:07 CDT 2005
John, <<We got it working. Somehow the shortcut was changed, and it was missing "/user" at the end of the command line. Without this, the program just opened up, but was the same user, with limited rights, for everyone (this is what I meant by missing...no login). >> Assuming that Access security is being used, that means that the Admin account has a blank password. Access user-level security is always on, but by default, JET tries a login with a username of admin and a blank password first. If that succeeds, then the login is bypassed. It's possible to secure a databases in such a way that you can leave the default login like this, but give the admin user limited rights. << It used to bring in their Citrix login ID or of the Windows server it is on. Maybe y'all know how to do this? What is the syntax, in a shortcut, to drag in a users Windows ID?>> They must have had some type of "launcher" app that created the shortcut on the fly. <<I am glad I asked for help though, because I did learn something. I hadn't realized that the extensions could be changed. I am going to look into this a little more, because it may be useful for me.>> A lot of folks don't realize it. MDA's, MDW's, etc are all MDB's and Access really doesn't care about the extension at all. Some MDA's are distributed as an "MDE" (no source code) ala the Wizards back with A95. Like my mom always said; it's what is inside that counts<g>. Jim. -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com]On Behalf Of John Clark Sent: Monday, August 08, 2005 10:05 AM To: accessd at databaseadvisors.com Subject: RE: [AccessD] Security Problem w/existing program We got it working. Somehow the shortcut was changed, and it was missing "/user" at the end of the command line. Without this, the program just opened up, but was the same user, with limited rights, for everyone (this is what I meant by missing...no login). Although it is now working, the user has to enter their password, which was automated before. It used to bring in their Citrix login ID or of the Windows server it is on. Maybe y'all know how to do this? What is the syntax, in a shortcut, to drag in a users Windows ID? I am glad I asked for help though, because I did learn something. I hadn't realized that the extensions could be changed. I am going to look into this a little more, because it may be useful for me. >>> jimdettman at earthlink.net 8/8/2005 9:29 AM >>> John, <<The program is working fine actually, but the security has disappeared.>> Please define "disappeared". What is or is not happening? << I am now wondering if this is using some add-in that supercedes standard security procedures.>> Access databases can have any extention and still execute (except for LDB). It is possible that the developer has implemented their own security setup within the app and Access security is not being used. I would also ask; Has anything changed recently? Hardware, software, OS, setup, etc. Jim. -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com]On Behalf Of John Clark Sent: Monday, August 08, 2005 9:19 AM To: accessd at databaseadvisors.com Subject: [AccessD] Security Problem w/existing program Somebody at work came to me w/a problem today. Their program, which runs on a Citrix box, is written in AXP, so they figured I could help them. I am feeling a little dumb though because I'm not getting anywhere w/it. The program is working fine actually, but the security has disappeared. Now, I don't have much experience with Access security to begin with, but I have been able to muddle my through it, in the past. However, everything I've dealt with in the past seemed to include an MDW file, but no such animal exists in this environment (did this go away with XP?). I looked at a backup directory they have and it isn't there either, which leads me to believe it is not just missing. Instead however, there are a bunch of files I have never worked with (i.e. .MDO, .MOD, .ODB, .MDA, .MOA). I found nothing, in a search, for .MDO files, but I found out that .MDA files are "Access Add-ins." I am now wondering if this is using some add-in that supercedes standard security procedures. When working though, I believe it acts the same way...they still go into DB security and manipulate workgroups and users, and their rights. Does anyone have any ideas of how I can troubleshoot this? I realize I may not be giving enough info, but I really don't know what else to add, at this point, so just ask if you need it. I am headed back into it now, but I'll check back in a bit to see what y'all might have for me. Thank you! John W Clark -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com