Re: creating workgroupfile for remote administration

Tech-Archive recommends: Fix windows errors by optimizing your registry

Thanks for all the help TC, Keith and Joan.

Since I allready have the db distributed I'll venture into the two-mdw
solution another time, but now I finally know how :-)
I'm creating a couple of forms for a trusted user to add/delete users via a
few custom forms.
Behind it all he's using the workspace of an administrative user. It works
very well and eliminates using the standard account+permissions window
provided by Acces - which isn't that pretty :-)

Thanks again!

Jesper Fjølner




"Joan Wild" <jwild@xxxxxxxxxxxxxxxx> skrev i en meddelelse
news:%23T4z8g0%23FHA.1676@xxxxxxxxxxxxxxxxxxxxxxx
> Jesper Fjølner wrote:
>>
>> I originally created an mdw-file called "developer.mdw" with the
>> groups: AppAdmins, AppUsers, Developer. I'm in the "Developer" group
>> as the only one and I'm the owner of the database.
>> I use AppAdmins and AppUsers mainly to discriminate between users.
>>
>> The SecFAQ says to recreate this manually. But couldn't I just copy
>> "developer.mdw" into "user.mdw" and change the new "user.mdw" and, at
>> the end, delete the "developer" group from "user.mdw"?
>
> That is definitely not the way to go. You MUST create a new workgroup
> file; otherwise the two will have the same Admins Group, which is what you
> don't want.
>
> Create a new workgroup file, and create the AppAdmins and AppUsers Groups
> exactly as they were created in the developer.mdw (same name/PIDs).
>
> Then in the user.mdw, you can create a user and put them in the Admins
> Group; that will allow them to create/delete users and assign them to
> groups, but won't allow them to modify permissions on anything else
> (because it's not the same Admins Group as that in the developer.mdw)
>
>> When doing this MUST I recreate the distributable mdw-file
>> ("user.mdw") manually
>
> Yes
>
>>or can I copy the "developer.mdw" and change
>> that (ultimately deleting the "developer" group was my plan)?
>
> No. In fact, you don't really need a developer group, as the Admins Group
> in developer.mdw would serve that purpose. However you don't need to
> include it in the user.mdw.
>
>> How should I be logged in when I create "user.mdw"? Should I be
>> logged into "developer.mdw" or "system.mdw"?
>
> Makes no difference, since you will be creating a new mdw.
>
> --
> Joan Wild
> Microsoft Access MVP
>


.

Relevant Pages

  • Re: Security without signon
    ... I am thinking that you didn't create a new workgroup file to secure it with. ... I have changed the owner of the database and the tables to a user ... > this group and removed all table rights from the default Admins group. ...
    (microsoft.public.access.security)
  • Re: Remote Site MDW Problems
    ... > I then created the site administrator workgroup file, ... that the Admins group of wgf-site, is not the same as the Admins group ... > administrator account, put it into the Admins group and removed the Admin ...
    (microsoft.public.access.security)
  • Re: Remote Site MDW Problems
    ... put it into the Admins group and removed ... > you haven't said that you actually gave the site administrator ... > "open" permission on the database. ... I then created the site administrator workgroup file, ...
    (microsoft.public.access.security)
  • Re: AllowBypassKey
    ... it may be better to say "withthe Admins group>of the ... workgroup file which was used to create the database<". ... The following users have permission to ...
    (microsoft.public.access.security)
  • Re: Advanced Security Issue
    ... could either guess the Name/Org/WID and recreate the workgroup file itself, ... or just guess the Username/PID and recreate the user (one less field to guess ... would be identical to the Admins group of your dev file. ...
    (microsoft.public.access.security)