Re: How do I get (or set) the password for VSS 2005 users?

David,

VSS users/passwords are not a mean to enforce security on the VSS databases.
A malicious user with access to the database share doesn't need the admin
password (and doesn't even need to hack it) to view or modify the files in
the database - he can simply operate on the physical files in the data
directory. The real database security should be enforced through NTFS file
system and Windows share access rights.
--
Alin Constantin
This posting is provided "AS IS" with no warranties, and confers no rights.


"David Thielen" <david@xxxxxxxxxxxxxxxxxx> wrote in message
news:3C487E10-4A16-4660-A76B-1E59E3BA4717@xxxxxxxxxxxxxxxx
Hi;

Yeah - I've seen on the web how it's pretty easy to hack the admin
password
so I don't use my domain password there. IMO this is a pretty bad design
because there is only one admin user. It's not like a domain where we have
several users with admin rights so if one gets run over another can still
get
in to everything.

I guess the answer is just to write it down and make sure all admins have
a
copy. This is one of those cases where the use case makes the security
weak.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com



"Alin Constantin [MSFT]" wrote:

Hi David,

The Admin user in VSS can reset the passwords for all other users.
If you lose the Admin password you're on your own - for legal reasons
Microsoft PSS cannot help you recover it.
(if you get there, search the web what other users did when they got in
the
same situation, but it's smarter not to get there anyway)
--
Alin Constantin
This posting is provided "AS IS" with no warranties, and confers no
rights.


"David Thielen" <david@xxxxxxxxxxxxxxxxxx> wrote in message
news:0736C53B-72CA-43AA-8BD7-6F4EDE45EACD@xxxxxxxxxxxxxxxx
Ok, we don't need this. But for future reference - how do we do this?
Or
should I have everyone write down their password and give it to me?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com



"David Thielen" wrote:

Hi;

If we do not know the password for any user including admin, how can
me
get
them or force new ones?

Please do not say there is no way to do this as VSS does not use the
domain
passwords so it must have a recovery method. (Our problem is everyone
set
them when they first used it and then promptly forgot them as they
never
needed it again since you are not prompted.)

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com






.

Relevant Pages

  • Re: Problems setting up access security
    ... So, for some reason, it seems that Access security does not work when Access ... try to go directly into the database, they have to use the shortcut and log ... "Joan Wild" wrote: ... The Admin user still owns the database object. ...
    (microsoft.public.access.security)
  • Re: Sorting out security
    ... There is a link to it on the Security page of my website. ... > files and remote logins to a secured database. ... different name for the secure workgroup file. ... If the Admin user has no password then every user is ...
    (microsoft.public.access.security)
  • RE: How to remove user level security
    ... It sounds like you did not secure your database but you just forget what ... the passwords are for the Admin account and the account that has Admins ... Reopen Microsoft Access and try opening one of your databases. ... The security wizard creates a ...
    (microsoft.public.access.security)
  • Re: Sorting out security
    ... > MS Access security. ... > created a new workgroup, added a password for the Admin role, added ... > remote logins to a secured database. ... The location of the current workgroup file is recorded in the ...
    (microsoft.public.access.security)
  • VSS Admin user issue..
    ... I noticed that some users are logging into one of the VSS ... databases with "Admin" user login. ... connect to vss database and since “Use network name for automatic ...
    (microsoft.public.vstudio.sourcesafe)