Resetting Access 97 permissions 1

[joshua]

A database I've been given to repair appears to have had all its permissions removed. The users group has Open/Run permissions on the forms. The admins group has no permissions. No one has any granted permissions on the modules. The admin has administer permissions on the database only.

Essentially, I can use the forms, but I can't access the design or code. Is there a way of overriding or breaking this security? There is no mdw file. Admin and mtsuser logins are in the admins and users groups, but neither had a password. There is no database password. How can I edit these forms?

Thanks,

Joshua

 

[thornmastr]

Interesting problem. If the database does not have a designated mdw file, you are probably using the standard system mdw, in which case I would say that you or someone has really messed that up.

If security had been implemented correctly, and you had the wrong mdw file you could not even open the database. The fact you can is reasonably good evidence you can lick the problem.

The first suggestion I would offer is to create a new workgroup file and join it. That will give you total admin rights, and, by default, if you can open the database at all (and from what you have said…that should not be a problem) you will then have total rights to everything. If not, post back, tell us what happened when you tried this.
Robert Berman
Data Base consultant
Vulcan Software Services
thornmastr@yahoo.com

 

[joshua]

Unfortunately, I inherited this problem. My client had an Access newbie working on this database previously and he may have made the security changes.

I created a new mdw file and joined that workgroup using workgroup administrator. When I go to user permissions, the admin account still has the same permissions, as does the admins and users groups. The mtsuser does not exist anymore. I'm able to open the database, but I still don't have admin rights to the forms and modules.

The mtsuser was to be the administrator for this database and a password was provided along with the database. The database was distributed on cd with no workgroup file accompanying it.

Thanks,

Joshua

 

[thornmastr]

Use the group permissions. at the least, as an admin user you have rights to the database or you would not be in. At the admins group level all of this has probably been removed. using group permissions, assuming you are the admins user, you should be able to assign rights to every object in the database to the admin group. See if you can. If you can, and if you do, you will be able to get permission to everything. Robert Berman
Data Base consultant
Vulcan Software Services
thornmastr@yahoo.com

 

[joshua]

Still no go. I can change permissions on for the database, but not for any of the forms or modules. The admins group has no rights on any of the objects, only at the database level. The admin account only has Open/Run on the forms because it is a member of the Users group.

Thanks,

Joshua

 

[thornmastr]

Can you give "administer" rights to the current db to the admins group or to the admins user. Robert Berman
Data Base consultant
Vulcan Software Services
thornmastr@yahoo.com

 

[joshua]

Currently, as I created and joined a new workgroup, I only have the admin user, admins group, and users group. With the admin login, I am able to grant any rights I want on the database, but can grant absolutely no rights on tables, queries, forms, reports, macros, or modules as I have only the basic run/open for any of the objects and do not have administer. I can create new objects and have all the rights to those. I can create users, but cannot give those users rights to any objects other than by putting them in the users group which allows them the run/open rights.

I've been using Access for 10 years and I've never seen a database this secure. Since there is no accompanying mdw file, there are no passwords to crack or non-admin logins with admin permissions, just the complete obliteration of any rights above run/open. Do you happen to know where the permissions for each object are stored and if it is possible to overwrite them to grant admin rights?

Thanks,

Joshua

 

[youdaman]

joshua,

I am having the exact same problem on a database that I am trying to convert. The owner shows up as <unknown> for almost all of the db objects(forms, tables etc....). I will keep looking at this thread to see if a problem is found. Good luck to you!

 

[thornmastr]

I wonder if we could call this the ultimate in security. Once last legit possibility. If you use the mdw you were first using, there is something called mtsuser. Is that a user or a group. From what you said he or the group has admin privilege and can set privilege levels. You also mentioned that this user had a password and obviously you don’t have the password.

Is this A97 or A2K? In either case I may be able to crack the password for you; big maybe. Let me know the version of Access this beast is brutalizing, and I will do some digging and get back to you.
Robert Berman
Data Base consultant
Vulcan Software Services
thornmastr@yahoo.com

 

[thornmastr]

Whoops. Blind rage mode. A97. Sorry for the dumb moment. To my notes and old contact lists. Robert Berman
Data Base consultant
Vulcan Software Services
thornmastr@yahoo.com

 

[joshua]

In the original system.mdw file I have, there is an mtsuser login, which did not have a password or any rights exceeding what the powerless admin had. It was supposed to have a password and true admin rights according to a sheet I have from the programmer.

As far as I can tell, the programmer did what is described in the &quot;MDW-file for secured database can be read by everybody&quot; thread at

http://www.tek-tips.com/gviewthread.cfm/lev2/4/lev3/27/pid/181/qid/346835

(also shown at end of post.)

However, he did not leave a copy of his system.mdw file nor a login in the current system.mdw file with admin rights. There is also no backup of this as he did all the development on his personal laptop.

The mtsuser login should exist in his system.mdw file with true admin rights, but I don't have a PID to create it in my system.mdw and mtsuser as a PID did not work. I'm not sure if creating this user would even help though.

Thanks

-Joshua

ACCESS ONLINE ENCYCLOPEDIA Article Code: S2

ACCESS and security: The Anti-Hacking System
Problem


The workgroup file (&quot;MDW&quot contains all information about security settings, in particular usernames and passwords.
This information can be easily read by cheap ($ 50.00) hack programs, so the security system becomes senseless.

Solution

The only possibility to definitely close this security hole is in creating two MDW files for your application:
MDW 1 contains all user accounts including the administrators, MDW 2 contains no administrator accounts at all.
You deliver only MDW 2 with your application, MDW 1 stays on the development computer.

Side effects

1. In general you need at least one administrator for each application otherwise your clients can not relink backend tables or change security settings.
2. If you &quot;loose&quot; MDW 1 then you can no longer modify your Application.

Correction of the side effects

1. Integrate one administrator group into MDW 2 with one user whose name you can test with the &quot;currentuser&quot; function.

If the current user makes part of the administrator group then your application has to open a popup form that is limited to the appropriate functions &quot;relinking&quot; and &quot;user administration&quot;. This form has to be programmed in a way that the application is closed as soon as the form is closed (use the &quot;OnClose&quot; event.

2. Side effect 2: When have you done the last backup?

 

[thornmastr]

Obviously, your client wanted a secure system and by God he got one. What I find unique is that any mdw will work with this system. He’s just removed all rights to everything. Somewhere I’ve got an mdw buster program that can rip mdw/db security into little pieces. I’m just having a problem finding where I archived it. Even if I find it, because of legal restrictions, I can’t send it to you; at best, your client would have to be willing to send over your db; and that’s usually a bit iffy at best. The only other possibility that comes to mind, and the PID constraint might negate the idea totally…..but, do you think getting a standard system.mdw from an “uncontaminated” PC might possibly work; by definition that is going to have admin rights to an admin user. It’s an almost last ditch attempt, but, I’ve never had the “pleasure” of being confronted with this type of security before and never want to meet it personally. In the mean time, let me keep looking for my silly program. If I find something else worth mentioning in some other way, I will post back. Robert Berman
Data Base consultant
Vulcan Software Services
thornmastr@yahoo.com

 

[joshuar]

Robert,

I sent an e-mail to your yahoo account regarding this issue.

Thanks,

Joshua

 

[joshuar]

Robert,

Thanks for your help this and thanks for taking time to help a fellow programmer!

We were finally able to obtain the original mdw file from the former programmer in India and unlock the database, but I now know how to create a database that is near impossible to crack.

Thank you!

-Joshua

 

[thornmastr]

Josh,

I learned a lot from this one also, and commented on my notes “Perfect Security”. Of course I also left an underlined note which clearly states never to give it to a client.

What truly impressed me about this quagmire is that it is almost perfect and horribly easy to implement.

Hopefully the rest of your project will be both much easier and much more…..well…fun.

Take care.
Robert Berman
Data Base consultant
Vulcan Software Services
thornmastr@yahoo.com