Security in a Terminal Services Environment

[hawk_2001 via AccessMonster.com]

Forgive me if this is an elementary question. I am still very green with
Access.

I am trying to implement security (through the built-in Microsoft Access
wizard) in a terminal services environment. We currently use 4 separate
servers, each having a licensed copy of Access loaded onto it.

I have studied up on the "Microsoft Access Security FAQ" as well as other
sources, and feel I have a decent understanding of how security is designed
to work. My Groups, Users, etc. have been set up, and permissions assigned.


My problem is this -- each user in our active directory has their own
specific default "path" to the workgroup.

I want to be able to implement security across our network (for all Access
databases) without having to change each users default "path" in each server.


Is this possible?

I have been reading this forum and keep seeing that in a terminal services
environment, every user shuld have thier own copy of the front-end database.
I would like to avoid doing this, if possible.

Thanks for your help.

 

[Rick Brandt]

Forgive me if this is an elementary question. I am still very green
with Access.

I am trying to implement security (through the built-in Microsoft
Access wizard) in a terminal services environment. We currently use
4 separate servers, each having a licensed copy of Access loaded onto
it.

And all your users have Access licenses as well right?

I have studied up on the "Microsoft Access Security FAQ" as well as
other sources, and feel I have a decent understanding of how security
is designed to work. My Groups, Users, etc. have been set up, and
permissions assigned.

Access ULS security is an ADVANCED Access topic that almost nobody gets
correct on the first few tries. If you are actually "green" to Access in
general then you are most likely over your head with security. The biggest
test is to try opening the file without using the secure workgroup. In most
cases for people trying security for the first time it will open right up.
If it does then you messed up.

My problem is this -- each user in our active directory has their own
specific default "path" to the workgroup.

You can set up a shortcut that specifies a workgroup that is not the user's
default. If all users have such a shortcut then it doesn't matter where
their default workgroup is located. Generally speaking it is best to not
muck around with default workgroup settings. Just leave people joined to
System.mdw and use a shortcut as described for secure files. The shortcut
would have the format...

"Path to MSAccess.EXE" /wrkgrp "Path to workgroup" "Path to MDB"

I want to be able to implement security across our network (for all
Access databases) without having to change each users default "path"
in each server.


Is this possible?

I have been reading this forum and keep seeing that in a terminal
services environment, every user shuld have thier own copy of the
front-end database. I would like to avoid doing this, if possible.

You can avoid it but you will almost certainly corrupt your file if you do.
I suggest LOTS of backups if you persue that strategy.

 

[hawk_2001 via AccessMonster.com]

I appreciate the advice. I will continue studying Access security until I am
100% certain that I have it right. (There's too much at stake if it is
implemented incorrectly.)

Thanks again.

 

[Alan]

I appreciate the advice.  I will continue studying Access security untilI am
100% certain that I have it right.  (There's too much at stake if it is
implemented incorrectly.)  

Thanks again.

Hi,

Don't worry about the mdb file corruption too much. There is a tool
called Advanced Access Repair. I have used it to repair many corrupt
Access MDB files on my damaged disks successfully. Its homepage is
http://www.datanumen.com/aar/ This information might be useful.

Alan

 

[Joan Wild]

Hi,

Don't worry about the mdb file corruption too much. There is a tool
called Advanced Access Repair. I have used it to repair many corrupt
Access MDB files on my damaged disks successfully. Its homepage is
http://www.datanumen.com/aar/ This information might be useful.

Alan

You should at least identify yourself as working for them; your testimony implies otherwise.

 

[Tony Toews [MVP]]

Don't worry about the mdb file corruption too much. There is a tool
called Advanced Access Repair. I have used it to repair many corrupt
Access MDB files on my damaged disks successfully. Its homepage is
http://www.datanumen.com/aar/ This information might be useful.

Alan

1) As Joan states you are an employee/owner of that company. Such
postings by yourself are quite unethical.

2) If you were indeed a legitimate poster I would strongly suggest you
find out why all these many corruptions were happening.

See the Microsoft Access Corruption FAQ at
http://www.granite.ab.ca/access/corruptmdbs.htm

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/