FE Updater with user level security "BruceM" <bamoob[ at ]yawhodotcalm.not> 6/26/2007 1:30:04 PM I have been working on getting Tony Toews' AutoFE Updater to work. I have split the database successfully, and have implemented user-level sucurity. There are a few things about the Updater and its documentation I do not understand. I do not have any effective control over the macro security level at the individual workstations. The documentation says there may be some problems with the security level set to low. I'm not clear on whether this means using LowMacroSecurity at StartMethod in the ini file, or the setting specified at the workstation. The Secured Example.ini file supplied with the download shows the following: MDWFile=Q:\My Access directory\security.mdw MDWUser=AccountName MDWPassword=password Here is the ini file I put together: ***************** [Settings] MainApp=%appdata%\Access_FE\FileName.mdb Server=\\ServerName\DriveName\FolderName\NewFE StartMethod=AutoSelect WindowStyle=MaximizedFocus Lockout=No LockoutMsg=Sorry, not allowed into the system right now. SupportMsg=Please contact support ShortCutName=DatabaseName CreateShortCutOnDesktop=no CreateShortCutOnCommonDesktop=no MDWFile=\\ServerName\DriveName\FolderName\SecureMDW\SermSecureDB.mdw MDWUser=RecordKeeper MDWPassword=(Password is encrypted) MDWPasswordEncrypted=F52288E219E945836F37 CommandLine=/wrkgrp \\ServerName\DriveName\FolderName\SecureMDW\SermSecureDB.mdw ****************** I used the actual password when I first ran the file. Is MDWUser the same as CurrentUser in the secured database? The following is the desktop shortcut I am using to test (without the FE Updater): "C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE" "C:\Documents and Settings\BruceM\Application Data\Access_FE\FileName.mdb" /user RecordKeeper /wrkgrp \\ServerName\FolderName\SecureMDW\SecureDB.mdw When I double click the shortcut I am presented with a login dialog box that shows RecordKeeper and a blank box for the password. This works as expected. Regarding other users, I had somebody else run the StartMDB.exe file (from a shortcut to the server location), just to see what would happen. The result was the following error message: ************ 1042 - Null command line sent to utility. If you are using a shortcut the target in the shortcut hasn't been properly setup. If you are using a bat or cmd file then the line calling this utility hasn't been properly setup. It should be in the following format: StartMDB.exe /cmd /inifile:"z:\test\ini file name.ini" or StartMDB.exe /cmd /inifile:"\\server\sharename\ini file name.ini" ---------- -------------------- Internal error in utility attempting to open the INI file. ************ I have attempted to add an Executable= line to the ini file in accordance with the documentation, but the error message remains. Here is the line I added at the end of the ini file: Executable= \\ServerName\DriveName\FolderName\StartMDB.exe /cmd /inifile:\\ServerName\DriveName\FolderName\FE_Updater.ini Others have spoken highly of the AutoFE updater utility, so I must be missing something. I have studied the documentation and done lots of experimenting. I have also searched newsgroup postings. I posted here when I ran out of things to try.

Re: FE Updater with user level security "Tony Toews [MVP]" <ttoews[ at ]telusplanet.net> 6/26/2007 6:19:41 PM "BruceM" <bamoob[ at ]yawhodotcalm.not> wrote: [Quoted Text] >I do not have any effective control over the macro security level at the >individual workstations. This will be very much a pain as the users will keep getting the various message(s). >The documentation says there may be some problems >with the security level set to low. I'm not clear on whether this means >using LowMacroSecurity at StartMethod in the ini file, or the setting >specified at the workstation. This would be the setting specified at the work station. I only just recently added the LowMacroSecurity as an option. However that option has so many limitations that it's next to unusable. >I used the actual password when I first ran the file. Is MDWUser the same >as CurrentUser in the secured database? The following is the desktop >shortcut I am using to test (without the FE Updater): I'm not at all sure what the CurrentUser is when it comes to security. >Regarding other users, I had somebody else run the StartMDB.exe file (from a >shortcut to the server location), just to see what would happen. The result >was the following error message: First get the Auto FE Updater running on your system so it's created a shortcut with the appropriate target line. Then you copy that shortcut to the server and name it something like Click Me First for the YYYYY system. This then starts the Auto FE Updater running and it will create the shortcut on thier system. >I have attempted to add an Executable= line to the ini file in accordance >with the documentation, but the error message remains. Here is the line I >added at the end of the ini file: The Executable line is more for starting other programs such as the Sagekey scripts. >Others have spoken highly of the AutoFE updater utility, so I must be >missing something. I have studied the documentation and done lots of >experimenting. I have also searched newsgroup postings. I posted here when >I ran out of things to try. And you've got some good questions. Thanks for posting. Tony -- Tony Toews, Microsoft Access MVP Please respond only in the newsgroups so that others can read the entire thread of messages. Microsoft Access Links, Hints, Tips & Accounting Systems at http://www.granite.ab.ca/accsmstr.htm Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

Re: FE Updater with user level security "BruceM" <bamoob[ at ]yawhodotcalm.not> 6/26/2007 7:58:01 PM Thanks very much for the reply. I don't like the Medium security level because users tend to either routinely click No and lose functionality, or routinely click Yes so that the warning is effectively meaningless. Most users have no way of evaluating whether or not to allow code to run. Different users have different levels of control. It's a pain no matter what, but I don't think I'll convince anybody to pay for VeriSign or something like that. Who is MDWUser? I'm still not sorting that out. I did what you suggested and copied the new shortcut (the one that appeared on my desktop) to a network location, then had another user double click it. It came up with an error message about how the shortcut was pointing to a mapped drive letter when it should be using the UNC path. The drive letter it said I shouldn't be using was my drive letter for the network folder in which the new FE file and the ini file are located, but there is no drive letter in the ini file, nor is there one in the shortcut's properties. I used a UNC path for all file and folder locations, as far as I can tell. However, it did put the shortcut on the desktop. I edited it to replace the mapped drive letter with the UNC path, and it seems to work, although the users I usually recruit for such testing have gone for the day, so further investigating will have to wait until tomorrow. When I first ran the utility on my computer there was an error message about the shortcut (sorry, I neglected to record it). I removed spaces from the shortcut name, ran it again, and no problems, so I assume that if ShortCutName contains spaces in the ini file it would need quotes, same as the path. Thanks again for providing the utility in the first place, and for taking the time to respond to my questions. "Tony Toews [MVP]" <ttoews[ at ]telusplanet.net> wrote in message news:gml283dt0ld6hhu1d9hvjsnthttsomcu04[ at ]4ax.com... [Quoted Text] > "BruceM" <bamoob[ at ]yawhodotcalm.not> wrote: > >>I do not have any effective control over the macro security level at the >>individual workstations. > > This will be very much a pain as the users will keep getting the various > message(s). > >>The documentation says there may be some problems >>with the security level set to low. I'm not clear on whether this means >>using LowMacroSecurity at StartMethod in the ini file, or the setting >>specified at the workstation. > > This would be the setting specified at the work station. I only just > recently added > the LowMacroSecurity as an option. However that option has so many > limitations that > it's next to unusable. > >>I used the actual password when I first ran the file. Is MDWUser the same >>as CurrentUser in the secured database? The following is the desktop >>shortcut I am using to test (without the FE Updater): > > I'm not at all sure what the CurrentUser is when it comes to security. > >>Regarding other users, I had somebody else run the StartMDB.exe file (from >>a >>shortcut to the server location), just to see what would happen. The >>result >>was the following error message: > > First get the Auto FE Updater running on your system so it's created a > shortcut with > the appropriate target line. Then you copy that shortcut to the server > and name it > something like Click Me First for the YYYYY system. This then starts the > Auto FE > Updater running and it will create the shortcut on thier system. > >>I have attempted to add an Executable= line to the ini file in accordance >>with the documentation, but the error message remains. Here is the line I >>added at the end of the ini file: > > The Executable line is more for starting other programs such as the > Sagekey scripts. > >>Others have spoken highly of the AutoFE updater utility, so I must be >>missing something. I have studied the documentation and done lots of >>experimenting. I have also searched newsgroup postings. I posted here >>when >>I ran out of things to try. > > And you've got some good questions. > > Thanks for posting. > > Tony > -- > Tony Toews, Microsoft Access MVP > Please respond only in the newsgroups so that others can > read the entire thread of messages. > Microsoft Access Links, Hints, Tips & Accounting Systems at > http://www.granite.ab.ca/accsmstr.htm > Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

Re: FE Updater with user level security "Tony Toews [MVP]" <ttoews[ at ]telusplanet.net> 6/27/2007 1:40:28 AM "BruceM" <bamoob[ at ]yawhodotcalm.not> wrote: [Quoted Text] >Thanks very much for the reply. I don't like the Medium security level >because users tend to either routinely click No and lose functionality, or >routinely click Yes so that the warning is effectively meaningless. Most >users have no way of evaluating whether or not to allow code to run. >Different users have different levels of control. It's a pain no matter >what, but I don't think I'll convince anybody to pay for VeriSign or >something like that. I agree with you on this one. A2007 though has the trusted folder concept which should work quite well. And the A2007 runtime is free and just out as of yesterday. >Who is MDWUser? I'm still not sorting that out. Ah, ok. MDWUser is a user with no access to the MDB other than just to open it. I use that userid and password to determine what version of Access the MDB/MDE is and ensure that a version of Access is on the client system which can run the MDB/MDE. >I did what you suggested and copied the new shortcut (the one that appeared >on my desktop) to a network location, then had another user double click it. >It came up with an error message about how the shortcut was pointing to a >mapped drive letter when it should be using the UNC path. The drive letter >it said I shouldn't be using was my drive letter for the network folder in >which the new FE file and the ini file are located, but there is no drive >letter in the ini file, nor is there one in the shortcut's properties. I >used a UNC path for all file and folder locations, as far as I can tell. >However, it did put the shortcut on the desktop. I edited it to replace the >mapped drive letter with the UNC path, and it seems to work, although the >users I usually recruit for such testing have gone for the day, so further >investigating will have to wait until tomorrow. I'm a little confused as to how it could create a shortcut with a drive letter when you don't have a drive letter in your INI file. And I"m not sure if the message came from within the Auto FE Updater or your Access MDB/MDE. >When I first ran the utility on my computer there was an error message about >the shortcut (sorry, I neglected to record it). I removed spaces from the >shortcut name, ran it again, and no problems, so I assume that if >ShortCutName contains spaces in the ini file it would need quotes, same as >the path. Not quite sure on this one. >Thanks again for providing the utility in the first place, and for taking >the time to respond to my questions. You're quite welcome. Tony -- Tony Toews, Microsoft Access MVP Please respond only in the newsgroups so that others can read the entire thread of messages. Microsoft Access Links, Hints, Tips & Accounting Systems at http://www.granite.ab.ca/accsmstr.htm Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

Re: FE Updater with user level security "BruceM" <bamoob[ at ]yawhodotcalm.not> 6/27/2007 7:10:15 PM Thanks again. Are you saying that the MDWUser line and the Password line should be left just as they are? Or should they be an actual username and password from the mdw file? Yeah, I'm puzzled about the shortcut showing a mapped drive letter, but I haven't been able to take the time I should to really focus on this, so maybe I overlooked something. However, the error message was from the Auto FE Updater, as it showed a command button (grayed out) to open the ini file, and it showed the error message I put into the ini file. Anyhow, thanks again. It really is a cool utility. "Tony Toews [MVP]" <ttoews[ at ]telusplanet.net> wrote in message news:cqf3835ek4cecsj06h0m7rhe2d235o1pmf[ at ]4ax.com... [Quoted Text] > "BruceM" <bamoob[ at ]yawhodotcalm.not> wrote: > >>Thanks very much for the reply. I don't like the Medium security level >>because users tend to either routinely click No and lose functionality, or >>routinely click Yes so that the warning is effectively meaningless. Most >>users have no way of evaluating whether or not to allow code to run. >>Different users have different levels of control. It's a pain no matter >>what, but I don't think I'll convince anybody to pay for VeriSign or >>something like that. > > I agree with you on this one. A2007 though has the trusted folder concept > which > should work quite well. And the A2007 runtime is free and just out as of > yesterday. > >>Who is MDWUser? I'm still not sorting that out. > > Ah, ok. MDWUser is a user with no access to the MDB other than just to > open it. I > use that userid and password to determine what version of Access the > MDB/MDE is and > ensure that a version of Access is on the client system which can run the > MDB/MDE. > >>I did what you suggested and copied the new shortcut (the one that >>appeared >>on my desktop) to a network location, then had another user double click >>it. >>It came up with an error message about how the shortcut was pointing to a >>mapped drive letter when it should be using the UNC path. The drive >>letter >>it said I shouldn't be using was my drive letter for the network folder in >>which the new FE file and the ini file are located, but there is no drive >>letter in the ini file, nor is there one in the shortcut's properties. I >>used a UNC path for all file and folder locations, as far as I can tell. >>However, it did put the shortcut on the desktop. I edited it to replace >>the >>mapped drive letter with the UNC path, and it seems to work, although the >>users I usually recruit for such testing have gone for the day, so further >>investigating will have to wait until tomorrow. > > I'm a little confused as to how it could create a shortcut with a drive > letter when > you don't have a drive letter in your INI file. And I"m not sure if the > message > came from within the Auto FE Updater or your Access MDB/MDE. > >>When I first ran the utility on my computer there was an error message >>about >>the shortcut (sorry, I neglected to record it). I removed spaces from the >>shortcut name, ran it again, and no problems, so I assume that if >>ShortCutName contains spaces in the ini file it would need quotes, same as >>the path. > > Not quite sure on this one. > >>Thanks again for providing the utility in the first place, and for taking >>the time to respond to my questions. > > You're quite welcome. > > Tony > -- > Tony Toews, Microsoft Access MVP > Please respond only in the newsgroups so that others can > read the entire thread of messages. > Microsoft Access Links, Hints, Tips & Accounting Systems at > http://www.granite.ab.ca/accsmstr.htm > Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

Re: FE Updater with user level security "Tony Toews [MVP]" <ttoews[ at ]telusplanet.net> 6/28/2007 6:15:57 PM "BruceM" <bamoob[ at ]yawhodotcalm.not> wrote: [Quoted Text] >Thanks again. Are you saying that the MDWUser line and the Password line >should be left just as they are? Or should they be an actual username and >password from the mdw file? They should be an actual username and password unique to your setup. Note though that that account doesn't need any privileges to any objects. All it needs is enough permissions to open the MDB. >Yeah, I'm puzzled about the shortcut showing a mapped drive letter, but I >haven't been able to take the time I should to really focus on this, so >maybe I overlooked something. However, the error message was from the Auto >FE Updater, as it showed a command button (grayed out) to open the ini file, >and it showed the error message I put into the ini file. Then it's definitely an Auto FE Updater message. >Anyhow, thanks again. It really is a cool utility. You're quite welcome. Tony -- Tony Toews, Microsoft Access MVP Please respond only in the newsgroups so that others can read the entire thread of messages. Microsoft Access Links, Hints, Tips & Accounting Systems at http://www.granite.ab.ca/accsmstr.htm Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/