"JeffP" <no-reply (AT) asken (DOT) com.au> wrote:

Convert the ACCDB file to an MDB file. Then rename the file as an ACCDB file and
continue to use ULS. (Note that I haven't tired this. )

<smirk>

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/

On 5/28/10 4:24 PM, David W. Fenton wrote:
I am no Windows security expert and would welcome any corrections.

I've been under the impression that there is a distinction between AD
and NTFS security in that AD is centrally administered by a Domain
Controller whereas NTFS settings is local to the computer and basically
works on a peer-to-peer basis. In practical terms, Local groups can be
trumped upon by any other administrators of the same computer whereas
the local administrator cannot supersede the AD's setting if the local
administrator isn't also the Domain Admin. Furthermore, I believe one
could create two local group with identical names on two computers but
they wouldn't be the same group as they would be under AD. All in all,
because this is a peer-to-peer environment, we're stuck "trusting" the
other peer to do good, and that's a bad thing in terms of security.

I _think_ it'll work OK as mean of sharing files on a share folder since
it would be dependent on that host computer which other local
administrator wouldn't be also the administrator and cannot supersede
the settings by that share folder's local administrator, but as an
access control, I'm not sure if it'll resist a privilege escalation,
especially for the front-end file that is stored on the local hard drive
and thus subject to the full jurisdiction of the local administrator.

So all in all, security using AD would be more effective than trusting
the peers, I'd think.

Banana <Banana (AT) Republic (DOT) com> wrote in
news:4C03C2CE.7040105 (AT) Republic (DOT) com:

Yes and no. If a computer has joined a domain and you logged onto
the domain, the security is domain-based. If you logged onto the
local computer (instead of the domain, as would be the default for a
computer that's a member of a domain), you are not.

If you're logged onto the local computer instead of the domain, AD
won't be available.

I don't know what you're talking about, since it seems you have a
wrong model of NTFS security in regard to domain logons vs. local
logons.

I was not comparing AD to logging onto a local machine and using
peer-to-peer networking, but to a domain logon. A domain logon gives
you access to the domain security groups, just as AD does. The only
difference between AD and a NTFS domain logon's security is that AD
offers some organizational tools that NTFS security by itself lacks,
and different interfaces.

This is all *really* basic NTFS security, and I'm surprised once
again that skilled Access developers seem to understand so little
about it.

--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/