Page 1 of 4 123 ... LastLast
Results 1 to 15 of 52
  1. #1
    Join Date
    Jun 2004
    Posts
    10

    Unanswered: GetNTUser() and Active directory services?

    Hi,

    I currently have a number of Access databases in a WIndows NT 4 environment (using Access '97) which automatically pick up the users login ID using the following API call:

    Private Declare Function GetUserName Lib "advapi32.dll" Alias _
    "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long

    We are soon upgrading to Windows XP, Office 2003 with Active directory services. My question is will this still return the users ID when using ADS?

    Thanks,

    Brian

  2. #2
    Join Date
    Mar 2003
    Location
    The Bottom of The Barrel
    Posts
    6,102
    Provided Answers: 1
    Yes it will .
    oh yeah... documentation... I have heard of that.

    *** What Do You Want In The MS Access Forum? ***

  3. #3
    Join Date
    Dec 2004
    Location
    Madison, WI
    Posts
    3,926

    GetUser

    If it doesn't, you can try the attachment which has worked very well for me.
    Attached Files Attached Files
    Expert Database Programming
    MSAccess since 1.0, SQL Server since 6.5, Visual Basic (5.0, 6.0)

  4. #4
    Join Date
    Jun 2004
    Posts
    10
    Great - thanks guys.

  5. #5
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    If I have understood correctly, another solution would be to use:

    Code:
    Session("Username")
    This selects the windows logon ID. Might be useful *shrugs*

    -GeorgeV

  6. #6
    Join Date
    Dec 2004
    Location
    Madison, WI
    Posts
    3,926
    I guess the question would be how secure it would be. I know the routine I developed has passed many security tests, works very well, and is very easy to setup. But it's up for you to decide.
    Expert Database Programming
    MSAccess since 1.0, SQL Server since 6.5, Visual Basic (5.0, 6.0)

  7. #7
    Join Date
    Jul 2002
    Location
    Island of Dots
    Posts
    316
    You can also use: Environ$("Username")

  8. #8
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Environ, that's probably what I meant.

    Or does Session work too?
    I forget :P

  9. #9
    Join Date
    Mar 2003
    Location
    The Bottom of The Barrel
    Posts
    6,102
    Provided Answers: 1
    Environ$() is insecure. I would not recommend using it.
    oh yeah... documentation... I have heard of that.

    *** What Do You Want In The MS Access Forum? ***

  10. #10
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Why so?

    I thought they both had their flaws in security but that was purely because it was based on NT logon?
    George
    Home | Blog

  11. #11
    Join Date
    Oct 2002
    Location
    Leicester - UK
    Posts
    820
    i think it's possible to create a memory resident program that intercepts the Environ call and feeds it's own value instead of the real username. doing it directly though is much harder to spoof without rewritting the windows API
    Definition of a Beginner, Someone who doesn't know the rules.

    Definition of an Expert, Someone who knows when to ignore the rules.

  12. #12
    Join Date
    Jul 2002
    Location
    Island of Dots
    Posts
    316
    If you're that worried about security then you'd be a fool to be only using the username as a method of authentication.
    Last edited by bcass; 01-25-07 at 14:08.

  13. #13
    Join Date
    Mar 2003
    Location
    The Bottom of The Barrel
    Posts
    6,102
    Provided Answers: 1
    If you're going through the trouble of pulling a username you'd be a fool to use a method that's easier to spoof.
    oh yeah... documentation... I have heard of that.

    *** What Do You Want In The MS Access Forum? ***

  14. #14
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    Quote Originally Posted by bcass
    If you're that worried about security then you'd be a fool to be only using the username as a method of authentication.
    Ive always felt that its perfectly acceptable, in a managed network environment to use the windows logon within Access. why?
    the user has already authenticated themselves to the network usign the network logon, so there is no need to reauthenticate or request passwords. If the data is heal don a central server, then if the network is down, then its unlikely they can access remote data aswell. The only time this has been a problem is when the users want to use local data as well as remote...

    besides which its the preferred route these days on a SQL installation

    side advantages are
    ..your users do not have to create yet another user ID & password combination, they don't have to change their Access / Data password periodically.. its very difficult to force a password change within access. its a piece of proverbiual under the network
    ..you dont have to worry if the user has created a sensible password (ie mix of numbers, letters etc).. thats handled by the network logon.
    ..its very difficult for the average corporate hacker / (ab)user to break such a password.. Access security is OK, but I wouldn't want to use it to store sensitive data.
    ...when your network admins update the Office installaiton they undoubably will nuke the settings, meaning that users may well loose their system.mdw
    ...errant users/developers wont nuke settigns in the workgroup file that could casue serious problems.. Ive seen people take out other settigns /users as they weren't required for thier application.
    you can if you wish implemement a userid /ip address / machine name compbination vettign scheme if required

    but the biggest reason in my books is its transparent..the user doens't even need to see they have been authenticated.. it easier for them (no more extra bits of passwords. How often have you found the little black book adjacent to the workstation, or post it notes all over the monitor with all the userid/password combinations for each system the user has access to.
    I'd rather be riding on the Tiger 800 or the Norton

  15. #15
    Join Date
    Jul 2002
    Location
    Island of Dots
    Posts
    316
    Quote Originally Posted by healdem
    Ive always felt that its perfectly acceptable, in a managed network environment to use the windows logon within Access. why?
    the user has already authenticated themselves to the network usign the network logon, so there is no need to reauthenticate or request passwords.
    That was sort of my point. In the environments I've developed in too, fairly stringent authentication was already in place just to access the network, so the use of faking the Environ$ would be pretty feeble anyway.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •