Access isn't a server product, so I moved this post into the correct forum.
In answer to your question, take a look at the GetUserName API
"Lisa, in this house, we obey the laws of thermodynamics!" - Homer Simpson
"I have my standards. They may be low, but I have them!" - Bette Middler
"It's a book about a Spanish guy named Manual. You should read it." - Dilbert
1) A Power User can change Environmental Variables outright in "My Computer" properties - entirely insecure.
2) I didn't peak at the API code posted; I have a set of functions that will cope with earlier versions of windows (Pre "NT" based OS store the ID of the logged user in a different place in the registry) based on a single function call if interested.
3) I wholeheartedly agree with making the authentication behind the scenes - the less a potential hacker knows about, the better.
4) OS Login based authentication is only marginally effective if is it not paired with a timeout function.