Re: Recording WIF users against their entries

"ManningFan" <manningfan@xxxxxxxxx> wrote in message
news:1156960962.134087.166560@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Arno - Your advice is... well... Worthless. But thanks for playing.

Talk about calling the kettle black here. What you talking about?

The user stated that they are using workgroup files, and assign logons to
ms-access users...

WILBY...! CurrentUser returns "Admin" most of the time.

Again, talk about worthless advice. Did you not bother to read the post? If
you assigning user names, then IT WILL BE A COLD DAY IN HELL THAT THE LOGON
name will be Admin. IT WILL NOT BE "AMDIN" MOST OF THE TIME. It be a very
rare event. So, now, who exactly is giving useless advice here?

If fact, if the user has secured the workgroup file correctly, then likely
the admin logon has little, or no privileges. Don't confuse the admin logon
with that of admins "group" privileges.

Further, the suggesting to use environment valuables is not a very good one.
Batch files, windows start-up settings and even USERS can edit/change the
environment values. You are aware that you can go right click on "my
computer". Click on the advanced tab, and at the bottom you will a button to
"edit" environment variables.

In other words, a user can create a logon environment value, and IT WILL
HAVE NO RELATION TO THAT ACTUAL windows logon.

And, the advice about using scripts is also really good, as many companies
do lock down their computers..and do not allow the use of windows scripts.

So, what is left if you need to grab the windows user logon?

Well, as mentioned, if users have password windows logons, the use of
environment variables is not very good, as any user can go and use the above
advice to create a environment value and assigning it ANY VALUE they want.

So, your environment value in this case will NOT match the windows logon.

The recommend solution is to use the windows user api. ms-access examples
can be found here:

You can get the current network logon name with:

http://www.mvps.org/access/api/api0008.htm

And, the current computer name with:

http://www.mvps.org/access/api/api0009.htm

And, if using ms-access security, then currentuser() will return the
ms-access logon.

I often log all 3 of the above values in some applications.

So, not only is your advice 100% wrong on what value currentuser() will
return IN THIS CASE!!!, the advice to use scripts is not very good either.
and, father, the advice to use environment values is also not very good, as
once again they can be changed. I can change my environment values to your
user logon...but, if I don't have your password, I certainly can't log on as
you. So, using the above api's are faster, more reliable (they will work all
the way back to windows 95, and also work in windows Vista - that can't be
said for environment variables). And, not only are the api's time and tested
over the last 10 years, they are also not subject to tampering with as
compared to environment values

So, as I read your response, it is fine that you made a mistake, or perhaps
did not realise that the person was using workgroup files (you should be big
enough to just simply admit you made mistake). However, your other two
pieces of advice (using scripts), and using environment values are also of
dubious value, and especially so when MUCH better choices such as the api's
exist.

What not just admit you make a mistake here, and the advice you gave was
really not very good here?

Or, if you have better information, please explain to me how, or why that
"most of the time" currentUser() will return admin when using a secured
application ?

I am all open to learning here....and you should also address the issue that
environment values can be easily changed, where the above api's cannot be
tampered with...

This newsgroup is a great place to learn new things...you just have to be
more open to the suggestions here...

--
Albert D. Kallal (Access MVP)
Edmonton, Alberta Canada
pleaseNOOSpamKallal@xxxxxxx


.

Relevant Pages

  • Re: XP Pro doesnt like 2000 domain
    ... >All Windows XP clients should point to an internal DNS ... >How to Enable User Environment Debug Logging in Retail ... >Description of the Windows XP Professional Fast Logon ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Cannot run a command process from a Windows Service
    ... they have no access to the logon user profile nor do they have access to ... explicitly load the user profile using the Win32 "LoadUserProfile" ... they have their own environment block associated with the process. ... therefore I suggest you to find an alternative for a windows service. ...
    (microsoft.public.dotnet.languages.csharp)
  • sp2 deployment: Security Center window at the first logon
    ... we've almost finished with sp2 deployment preparation for our environment ... after the last reboot users should logon as usually. ... logon they are presented with the Security Center window - we don't need it, ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Smart Card Log-in
    ... >There is a white paper about enabling 3rd party CAs for ... SC logon. ... >> disabled in a purely Win2K environment. ... >> Well if you do use the Win2K smart card based logon it ...
    (microsoft.public.win2000.security)
  • Re: logining to more than one workstation at once
    ... your environment and log on to it without any problems. ... This utility will prevent a user from logging on to multiple computers. ... User Account - the Account Tab - where you can tell AD during which times ... and onto what machines each user is allowed to logon. ...
    (microsoft.public.win2000.active_directory)