Solved

Share permissions on shared db: Everyone group full control

Posted on 2008-10-17
21
1,096 Views
Last Modified: 2012-05-05
I am not finding a work around to this issue. Any network device connected to the same network as our ACT server (XP Pro OS) has full read/write access to all data in our shared db. Sage supports position on this security issue is that if they don't have ACT installed on their workstation, then they can't do anything w/ these files. Anybody that manages a network knows that this isn't an acceptable solution.

So, is there a way to use a group other than the Everyone group for the Full Control share permission to our shared DB?
0
Comment
Question by:RLAInc
  • 11
  • 9
21 Comments
 
LVL 30

Expert Comment

by:Mike Lazarus
ID: 22747033
Not sure what you're trying to do?

The ACT! users need full-control of the ACT! database folder, not the Everyone group
0
 

Author Comment

by:RLAInc
ID: 22758315
That is correct. ACT users do need full control. How ACT does this is by giving the group Everyone full control on the share permission. I cannot use any other group other than Everyone. I want to use a custom group which has all of my ACT users in it as the full control share.
0
 
LVL 30

Expert Comment

by:Mike Lazarus
ID: 22762514
What happens when you try to use a custom group?
0
 

Author Comment

by:RLAInc
ID: 22768788
The below dialog box occurs:
"Cannot find database supplemental files folder (our database) files in this location (our ACT server). This could be a problem with the share, or the folder may not exist. Please contact the administrator of your database."

Note that the "shared" act database folder can be accessed via explorer and does have full read/write privileges to all data of the shared folder.

When the share permissions are changed to use the "Everyone" group, this error goes away.

 
0
 
LVL 30

Expert Comment

by:Mike Lazarus
ID: 22768849
You should have full-control, not just read/write - http://tinyurl.com/5fzsbx

Are you on a Domain or a Workgroup?
If on a Domain, is the database on the DC?
0
 

Author Comment

by:RLAInc
ID: 22768878
- Domain, not workgorup.
- ACT server is not on a DC. Its an XP Pro workstation.
- I have seen the link. It states the below which is making me think there's no way around this issue w/out getting into the SQL db:

"It is recommended the user named Everyone have Full Control permissions to the shared folder. In some cases, it is necessary to add the specific names of the remote users to this Share Permissions list, to ensure that each domain user has Full Control of the shared folder."
0
 
LVL 30

Expert Comment

by:Mike Lazarus
ID: 22769730
There are two sets of rights.  There is a set of rights on the folder and there is a set of rights on the share.  I think need to be set so that the group has access.

Failing that try adding the individual users and see if that works
0
 

Author Comment

by:RLAInc
ID: 22769760
I have tried that already. No worky :>(

Note: Setting it for individual users is not desired. I have a single point of managment setup style w/ permissions (heavy use of groups).
0
 
LVL 30

Expert Comment

by:Mike Lazarus
ID: 22769776
Can you try it for some individual users as a test?

What folder is the database actually in?
0
 

Author Comment

by:RLAInc
ID: 22770182
For grins, I tried it using a user. No joy.

The folder resides on the ACT server itself (XP workstation).
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 30

Expert Comment

by:Mike Lazarus
ID: 22770253
But what Path... if it's in My Docs, there can be issues like this.
If that's where it is, create a folder c:\ACT\Databases and use Backup, Restore, Restore As to move the database

Open the PAD file in Notepad and post the contents
0
 

Author Comment

by:RLAInc
ID: 22770316
It is not in My Documents. It's on a separate partition in its own folder.

I'll have to get back to you on the .pad contents. I am currently moving the server (it's a VM) to some beefier hardware to increase performance.

Note: If you want to know if the sharing is enabled by seeing that there is a HOST entry, it is. This was one of the trouble shooting tips that was given by Sage. I was hoping that this is where the group information is stored. It's not.
0
 
LVL 30

Expert Comment

by:Mike Lazarus
ID: 22770394
I was thinking about changing the machine name in the PAD to the IP address.

With the share and folder security just one user, do it allow the user access logged in locally?

How about an Admin user (explicitly added) from a workstation?

How about Everyone in the folder security and only the needed users in the Share (and also in the folder with Everyone)?
0
 

Author Comment

by:RLAInc
ID: 22770508
- Good thinking on the IP. I tried that as well before posting. No joy.
- As for differnet share / security permission alternate configurations, I've tried all of what you suggested (and then some). Any configuration other than Everyone: Full Control on the share permission is no joy.

Am I the only one that has a problem w/ this? Does it make sense to not use the Everyone group?
0
 
LVL 30

Expert Comment

by:Mike Lazarus
ID: 22770545
Can you try one other:
Everyone and a domain admin as security on the folder
Just domain admin on the share

Log in as domain admin

You didn't say if it has the problem when logging in locally on the server?
0
 

Author Comment

by:RLAInc
ID: 22770854
Not following on the logging on locally suggestion. It's local. It doesn't need to use the share. It access it directly from the folder on the partition (D:\ACT_DB).

I have to wait on the admin try (still copying the VM).
0
 
LVL 30

Expert Comment

by:Mike Lazarus
ID: 22770932
Locally only uses the Folder permissions, not the Share... allows to see which is the issue
0
 
LVL 7

Accepted Solution

by:
SStroz earned 500 total points
ID: 22855452
RLAInc,

I think the "ACT! application" itself needs permission to the supplemental file folder - not individual users.  In other words, when ACT! starts, it needs to open the layout files, etc.  I don't think this is done at a user level but somewhere in the application level.

So if you could find a way to give the ACT7 SQL instance and .net access to that folder you might have better luck.

Good luck

Steve
0
 
LVL 30

Expert Comment

by:Mike Lazarus
ID: 22855480
I don't think so, Steve. Those services use the Local System account and have access to everything on the local machine
0
 

Author Comment

by:RLAInc
ID: 23795232
My apologies for this being open for so long. I still have this as an open issue for us although its not a top priority. GLComputing, you've been the most help on this question. If you are comfortable leaving this open, let me know. Otherwise I'll just award you the points and close this question.
0
 
LVL 30

Expert Comment

by:Mike Lazarus
ID: 23798337
Fine by me, I guess.

What's the current status?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Outlook PST periodically gets locked 10 456
ACT 2005 and Win 7 64 Bit 2 561
Searchable product management application 6 698
Extract data from ACT! file 2 1,319
Microsoft have a hotfix for Windows systems that will improve application that uses UTC dates and times - including Outlook, the Windows Event Viewer and many third-party applications. Most date and time stamps that are created and displayed in W…
With users like the Professional Sales Road Warriors that made up much of ACT!'s early user base to field service technicians, trades-people, telecommuters who work from home, remote offices and others who need access to their data while out of the …
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now