Share permissions on shared db: Everyone group full control

I am not finding a work around to this issue. Any network device connected to the same network as our ACT server (XP Pro OS) has full read/write access to all data in our shared db. Sage supports position on this security issue is that if they don't have ACT installed on their workstation, then they can't do anything w/ these files. Anybody that manages a network knows that this isn't an acceptable solution.

So, is there a way to use a group other than the Everyone group for the Full Control share permission to our shared DB?
RLAIncAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike LazarusAct! Evangelist - CRM ConsultantCommented:
Not sure what you're trying to do?

The ACT! users need full-control of the ACT! database folder, not the Everyone group
0
RLAIncAuthor Commented:
That is correct. ACT users do need full control. How ACT does this is by giving the group Everyone full control on the share permission. I cannot use any other group other than Everyone. I want to use a custom group which has all of my ACT users in it as the full control share.
0
Mike LazarusAct! Evangelist - CRM ConsultantCommented:
What happens when you try to use a custom group?
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

RLAIncAuthor Commented:
The below dialog box occurs:
"Cannot find database supplemental files folder (our database) files in this location (our ACT server). This could be a problem with the share, or the folder may not exist. Please contact the administrator of your database."

Note that the "shared" act database folder can be accessed via explorer and does have full read/write privileges to all data of the shared folder.

When the share permissions are changed to use the "Everyone" group, this error goes away.

 
0
Mike LazarusAct! Evangelist - CRM ConsultantCommented:
You should have full-control, not just read/write - http://tinyurl.com/5fzsbx

Are you on a Domain or a Workgroup?
If on a Domain, is the database on the DC?
0
RLAIncAuthor Commented:
- Domain, not workgorup.
- ACT server is not on a DC. Its an XP Pro workstation.
- I have seen the link. It states the below which is making me think there's no way around this issue w/out getting into the SQL db:

"It is recommended the user named Everyone have Full Control permissions to the shared folder. In some cases, it is necessary to add the specific names of the remote users to this Share Permissions list, to ensure that each domain user has Full Control of the shared folder."
0
Mike LazarusAct! Evangelist - CRM ConsultantCommented:
There are two sets of rights.  There is a set of rights on the folder and there is a set of rights on the share.  I think need to be set so that the group has access.

Failing that try adding the individual users and see if that works
0
RLAIncAuthor Commented:
I have tried that already. No worky :>(

Note: Setting it for individual users is not desired. I have a single point of managment setup style w/ permissions (heavy use of groups).
0
Mike LazarusAct! Evangelist - CRM ConsultantCommented:
Can you try it for some individual users as a test?

What folder is the database actually in?
0
RLAIncAuthor Commented:
For grins, I tried it using a user. No joy.

The folder resides on the ACT server itself (XP workstation).
0
Mike LazarusAct! Evangelist - CRM ConsultantCommented:
But what Path... if it's in My Docs, there can be issues like this.
If that's where it is, create a folder c:\ACT\Databases and use Backup, Restore, Restore As to move the database

Open the PAD file in Notepad and post the contents
0
RLAIncAuthor Commented:
It is not in My Documents. It's on a separate partition in its own folder.

I'll have to get back to you on the .pad contents. I am currently moving the server (it's a VM) to some beefier hardware to increase performance.

Note: If you want to know if the sharing is enabled by seeing that there is a HOST entry, it is. This was one of the trouble shooting tips that was given by Sage. I was hoping that this is where the group information is stored. It's not.
0
Mike LazarusAct! Evangelist - CRM ConsultantCommented:
I was thinking about changing the machine name in the PAD to the IP address.

With the share and folder security just one user, do it allow the user access logged in locally?

How about an Admin user (explicitly added) from a workstation?

How about Everyone in the folder security and only the needed users in the Share (and also in the folder with Everyone)?
0
RLAIncAuthor Commented:
- Good thinking on the IP. I tried that as well before posting. No joy.
- As for differnet share / security permission alternate configurations, I've tried all of what you suggested (and then some). Any configuration other than Everyone: Full Control on the share permission is no joy.

Am I the only one that has a problem w/ this? Does it make sense to not use the Everyone group?
0
Mike LazarusAct! Evangelist - CRM ConsultantCommented:
Can you try one other:
Everyone and a domain admin as security on the folder
Just domain admin on the share

Log in as domain admin

You didn't say if it has the problem when logging in locally on the server?
0
RLAIncAuthor Commented:
Not following on the logging on locally suggestion. It's local. It doesn't need to use the share. It access it directly from the folder on the partition (D:\ACT_DB).

I have to wait on the admin try (still copying the VM).
0
Mike LazarusAct! Evangelist - CRM ConsultantCommented:
Locally only uses the Folder permissions, not the Share... allows to see which is the issue
0
SStrozCommented:
RLAInc,

I think the "ACT! application" itself needs permission to the supplemental file folder - not individual users.  In other words, when ACT! starts, it needs to open the layout files, etc.  I don't think this is done at a user level but somewhere in the application level.

So if you could find a way to give the ACT7 SQL instance and .net access to that folder you might have better luck.

Good luck

Steve
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mike LazarusAct! Evangelist - CRM ConsultantCommented:
I don't think so, Steve. Those services use the Local System account and have access to everything on the local machine
0
RLAIncAuthor Commented:
My apologies for this being open for so long. I still have this as an open issue for us although its not a top priority. GLComputing, you've been the most help on this question. If you are comfortable leaving this open, let me know. Otherwise I'll just award you the points and close this question.
0
Mike LazarusAct! Evangelist - CRM ConsultantCommented:
Fine by me, I guess.

What's the current status?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ACT

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.