473,577 Members | 3,302 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

verify windows password?

I've got an application running with table-based security: i capture
the user's windows login with fOsusername, then have them enter a
password checked against their username/login in my own table. The
problem is, they can't remember the passwords they've created, and I
spend more time than I want to resetting.

Here's what I'd LIKE to have happen: when the user opens the
application (Access2k), a dialog box appears with the windows login
name of the currently-logged in user (I can do this part), and they
have to enter their WINDOWS password, which some windows api verifies
for me so I can allow or not allow them in.

Is there a way for windows to verify the password for me? I can't
seem to find anything on this; all I get are directions to
fOsusername, which is only the first half of my battle.

Thanks for any help you can give me.

Jun 11 '07 #1
30 6952

"diane" <di***********@ verizon.netschr eef in bericht news:11******** **************@ p77g2000hsh.goo glegroups.com.. .
I've got an application running with table-based security: i capture
the user's windows login with fOsusername, then have them enter a
password checked against their username/login in my own table. The
problem is, they can't remember the passwords they've created, and I
spend more time than I want to resetting.

Here's what I'd LIKE to have happen: when the user opens the
application (Access2k), a dialog box appears with the windows login
name of the currently-logged in user (I can do this part), and they
have to enter their WINDOWS password, which some windows api verifies
for me so I can allow or not allow them in.

Is there a way for windows to verify the password for me? I can't
seem to find anything on this; all I get are directions to
fOsusername, which is only the first half of my battle.

Thanks for any help you can give me.
What's the use ??
If they are allowed to the program when 'properly' logged on in Windows, then why bother ??
Are you concerned about users using 'other persons' workstation ??
What when they leave the program open when they are gone for lunch ??
The problem is, they can't remember the passwords they've created,
If they can remember the Windows password ... then let the users deal with his/hers password.
I mean: Use the Windows-logon-password in your table and let the user change the password.
(e.g. when they are forced to renew the password.)
But:
What's the use ??

Arno R

Jun 11 '07 #2
On Jun 11, 1:29 pm, "Arno R" <arracomn_o_s_p _...@planet.nlw rote:
"diane" <diane.pitt...@ verizon.netschr eef in berichtnews:11* *************** ******@p77g2000 hsh.googlegroup s.com...


I've got an application running with table-based security: i capture
the user's windows login with fOsusername, then have them enter a
password checked against their username/login in my own table. The
problem is, they can't remember the passwords they've created, and I
spend more time than I want to resetting.
Here's what I'd LIKE to have happen: when the user opens the
application (Access2k), a dialog box appears with the windows login
name of the currently-logged in user (I can do this part), and they
have to enter their WINDOWS password, which some windows api verifies
for me so I can allow or not allow them in.
Is there a way for windows to verify the password for me? I can't
seem to find anything on this; all I get are directions to
fOsusername, which is only the first half of my battle.
Thanks for any help you can give me.

What's the use ??
If they are allowed to the program when 'properly' logged on in Windows, then why bother ??
Are you concerned about users using 'other persons' workstation ??
What when they leave the program open when they are gone for lunch ??
The problem is, they can't remember the passwords they've created,

If they can remember the Windows password ... then let the users deal with his/hers password.
I mean: Use the Windows-logon-password in your table and let the user change the password.
(e.g. when they are forced to renew the password.)
But:
What's the use ??

Arno R- Hide quoted text -

- Show quoted text -

The use seems quite obvius to me. He wants user level security but
wants the password and id for ecah user to be the users windows login
id/password. A rather easy concept IMHO.
Jun 11 '07 #3
On Jun 11, 1:29 pm, "Arno R" <arracomn_o_s_p _...@planet.nlw rote:
"diane" <diane.pitt...@ verizon.netschr eef in berichtnews:11* *************** ******@p77g2000 hsh.googlegroup s.com...
I've got an application running with table-based security: i capture
the user's windows login with fOsusername, then have them enter a
password checked against their username/login in my own table. The
problem is, they can't remember the passwords they've created, and I
spend more time than I want to resetting.
Here's what I'd LIKE to have happen: when the user opens the
application (Access2k), a dialog box appears with the windows login
name of the currently-logged in user (I can do this part), and they
have to enter their WINDOWS password, which some windows api verifies
for me so I can allow or not allow them in.
Is there a way for windows to verify the password for me? I can't
seem to find anything on this; all I get are directions to
fOsusername, which is only the first half of my battle.
Thanks for any help you can give me.

What's the use ??
If they are allowed to the program when 'properly' logged on in Windows, then why bother ??
Are you concerned about users using 'other persons' workstation ??
What when they leave the program open when they are gone for lunch ??
The problem is, they can't remember the passwords they've created,

If they can remember the Windows password ... then let the users deal with his/hers password.
I mean: Use the Windows-logon-password in your table and let the user change the password.
(e.g. when they are forced to renew the password.)
But:
What's the use ??

Arno R
I am in fact concerned about people using others' workstations--this
is a pretty sensitive application. I am also concerned with
appearance--users feel more confident that an application is secure
when they have to enter a password, and these users pay my
salary! :) But whether of not you think what I want to do is
"useless," what I'm interested in is, can it be done?

Jun 11 '07 #4
diane wrote:
I am in fact concerned about people using others' workstations--this
is a pretty sensitive application. I am also concerned with
appearance--users feel more confident that an application is secure
when they have to enter a password, and these users pay my
salary! :) But whether of not you think what I want to do is
"useless," what I'm interested in is, can it be done?
It is true that if a user is silly enough to log onto Windows and the
company network and then walk away from their PC that someone else could
walk up to that PC, open your application, and then be able to access stuff
that they should not.

BUT...
Wouldn't a user silly enough to do that also be silly enough to open your
app, log onto it using your home-cooked security, and then walk away from
his PC, creating the exact same situation? I fail to see how adding another
password verification really accomplishes anything beyond just using the
Windows user name that you already have.

Most IT Security people would consider ANYTHING that asks a user for his
Windows password other than the OS itself to be a BIG security problem.
Your application would then be free to do anything with that information.
You are creating a security problem, not solving one if you go this route.
--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com
Jun 11 '07 #5
It is true that if a user is silly enough to log onto Windows and the
company network and then walk away from their PC that someone else could
walk up to that PC, open your application, and then be able to access stuff
that they should not.

BUT...
Wouldn't a user silly enough to do that also be silly enough to open your
app, log onto it using your home-cooked security, and then walk away from
his PC, creating the exact same situation? I fail to see how adding another
password verification really accomplishes anything beyond just using the
Windows user name that you already have.

Most IT Security people would consider ANYTHING that asks a user for his
Windows password other than the OS itself to be a BIG security problem.
Your application would then be free to do anything with that information.
You are creating a security problem, not solving one if you go this route.

--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com
One, re the "silly user" issue: Our users remain logged in to their
machines all day and are in & out of their offices. I am mostly
concerned with making sure their secretaries or underlings are not
given the opportunity to walk in & open the application and view
sensitive data. My users are sufficiently concerned with the privacy
of this data to make sure that they do not leave the application open
on the desktop when they walk away, and they don't use it every day in
any case.

Two, re Windows security: I'm not trying to GET the users' passwords,
only to verify that they have entered them correctly. Other
applications do this all the time--for example, our third-party IM
client asks for the user's windows password to log in.

Regardless, I feel comfortable with my ability to decide WHAT I want
to do. I'm still looking for help with HOW TO DO IT.

Thank you.

Jun 11 '07 #6
On Jun 11, 2:12 pm, diane <diane.pitt...@ verizon.netwrot e:
It is true that if a user is silly enough to log onto Windows and the
company network and then walk away from their PC that someone else could
walk up to that PC, open your application, and then be able to access stuff
that they should not.
BUT...
Wouldn't a user silly enough to do that also be silly enough to open your
app, log onto it using your home-cooked security, and then walk away from
his PC, creating the exact same situation? I fail to see how adding another
password verification really accomplishes anything beyond just using the
Windows user name that you already have.
Most IT Security people would consider ANYTHING that asks a user for his
Windows password other than the OS itself to be a BIG security problem.
Your application would then be free to do anything with that information.
You are creating a security problem, not solving one if you go this route.
--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com

One, re the "silly user" issue: Our users remain logged in to their
machines all day and are in & out of their offices. I am mostly
concerned with making sure their secretaries or underlings are not
given the opportunity to walk in & open the application and view
sensitive data. My users are sufficiently concerned with the privacy
of this data to make sure that they do not leave the application open
on the desktop when they walk away, and they don't use it every day in
any case.

Two, re Windows security: I'm not trying to GET the users' passwords,
only to verify that they have entered them correctly. Other
applications do this all the time--for example, our third-party IM
client asks for the user's windows password to log in.

Regardless, I feel comfortable with my ability to decide WHAT I want
to do. I'm still looking for help with HOW TO DO IT.

Thank you.- Hide quoted text -

- Show quoted text -
One could easliy write a routine that closes a database after a given
period of inactivity to resolve the idiot user syndrome...

Jun 11 '07 #7

"diane" <di***********@ verizon.netschr eef in bericht news:11******** **************@ k79g2000hse.goo glegroups.com.. .
On Jun 11, 1:29 pm, "Arno R" <arracomn_o_s_p _...@planet.nlw rote:
>"diane" <diane.pitt...@ verizon.netschr eef in berichtnews:11* *************** ******@p77g2000 hsh.googlegroup s.com...
I've got an application running with table-based security: i capture
the user's windows login with fOsusername, then have them enter a
password checked against their username/login in my own table. The
problem is, they can't remember the passwords they've created, and I
spend more time than I want to resetting.
Here's what I'd LIKE to have happen: when the user opens the
application (Access2k), a dialog box appears with the windows login
name of the currently-logged in user (I can do this part), and they
have to enter their WINDOWS password, which some windows api verifies
for me so I can allow or not allow them in.
Is there a way for windows to verify the password for me? I can't
seem to find anything on this; all I get are directions to
fOsusername, which is only the first half of my battle.
Thanks for any help you can give me.

What's the use ??
If they are allowed to the program when 'properly' logged on in Windows, then why bother ??
Are you concerned about users using 'other persons' workstation ??
What when they leave the program open when they are gone for lunch ??
The problem is, they can't remember the passwords they've created,

If they can remember the Windows password ... then let the users deal with his/hers password.
I mean: Use the Windows-logon-password in your table and let the user change the password.
(e.g. when they are forced to renew the password.)
But:
What's the use ??

Arno R
I am in fact concerned about people using others' workstations--this
is a pretty sensitive application. I am also concerned with
appearance--users feel more confident that an application is secure
when they have to enter a password, and these users pay my
salary! :) But whether of not you think what I want to do is
"useless," what I'm interested in is, can it be done?
Sorry, I did *not* say it is "useless".. . but I am very interested in the practical use...

I know for sure that my users *don't* like typing in the same password twice.
That will not give them a feeling of confidence. It wil only annoy them.

But you say you are indeed concerned about people using other's workstations (as I presumed).
I don't know if you can find the API that you are looking for...
But I would take care of my app shutting down after a while of no activity. (Do a Google search for 'idletime')
I would also train the users to close the app when they go to lunch.

And/or use the idea that I gave you in the first place. Let them maintain their own password.

Arno R
Jun 11 '07 #8
On Jun 11, 2:49 pm, "Arno R" <arracomn_o_s_p _...@planet.nlw rote:
"diane" <diane.pitt...@ verizon.netschr eef in berichtnews:11* *************** ******@k79g2000 hse.googlegroup s.com...
On Jun 11, 1:29 pm, "Arno R" <arracomn_o_s_p _...@planet.nlw rote:
"diane" <diane.pitt...@ verizon.netschr eef in berichtnews:11* *************** ******@p77g2000 hsh.googlegroup s.com...
I've got an application running with table-based security: i capture
the user's windows login with fOsusername, then have them enter a
password checked against their username/login in my own table. The
problem is, they can't remember the passwords they've created, and I
spend more time than I want to resetting.
Here's what I'd LIKE to have happen: when the user opens the
application (Access2k), a dialog box appears with the windows login
name of the currently-logged in user (I can do this part), and they
have to enter their WINDOWS password, which some windows api verifies
for me so I can allow or not allow them in.
Is there a way for windows to verify the password for me? I can't
seem to find anything on this; all I get are directions to
fOsusername, which is only the first half of my battle.
Thanks for any help you can give me.
What's the use ??
If they are allowed to the program when 'properly' logged on in Windows, then why bother ??
Are you concerned about users using 'other persons' workstation ??
What when they leave the program open when they are gone for lunch ??
The problem is, they can't remember the passwords they've created,
If they can remember the Windows password ... then let the users deal with his/hers password.
I mean: Use the Windows-logon-password in your table and let the user change the password.
(e.g. when they are forced to renew the password.)
But:
What's the use ??
Arno R
I am in fact concerned about people using others' workstations--this
is a pretty sensitive application. I am also concerned with
appearance--users feel more confident that an application is secure
when they have to enter a password, and these users pay my
salary! :) But whether of not you think what I want to do is
"useless," what I'm interested in is, can it be done?

Sorry, I did *not* say it is "useless".. . but I am very interested in the practical use...

I know for sure that my users *don't* like typing in the same password twice.
That will not give them a feeling of confidence. It wil only annoy them.

But you say you are indeed concerned about people using other's workstations (as I presumed).
I don't know if you can find the API that you are looking for...
But I would take care of my app shutting down after a while of no activity. (Do a Google search for 'idletime')
I would also train the users to close the app when they go to lunch.

And/or use the idea that I gave you in the first place. Let them maintain their own password.

Arno R
I'm not worried about annoying my users. This was actually their
suggestion. If I can't find the appropriate API (it HAS to exist), I
may use your suggestion to capture their windows login in my user
table--but, boy howdy, that seems like a bigger security risk than
just asking Windows to give me a thumbs-up-thumbs-down!

Jun 11 '07 #9

"diane" <di***********@ verizon.netschr eef in bericht news:11******** **************@ q69g2000hsb.goo glegroups.com.. .
I'm not worried about annoying my users. This was actually their
suggestion. If I can't find the appropriate API (it HAS to exist), I
may use your suggestion to capture their windows login in my user
table--but, boy howdy, that seems like a bigger security risk than
just asking Windows to give me a thumbs-up-thumbs-down!
Yes, it would be a bad idea indeed to save the Windows passwords in an Access table...

However my main idea to solve your initial problem (maintenance) was : Let them maintain their own password!
But since "they can't remember the passwords they've created" this also might not be a real solution...

I just did read your answer to Rick.
==In any case learn them to log off when they leave the office!!
IMO It is plain stupid not to do so, when there is *any* sensitive data on the machine.

But also don't forget about the idletime issue when they are *at* the office....

Arno R
Jun 11 '07 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
5663
by: Dan Williams | last post by:
Apologies for the cross-post but i thought i'd aim for the largest audience possible. I have a web site that users have to register to with their email address. The site then emails the user their password via Exchange 2000 and ASP/VBScript and CDO. Does anyone know if its possible to verify that the email address exists before sending...
0
7781
by: neuge | last post by:
I am trying to write a Change password process to change user password on an Oracle 8i database with a Powerbuilder client. When the PL/SQL function supplied by Oracle (Verify Password) is enabled for the profile the Alter User username identified by newpassword fails with a ORA-20003 Verify password has failed. The function works...
4
3700
by: Reader | last post by:
I have an application that allows a user to enter a user name, user password, and the domain or machine name. From this information I would like to verify the user account and password is valid. This must work for either a domain or a local machine account. I have tried to find examples from the web and it seems every example that I have found...
1
2931
by: pm a | last post by:
Hi, I'm writing code on username and password verify. A remote device will send the 2 info and my code has to verify if it's a valid Windows user in a system. How can I do this? I appreciate for any of your comments. Thanks, pma
1
2260
by: Andrea Temporin | last post by:
I would like to grant access to my application with the same user of Windows. How can I verify user and password with those of the system? Now we are using LogonUser API but it works only if the user is one of the administrator group of the PC. Thanks Andrea
0
7845
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
8121
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8286
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7869
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
1
5664
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5340
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
1
2287
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1385
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
1107
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.