473,708 Members | 2,436 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

verify windows password?

I've got an application running with table-based security: i capture
the user's windows login with fOsusername, then have them enter a
password checked against their username/login in my own table. The
problem is, they can't remember the passwords they've created, and I
spend more time than I want to resetting.

Here's what I'd LIKE to have happen: when the user opens the
application (Access2k), a dialog box appears with the windows login
name of the currently-logged in user (I can do this part), and they
have to enter their WINDOWS password, which some windows api verifies
for me so I can allow or not allow them in.

Is there a way for windows to verify the password for me? I can't
seem to find anything on this; all I get are directions to
fOsusername, which is only the first half of my battle.

Thanks for any help you can give me.

Jun 11 '07 #1
30 6974

"diane" <di***********@ verizon.netschr eef in bericht news:11******** **************@ p77g2000hsh.goo glegroups.com.. .
I've got an application running with table-based security: i capture
the user's windows login with fOsusername, then have them enter a
password checked against their username/login in my own table. The
problem is, they can't remember the passwords they've created, and I
spend more time than I want to resetting.

Here's what I'd LIKE to have happen: when the user opens the
application (Access2k), a dialog box appears with the windows login
name of the currently-logged in user (I can do this part), and they
have to enter their WINDOWS password, which some windows api verifies
for me so I can allow or not allow them in.

Is there a way for windows to verify the password for me? I can't
seem to find anything on this; all I get are directions to
fOsusername, which is only the first half of my battle.

Thanks for any help you can give me.
What's the use ??
If they are allowed to the program when 'properly' logged on in Windows, then why bother ??
Are you concerned about users using 'other persons' workstation ??
What when they leave the program open when they are gone for lunch ??
The problem is, they can't remember the passwords they've created,
If they can remember the Windows password ... then let the users deal with his/hers password.
I mean: Use the Windows-logon-password in your table and let the user change the password.
(e.g. when they are forced to renew the password.)
But:
What's the use ??

Arno R

Jun 11 '07 #2
On Jun 11, 1:29 pm, "Arno R" <arracomn_o_s_p _...@planet.nlw rote:
"diane" <diane.pitt...@ verizon.netschr eef in berichtnews:11* *************** ******@p77g2000 hsh.googlegroup s.com...


I've got an application running with table-based security: i capture
the user's windows login with fOsusername, then have them enter a
password checked against their username/login in my own table. The
problem is, they can't remember the passwords they've created, and I
spend more time than I want to resetting.
Here's what I'd LIKE to have happen: when the user opens the
application (Access2k), a dialog box appears with the windows login
name of the currently-logged in user (I can do this part), and they
have to enter their WINDOWS password, which some windows api verifies
for me so I can allow or not allow them in.
Is there a way for windows to verify the password for me? I can't
seem to find anything on this; all I get are directions to
fOsusername, which is only the first half of my battle.
Thanks for any help you can give me.

What's the use ??
If they are allowed to the program when 'properly' logged on in Windows, then why bother ??
Are you concerned about users using 'other persons' workstation ??
What when they leave the program open when they are gone for lunch ??
The problem is, they can't remember the passwords they've created,

If they can remember the Windows password ... then let the users deal with his/hers password.
I mean: Use the Windows-logon-password in your table and let the user change the password.
(e.g. when they are forced to renew the password.)
But:
What's the use ??

Arno R- Hide quoted text -

- Show quoted text -

The use seems quite obvius to me. He wants user level security but
wants the password and id for ecah user to be the users windows login
id/password. A rather easy concept IMHO.
Jun 11 '07 #3
On Jun 11, 1:29 pm, "Arno R" <arracomn_o_s_p _...@planet.nlw rote:
"diane" <diane.pitt...@ verizon.netschr eef in berichtnews:11* *************** ******@p77g2000 hsh.googlegroup s.com...
I've got an application running with table-based security: i capture
the user's windows login with fOsusername, then have them enter a
password checked against their username/login in my own table. The
problem is, they can't remember the passwords they've created, and I
spend more time than I want to resetting.
Here's what I'd LIKE to have happen: when the user opens the
application (Access2k), a dialog box appears with the windows login
name of the currently-logged in user (I can do this part), and they
have to enter their WINDOWS password, which some windows api verifies
for me so I can allow or not allow them in.
Is there a way for windows to verify the password for me? I can't
seem to find anything on this; all I get are directions to
fOsusername, which is only the first half of my battle.
Thanks for any help you can give me.

What's the use ??
If they are allowed to the program when 'properly' logged on in Windows, then why bother ??
Are you concerned about users using 'other persons' workstation ??
What when they leave the program open when they are gone for lunch ??
The problem is, they can't remember the passwords they've created,

If they can remember the Windows password ... then let the users deal with his/hers password.
I mean: Use the Windows-logon-password in your table and let the user change the password.
(e.g. when they are forced to renew the password.)
But:
What's the use ??

Arno R
I am in fact concerned about people using others' workstations--this
is a pretty sensitive application. I am also concerned with
appearance--users feel more confident that an application is secure
when they have to enter a password, and these users pay my
salary! :) But whether of not you think what I want to do is
"useless," what I'm interested in is, can it be done?

Jun 11 '07 #4
diane wrote:
I am in fact concerned about people using others' workstations--this
is a pretty sensitive application. I am also concerned with
appearance--users feel more confident that an application is secure
when they have to enter a password, and these users pay my
salary! :) But whether of not you think what I want to do is
"useless," what I'm interested in is, can it be done?
It is true that if a user is silly enough to log onto Windows and the
company network and then walk away from their PC that someone else could
walk up to that PC, open your application, and then be able to access stuff
that they should not.

BUT...
Wouldn't a user silly enough to do that also be silly enough to open your
app, log onto it using your home-cooked security, and then walk away from
his PC, creating the exact same situation? I fail to see how adding another
password verification really accomplishes anything beyond just using the
Windows user name that you already have.

Most IT Security people would consider ANYTHING that asks a user for his
Windows password other than the OS itself to be a BIG security problem.
Your application would then be free to do anything with that information.
You are creating a security problem, not solving one if you go this route.
--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com
Jun 11 '07 #5
It is true that if a user is silly enough to log onto Windows and the
company network and then walk away from their PC that someone else could
walk up to that PC, open your application, and then be able to access stuff
that they should not.

BUT...
Wouldn't a user silly enough to do that also be silly enough to open your
app, log onto it using your home-cooked security, and then walk away from
his PC, creating the exact same situation? I fail to see how adding another
password verification really accomplishes anything beyond just using the
Windows user name that you already have.

Most IT Security people would consider ANYTHING that asks a user for his
Windows password other than the OS itself to be a BIG security problem.
Your application would then be free to do anything with that information.
You are creating a security problem, not solving one if you go this route.

--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com
One, re the "silly user" issue: Our users remain logged in to their
machines all day and are in & out of their offices. I am mostly
concerned with making sure their secretaries or underlings are not
given the opportunity to walk in & open the application and view
sensitive data. My users are sufficiently concerned with the privacy
of this data to make sure that they do not leave the application open
on the desktop when they walk away, and they don't use it every day in
any case.

Two, re Windows security: I'm not trying to GET the users' passwords,
only to verify that they have entered them correctly. Other
applications do this all the time--for example, our third-party IM
client asks for the user's windows password to log in.

Regardless, I feel comfortable with my ability to decide WHAT I want
to do. I'm still looking for help with HOW TO DO IT.

Thank you.

Jun 11 '07 #6
On Jun 11, 2:12 pm, diane <diane.pitt...@ verizon.netwrot e:
It is true that if a user is silly enough to log onto Windows and the
company network and then walk away from their PC that someone else could
walk up to that PC, open your application, and then be able to access stuff
that they should not.
BUT...
Wouldn't a user silly enough to do that also be silly enough to open your
app, log onto it using your home-cooked security, and then walk away from
his PC, creating the exact same situation? I fail to see how adding another
password verification really accomplishes anything beyond just using the
Windows user name that you already have.
Most IT Security people would consider ANYTHING that asks a user for his
Windows password other than the OS itself to be a BIG security problem.
Your application would then be free to do anything with that information.
You are creating a security problem, not solving one if you go this route.
--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com

One, re the "silly user" issue: Our users remain logged in to their
machines all day and are in & out of their offices. I am mostly
concerned with making sure their secretaries or underlings are not
given the opportunity to walk in & open the application and view
sensitive data. My users are sufficiently concerned with the privacy
of this data to make sure that they do not leave the application open
on the desktop when they walk away, and they don't use it every day in
any case.

Two, re Windows security: I'm not trying to GET the users' passwords,
only to verify that they have entered them correctly. Other
applications do this all the time--for example, our third-party IM
client asks for the user's windows password to log in.

Regardless, I feel comfortable with my ability to decide WHAT I want
to do. I'm still looking for help with HOW TO DO IT.

Thank you.- Hide quoted text -

- Show quoted text -
One could easliy write a routine that closes a database after a given
period of inactivity to resolve the idiot user syndrome...

Jun 11 '07 #7

"diane" <di***********@ verizon.netschr eef in bericht news:11******** **************@ k79g2000hse.goo glegroups.com.. .
On Jun 11, 1:29 pm, "Arno R" <arracomn_o_s_p _...@planet.nlw rote:
>"diane" <diane.pitt...@ verizon.netschr eef in berichtnews:11* *************** ******@p77g2000 hsh.googlegroup s.com...
I've got an application running with table-based security: i capture
the user's windows login with fOsusername, then have them enter a
password checked against their username/login in my own table. The
problem is, they can't remember the passwords they've created, and I
spend more time than I want to resetting.
Here's what I'd LIKE to have happen: when the user opens the
application (Access2k), a dialog box appears with the windows login
name of the currently-logged in user (I can do this part), and they
have to enter their WINDOWS password, which some windows api verifies
for me so I can allow or not allow them in.
Is there a way for windows to verify the password for me? I can't
seem to find anything on this; all I get are directions to
fOsusername, which is only the first half of my battle.
Thanks for any help you can give me.

What's the use ??
If they are allowed to the program when 'properly' logged on in Windows, then why bother ??
Are you concerned about users using 'other persons' workstation ??
What when they leave the program open when they are gone for lunch ??
The problem is, they can't remember the passwords they've created,

If they can remember the Windows password ... then let the users deal with his/hers password.
I mean: Use the Windows-logon-password in your table and let the user change the password.
(e.g. when they are forced to renew the password.)
But:
What's the use ??

Arno R
I am in fact concerned about people using others' workstations--this
is a pretty sensitive application. I am also concerned with
appearance--users feel more confident that an application is secure
when they have to enter a password, and these users pay my
salary! :) But whether of not you think what I want to do is
"useless," what I'm interested in is, can it be done?
Sorry, I did *not* say it is "useless".. . but I am very interested in the practical use...

I know for sure that my users *don't* like typing in the same password twice.
That will not give them a feeling of confidence. It wil only annoy them.

But you say you are indeed concerned about people using other's workstations (as I presumed).
I don't know if you can find the API that you are looking for...
But I would take care of my app shutting down after a while of no activity. (Do a Google search for 'idletime')
I would also train the users to close the app when they go to lunch.

And/or use the idea that I gave you in the first place. Let them maintain their own password.

Arno R
Jun 11 '07 #8
On Jun 11, 2:49 pm, "Arno R" <arracomn_o_s_p _...@planet.nlw rote:
"diane" <diane.pitt...@ verizon.netschr eef in berichtnews:11* *************** ******@k79g2000 hse.googlegroup s.com...
On Jun 11, 1:29 pm, "Arno R" <arracomn_o_s_p _...@planet.nlw rote:
"diane" <diane.pitt...@ verizon.netschr eef in berichtnews:11* *************** ******@p77g2000 hsh.googlegroup s.com...
I've got an application running with table-based security: i capture
the user's windows login with fOsusername, then have them enter a
password checked against their username/login in my own table. The
problem is, they can't remember the passwords they've created, and I
spend more time than I want to resetting.
Here's what I'd LIKE to have happen: when the user opens the
application (Access2k), a dialog box appears with the windows login
name of the currently-logged in user (I can do this part), and they
have to enter their WINDOWS password, which some windows api verifies
for me so I can allow or not allow them in.
Is there a way for windows to verify the password for me? I can't
seem to find anything on this; all I get are directions to
fOsusername, which is only the first half of my battle.
Thanks for any help you can give me.
What's the use ??
If they are allowed to the program when 'properly' logged on in Windows, then why bother ??
Are you concerned about users using 'other persons' workstation ??
What when they leave the program open when they are gone for lunch ??
The problem is, they can't remember the passwords they've created,
If they can remember the Windows password ... then let the users deal with his/hers password.
I mean: Use the Windows-logon-password in your table and let the user change the password.
(e.g. when they are forced to renew the password.)
But:
What's the use ??
Arno R
I am in fact concerned about people using others' workstations--this
is a pretty sensitive application. I am also concerned with
appearance--users feel more confident that an application is secure
when they have to enter a password, and these users pay my
salary! :) But whether of not you think what I want to do is
"useless," what I'm interested in is, can it be done?

Sorry, I did *not* say it is "useless".. . but I am very interested in the practical use...

I know for sure that my users *don't* like typing in the same password twice.
That will not give them a feeling of confidence. It wil only annoy them.

But you say you are indeed concerned about people using other's workstations (as I presumed).
I don't know if you can find the API that you are looking for...
But I would take care of my app shutting down after a while of no activity. (Do a Google search for 'idletime')
I would also train the users to close the app when they go to lunch.

And/or use the idea that I gave you in the first place. Let them maintain their own password.

Arno R
I'm not worried about annoying my users. This was actually their
suggestion. If I can't find the appropriate API (it HAS to exist), I
may use your suggestion to capture their windows login in my user
table--but, boy howdy, that seems like a bigger security risk than
just asking Windows to give me a thumbs-up-thumbs-down!

Jun 11 '07 #9

"diane" <di***********@ verizon.netschr eef in bericht news:11******** **************@ q69g2000hsb.goo glegroups.com.. .
I'm not worried about annoying my users. This was actually their
suggestion. If I can't find the appropriate API (it HAS to exist), I
may use your suggestion to capture their windows login in my user
table--but, boy howdy, that seems like a bigger security risk than
just asking Windows to give me a thumbs-up-thumbs-down!
Yes, it would be a bad idea indeed to save the Windows passwords in an Access table...

However my main idea to solve your initial problem (maintenance) was : Let them maintain their own password!
But since "they can't remember the passwords they've created" this also might not be a real solution...

I just did read your answer to Rick.
==In any case learn them to log off when they leave the office!!
IMO It is plain stupid not to do so, when there is *any* sensitive data on the machine.

But also don't forget about the idletime issue when they are *at* the office....

Arno R
Jun 11 '07 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
5674
by: Dan Williams | last post by:
Apologies for the cross-post but i thought i'd aim for the largest audience possible. I have a web site that users have to register to with their email address. The site then emails the user their password via Exchange 2000 and ASP/VBScript and CDO. Does anyone know if its possible to verify that the email address exists before sending the email, rather than me having to send the email and only discovering that the user has input an...
0
7803
by: neuge | last post by:
I am trying to write a Change password process to change user password on an Oracle 8i database with a Powerbuilder client. When the PL/SQL function supplied by Oracle (Verify Password) is enabled for the profile the Alter User username identified by newpassword fails with a ORA-20003 Verify password has failed. The function works perfectly from a SQL editor such as Embarcadero's Rapid SQL.
4
3707
by: Reader | last post by:
I have an application that allows a user to enter a user name, user password, and the domain or machine name. From this information I would like to verify the user account and password is valid. This must work for either a domain or a local machine account. I have tried to find examples from the web and it seems every example that I have found does not work or produces odd results. I have tested each of these on Windows 2000, Windows XP,...
1
2936
by: pm a | last post by:
Hi, I'm writing code on username and password verify. A remote device will send the 2 info and my code has to verify if it's a valid Windows user in a system. How can I do this? I appreciate for any of your comments. Thanks, pma
1
2263
by: Andrea Temporin | last post by:
I would like to grant access to my application with the same user of Windows. How can I verify user and password with those of the system? Now we are using LogonUser API but it works only if the user is one of the administrator group of the PC. Thanks Andrea
0
8787
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, weíll explore What is ONU, What Is Router, ONU & Routerís main usage, and What is the difference between ONU and Router. Letís take a closer look ! Part I. Meaning of...
0
8697
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9289
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9158
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
9060
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
5939
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4454
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4712
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
2508
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.