| |
 |
|
| Computers Forum Index » Computer - Databases - MS Access » Access databases on 64bit Windows... |
|
Page 2 of 2 Goto page Previous 1, 2 |
|
| Author |
Message |
| David W. Fenton... |
 Posted: Tue Oct 27, 2009 2:37 am |
|
|
|
Guest
|
"Tony Toews [MVP]" <ttoews at (no spam) telusplanet.net> wrote in
news:7ccae55l22s841ohei61c8jsk27r7o83tl at (no spam) 4ax.com:
Quote: "David W. Fenton" <XXXusenet at (no spam) dfenton.com.invalid> wrote:
(best if it's partitioned into
two separate volumes, system and apps)
Why?
Because you want OS functions separate from apps.
But why? Why not leave Program Files on C drive?
So that your image is much, much smaller, for one.
So what? If you have to re-install the OS from scratch you have
to re-install the Program Files. And vice versa.
Eh? The whole point of an image is that you're restoring your system
to a consistent working state at a certain point in time without
needing to re-install everything. That's what an image is, a
snapshot of your hard drive. Obviously, you'd want the two images
coordinated (i.e., made at the same time) so as to insure that the
system registry is up-to-date with the applications installed in
your programs folder, but that's not completely necessary -- you
could live with that, and fix applications that have problems as
needed. The point is that you can be up and running with the OS as
quickly as possible.
Quote: Likewise, if you have two different partitions, and you are using
to hard drives,
Ahh, but you didn't say that before. Also I would suspect this is
relativley rare.
???
It's bog standard for anyone wanting good performance. You put you
OS on one hard drive and your data on a different one. You can use
relatively small hard drives for the OS, as it doesn't take up
nearly as much room as your apps and data.
My old desktop, which I don't use much any more, has three hard
drives, one with the OS only (it used to be the original 20GB hard
drive, but that recently died and got replaced with a 40GB hard
drive), the second (60GBs) with two partitions, one for programs and
one for data, and the third (60GBs) entirely allocated to media
files (graphics and audio).
It was easy to backup and image (though the 40GB OS drive was a
problem -- had I intended to keep using the system regularly, I
likely would have partitioned that so that the OS drive was not
using the full 40GBs).
This is a good way to get lots of storage for relatively low prices,
improve performance and make backup and restoration as granular as
possible (i.e., fast).
Quote: Even if you're just using
a single physical drive with multiple partitions, because there
are multiple heads you may get increased performance (depending on
the geometry of the drive platters and the controller logic).
I was unaware that there are multiple heads on a single hard drive
that are independent of each other.
Not independent, but depending on where the data is located (e.g.,
where the partitions begin physically can make a difference), it can
speed things up because one of the heads is nearer the needed data.
Quote: Now there are mutliple heads in a hard drive but as far
as I know they are all physically hooked to each other and each
covers one side of the disc.
I didn't suggest anything of the sort.
Quote: In the UNIX world,that's pretty much SOP.
Irrelevant.
Well, except for the fact that they have really compelling reasons
for designing it that way. In general, they separate OS from
applications and data, and I think that's an excellent strategy.
It certainly makes it a lot easier to do granular backups/images.
Sure, but we in the Windows world have the registry to deal with.
Eh?
Quote: And Windows
installers make a *lot* of changes to it. I don't know where
the similar settings are in the Unix world but I still maintain
that the Unix world is irrelevant to our discussion.,
Things are moving closer to the UNIX world with each release of
Windows. UAC and calling the profiles folder "Users" are two
examples of making things in Windows more like UNIX has been for
decades.
But the point of segregating your OS, your user data and your
applications is to keep everything as simple as possible. While it's
certainly true that lots of applications still insist (wrongly) on
throwing components into subfolders of the Windows folder, it's
getting less common.
And the decision with Vista to make the All Users folder
non-writable shows that MS is trying to get more and more user data
out of shared locations and into user space. That's very UNIX-like,
not because they are copying UNIX, but because they are copying the
basic security setup that has been part of the architecture of UNIX
distributions for years (UNIX was conceived as a multi-user OS so
careful delineation of system and user space was more important in
the design than it was for Windows, which started as a single-user
OS).
Quote: But if you're not using Windows standards, you may have data
scattered all over the place.
Not in my case. My data is in a single folder in a partition all
by itself. I can't, of course, speak for others.
That makes it sound like you're doing what I do already, which is
keep my data segregated from the system components. You could map
your My Documents to point to that and then all those apps that
insist on using My Documents would land in the correct place.
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/ |
|
|
| Back to top |
|
|
|
| David W. Fenton... |
| Posted: Tue Oct 27, 2009 2:41 am |
|
|
|
Guest
|
The Frog <mr.frog.to.you at (no spam) googlemail.com> wrote in
news:48e1c48b-a2cf-4ffa-8398-1c79fc91afb7 at (no spam) e34g2000vbc.googlegroups.co
m:
Quote: David, I understand what you are saying with regards to security,
so I will alleviate your fears completely, and at the same time
impart to you a sad fact of pc security. Firstly. with any form of
security on a windows pc, unless you are using whole disk
encryption with pre-boot authentication, and someone has physical
access to your machine, you are boned - simple as that. A boot-up
or windows password will not help you, they can all be
circumvented.
This is the same argument that says that Jet ULS is worthless, and
it's just as wrong here as it is wrong with Jet ULS.
While of course anybody with a Linux CD with the right tools loaded
on it can reset your admin password and then own your machine, we're
not talking about that. We're talking about casual access. Your
cleaning lady might have time to use the Linux password reset CD to
load that keystroke logger on your machine, but if she doesn't have
to reset the password to get in, she's saved 10 or 15 minutes.
Quote: The tools to do this are
freely available on the net. Whole Disk Encryption (WDE) will
protect a computers data if it is stolen, and the machine has not
been physically tampered with : eg/ altering the bootloader with a
trojan (The 'Evil Maid Attack'). Someone has access to your
machine you must consider that it is insecure - it may not be but
you dont know for sure.....
There are degrees of security. I think the analogy to Jet ULS is
pretty pertinent -- you implement it as much to take away temptation
and to avoid the annoyance of having to clean up after the children
as it is to actually protect your data.
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/ |
|
|
| Back to top |
|
|
|
| The Frog... |
| Posted: Tue Oct 27, 2009 8:00 am |
|
|
|
Guest
|
Hi David,
I am of the belief that Jet ULS is worthless, and I must respectfully
disagree with the analogy to Jet ULS and an OS. The approach of Jet
ULS is different (from a security perspective) in implementation and
purpose than protection used to 'guard' an OS. Unfortunately the
standard single factor Windows password and Jet ULS both provide a
false sense of security, which I feel is worse than no security
because it stops you looking for better ways to protect yourself and
your data.
The more effective way of securing a pc, and I do mean securing, is to
WDE the drives, remove the bootloader from the HD completely, and boot
from removable media. A windows password (single factor
authentication) doesnt slow down or stop anyone anymore - that
technology was bypassed years ago. I am interested to see the approah
MS has taken with Windows 7 (in Ultimate only I think) with Bitlocker
and a TPM. There is much debate at the moment as to how secure it
really is. For sure it is an interesting attempt at securing a pc and
simultaneously keeping is user friendly, which are both laudable goals
(IMO). Troublesomely security and user friendliness seldom go hand-in-
hand.
There are so many ways that a system, particularly on a network, can
be violated, data accessed, and you may never even know it has been
done. There are some 'simple' things that one can do to minimise the
risks, or as MS put it 'reduce the attack surface'. These are not too
difficult to achieve, but do take some preparation and practice if you
have not done them before.
1/ Put your OS and Data on separate drives / partitions (drives is
actually better)
2/ Build a trusted install of your OS that has everything you want
(apps, virus scanner, etc...)
3/ Set up IPSEC based network communications for your network
4/ Turn off all unneccessary services
5/ Before proceeding make an image of your OS in its current state
6/ Implement a cryptography product that supports WDE including on the
system drive / partition, on all hard drives
7/ Remove the bootloader from the OS drive
8/ Write random rubbish data to the first 63 sectors of the OS hard
drive (writes over where the bootloader can reside)
9/ Boot your OS from removable media
I would also recommend the use of hardwired networks over wireless
ones, and the use of two-factor authentication for login purposes. I
am pretty sure that most people wont do this though :-)
I would also recommend, once WDE is implememted on the system drive,
to take an image of the drive (after the bootloader has been wiped),
and store it somewhere safe. You can always restore the encrypted
image if you feel the OS is no longer trustworthy. Destroy the
unencrypted image after you are satisfied that the pc is running to
your liking (but not before!). And for Gods sake protect the keys /
passwords to the encryption - dont go writing them down somewhere for
the kids to use as the title of their next school essay. Keep the
passwords ued very long and completely random, including standard
keyboard symbols as well as upper and lower case letters, and of
yourse throw in a few numbers - minimum length of around 20
characters, and longer is always better.
The biggest put-off for people doing this is the time it takes to get
it all done, and I suppose a close second would be the danger of
losing your data if you screw it up. Make backups! Keep the backups
secure too! It really is a lot of work, but it can pay off, especially
since the tools to do this are available in the open market (and some
built right in to most OS's). Do it on a 'practice' system, get it
worked out to your liking, check it with those who know what they are
doing, and then when you are ready go for it.
I am sorry David, but Jet ULS doesnt even come close, and nor does a
Windows password. They will only stop individuals who are too lazy to
google for an answer or method to break them.
Getting security right takes effort. Its not a product, its a method.
You cant just turn on a switch and say 'My system is secure'. Even
with all the steps above being correctly implemented, I am certain
that somone will find a way through (eventually). All that I have done
on my pc is lift the bar so high that its just not worth the effort
for the contents on it. I dont use WDE at home, I just remove the
bootloader and keep what I want safe separate from the pc it is stored
on. I trust TrueCrypt containers for this purpose (with a keyfile
stored on a rainbow iKey), and I trust my OS image and boot method. I
use a wireless network at home too despite the potential of it being
hacked - in my case its just not worth cabling the whole house. Maybe
when I buy a house I might do some renovation and put fibre optic
cabling to each room.....pressurised conduit for the
cabling......faraday cage built into the walls of each room......mylar
on the windows.....windows made of Lexan.........steel caging through
the walls and roof and brickwork to stop physical entry.......mortice
locked doors with cylinder based tumblers....................
In the end you must figure out how far you want to go to secure what
you have, and only you can make the determination of what is valuable
to you. I do what I do because I cannot bring myself to trust
'security' methods that I know are broken.
Once again, sorry for rambling, but it is a topic I am passionate
about. I would certainly like to see better security available in
Access (natively). Right now I have to implement cryptography and user
access with code to meet anything that even comes close to secure. Not
everyone needs it of course, but there are a few....
Cheers
The Frog |
|
|
| Back to top |
|
|
|
| The Frog... |
| Posted: Tue Oct 27, 2009 8:23 am |
|
|
|
Guest
|
Hi James,
Thanks for the link to Xilinx. I have worked with engineers before
developing pcb's for various purposes. I will take a look through the
product and development options they have. I always felt that there
was a need for a hardware (removable / non-volatile) way of booting
into a pc. I appreciate the link.
Thankyou
The Frog |
|
|
| Back to top |
|
|
|
| Tony Toews [MVP]... |
| Posted: Fri Oct 30, 2009 5:06 am |
|
|
|
Guest
|
"David W. Fenton" <XXXusenet at (no spam) dfenton.com.invalid> wrote:
Quote: (best if it's partitioned into
two separate volumes, system and apps)
Why?
Because you want OS functions separate from apps.
But why? Why not leave Program Files on C drive?
So that your image is much, much smaller, for one.
So what? If you have to re-install the OS from scratch you have
to re-install the Program Files. And vice versa.
Eh? The whole point of an image is that you're restoring your system
to a consistent working state at a certain point in time without
needing to re-install everything. That's what an image is, a
snapshot of your hard drive. Obviously, you'd want the two images
coordinated (i.e., made at the same time) so as to insure that the
system registry is up-to-date with the applications installed in
your programs folder, but that's not completely necessary -- you
could live with that, and fix applications that have problems as
needed. The point is that you can be up and running with the OS as
quickly as possible.
Then as far as I'm concerned you would make the image of both the OS and the Programs
at the same time. So we'll agree to disagree.
Quote: Likewise, if you have two different partitions, and you are using
to hard drives,
Ahh, but you didn't say that before. Also I would suspect this is
relativley rare.
???
It's bog standard for anyone wanting good performance. You put you
OS on one hard drive and your data on a different one. You can use
relatively small hard drives for the OS, as it doesn't take up
nearly as much room as your apps and data.
Well, my data that I backup is about 4 Gb which is in it's own partition. But I also
work entirely on a laptop although almost always wtih an external monitor, keyboard
and custom wrist rest.
However I don't see much overlap in IOs between the OS, application and data. That
is you start up your application and then the app works with the data. In the case
of Access msaccess.exe and various DLLs are loaded into RAM. Then Access starts up
the FE MDB/ACCDB. But at this point there's not going to be a lot of activity
against the OS or Program Files folder. So I don't feel there would be a
performance improvement here.
Quote: Even if you're just using
a single physical drive with multiple partitions, because there
are multiple heads you may get increased performance (depending on
the geometry of the drive platters and the controller logic).
I was unaware that there are multiple heads on a single hard drive
that are independent of each other.
Not independent, but depending on where the data is located (e.g.,
where the partitions begin physically can make a difference), it can
speed things up because one of the heads is nearer the needed data.
We're going to agree to disagree here that this makes a difference.
Quote: But the point of segregating your OS, your user data and your
applications is to keep everything as simple as possible. While it's
certainly true that lots of applications still insist (wrongly) on
throwing components into subfolders of the Windows folder, it's
getting less common.
I agree with keeping user data seperate in it's own partition. But I don't see any
reason to keep OS and Applications seperate so again we're goiing to agree to
disagree.
Quote: Not in my case. My data is in a single folder in a partition all
by itself. I can't, of course, speak for others.
That makes it sound like you're doing what I do already, which is
keep my data segregated from the system components. You could map
your My Documents to point to that and then all those apps that
insist on using My Documents would land in the correct place.
No, I update all the apps, such as Word, Excel and Access to use my Q drive.
Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a free, convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/ |
|
|
| Back to top |
|
|
|
| The Frog... |
| Posted: Fri Oct 30, 2009 7:23 am |
|
|
|
Guest
|
Hi Tony,
You mentioned that you update the apps to use another location, and I
am curious if you have a method for this with Excel. I am damned if I
can find a setting anywhere that allows me to alter things such as
temp file location or default save file location. Do you have any info
on that?
FWIW my OS partition also contains my applications. My partition is
approx 8Gig, and I can restore it in about 3 to five minutes (after
boot disk is up an running). Total process time from start to finish
rebuild is about 20 mins - just enough time for a coffee :-)
Cheers
The Frog |
|
|
| Back to top |
|
|
|
| Sky... |
| Posted: Fri Oct 30, 2009 11:25 pm |
|
|
|
Guest
|
Tony Toews [MVP] wrote:
Quote:
I agree with keeping user data seperate in it's own partition. But I don't see any
reason to keep OS and Applications seperate so again we're goiing to agree to
disagree.
One major difference between OS files and application files is that
critical OS files are locked while Windows is running. Whereas for
unlocked application files, you can use simple copy and replace.
The sole reason for an image backup, versus a normal file backup, is
that the OS files are locked. If you want your image backup to be as
small and fast as possible, then you might want to put application files
on a separate partition. These unlocked application files can easily be
backed up via standard methods, even simple file copies, and then it is
very simple to make incremental backups of only the changed files.
So, I agree with David in once sense: separating OS and application
files is arguably fastest for making incremental backups. You image the
minimum that you can, and perform normal incremental backups for the rest.
(Yes, there are some programs that claim to make incremental image
backups, but I personally do not trust it.)
Maintaining the backup files and restoring them is a different matter.
If you get a disk crash, you need to restore the OS with applications at
the same, so separation actually makes it more difficult. I certainly
hope restoring is a rare occurrence. But you also need to copy and store
backup files, which becomes slightly more complex with more of them.
Personally I agree with Tony and keep the OS and applications on one
partition and image them together. I already have too many partitions
with different backup needs (code, installs, media, backups, reference
materials). The extra complexity is not worth the small time savings of
a smaller OS image backup for me. I simply take a short break during the
image anyway.
Steve |
|
|
| Back to top |
|
|
|
| David W. Fenton... |
| Posted: Sat Oct 31, 2009 12:42 am |
|
|
|
Guest
|
Sky <s.young at (no spam) stanleyassociatesREMOVE.com> wrote in
news:hcfej1$hcq$1 at (no spam) news.eternal-september.org:
Quote: (Yes, there are some programs that claim to make incremental image
backups, but I personally do not trust it.)
Well, the only problem with them is the same as the problem with any
incremental backup program -- you have to have the backup program
running in order to make sense of the incremental backup files and
re-assemble the final version that you're trying to install.
I do have some of my clients doing incremental image backups with
Acronis TrueImage on a daily basis, but these are obsoleted by the
weekly image backup. Their data folders are also backed up via
Second Copy, so they have image backups plus separate data backups
-- backup redundancy is crucial -- and that means that one could
restore a week-old image then restore data from the Second Copy
backup and have a system that should work. The only exception to
that would be if you installed or majorly updated an application (or
any other data that's not in your data backup) between the full
image and the restore. In that case, you could use the incremental
images to stitch it back together, or just re-install/re-update the
app in question.
Of course, these machines are not partitioned in the way I
recommend, so that's one of the reasons this problem occurs.
If properly partitioned, the OS and Programs partitions would be
separately imaged, as would the data partition, and the data
partition would be backed up by Second Copy in addition to its
incremental daily and full weekly image backups. That plus a daily
system state backup would be more than enough to easily restore
exactly what you needed restored with the minimum of effort.
--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/ |
|
|
| Back to top |
|
|
|
| Tony Toews [MVP]... |
| Posted: Sun Nov 01, 2009 6:00 am |
|
|
|
Guest
|
The Frog <mr.frog.to.you at (no spam) googlemail.com> wrote:
Quote: You mentioned that you update the apps to use another location, and I
am curious if you have a method for this with Excel. I am damned if I
can find a setting anywhere that allows me to alter things such as
temp file location or default save file location. Do you have any info
on that?
Excel 2007 >> Office button >> way down at the bottom of the screen is a button
labelled Excel Options >> Save
In older versions of Excel I think this was under Tools >> Options >> General tab.
Quote: FWIW my OS partition also contains my applications. My partition is
approx 8Gig, and I can restore it in about 3 to five minutes (after
boot disk is up an running). Total process time from start to finish
rebuild is about 20 mins - just enough time for a coffee 
My OS and apps partition is about 26 Gb or so.
Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a free, convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/ |
|
|
| Back to top |
|
|
|
|
|
All times are GMT
The time now is Sun Nov 22, 2009 7:58 am
|
|