Security Over Write

[MichaelAlex]

So this may be an interesting topic... If you have a FM program that is controlled by a single admin, but the admin no longer exists, how do you grant admin rights to yourself after that?

[Wim Decorte]

You mean you don't have the full access credentials to the solution?  What's the situation with the legal ownership of the solution?

[MichaelAlex]

lets say the owner is no longer with the company. And, to make matters worse, not sure the PIN #. I did find this, but without the PIN...

http://help.filemaker.com/app/answers/detail/a_id/6989/~/what-to-do-if-filemaker-server-admin-console-password-is-lost-or-forgotten

[Wim Decorte]

You're talking about two different things here:

1) master (developer) access to the file

2) admin access to the FileMaker Server admin console.

 

#2 is easily fixed as per the document you have found or just plain uninstalling and reinstalling.

Since you're somewhat vague about #1 I'm assuming there is some some dispute between the company and that person.  Make sure it is clear legally who owns the software.  If the company owns it, have him hand over the credentials.  If you are in your legal rights you can ask FMI for assistance in getting access to the file.

But that won't work if the original developer removed the full access account or used 'encryption at rest' on the file.

[MichaelAlex]

Not familiar with FMI, but legally, the company owns the program. Handing over the credentials however is more than likely not going to happen with this person. I am also concerned about looping scripts or executable scripts.

[Steven H. Blackwell]

14 hours ago, MichaelAlex said:

Not familiar with FMI, but legally, the company owns the program. Handing over the credentials however is more than likely not going to happen with this person. I am also concerned about looping scripts or executable scripts.

This is by no means a straightforward situation. If the person was an employee acting within the scope of his or her employment, then the most likely answer is yes the company is the owner.  The further you move from that basis, the less certain the situation becomes.  Plus, this will vary jurisdiction by jurisdiction.  Is there no company policy regarding requiring employees acting within the scope of their employment to provide credentials at the outset?

 

Steven

[comment]

15 hours ago, Wim Decorte said:

 If you are in your legal rights you can ask FMI for assistance in getting access to the file.

Is that still a viable option? I vaguely recollect FMI stopped providing this service years ago.

[MichaelAlex]

The company does own the program. They had employed this individual as a FM developer and they had created the program while employed with the company. With that said tho, since this developer is no longer with the company, can the admin rights to the program they created be retrieved if no one else had the credentials to it?

[Steven H. Blackwell]

Quote

can the admin rights to the program they created be retrieved if no one else had the credentials to it?

If the file is also encrypted and no one knows the encryption password, the answer is No.

If the developer removed the [Full Access] accounts with the Developer Tool, the answer is No.

Absent either of the foregoing, the file likely can be opened to [Full Access] but it likely will be damaged in the process.

 

When you say:

Quote

they had employed this individual as a FM developer and they had created the program while employed with the company.

do you mean by employed that the person was a regular full-time or part-time employee, subject to withholding taxes, FICA, UI, etc?  Not a contract worker and certainly not a consultant??  This makes a difference in establishing ownership rights to the file.

 

Steven

[MichaelAlex]

Full time employee, not consultant nor contract worker. I am thinking at this point the file cannot be retrieved, only re-created. Thank you for the feedback tho.

[MichaelAlex]

Still researching this topic before I give up hope...

Has anyone tried using a third party tool to reset a FM admin password? Does it work? I read on a blog from a FM developer at FM that it can corrupt the data and has me a little leery on using it.

Oddly enough, I do have the password for the FM 13 server...just not the actual FM Adv. 12 program.

[Wim Decorte]

Those tools brute force strip out the blocks where the pw is stored so there is a very real chance that you will damage the file.

And if the copyright / ownership situation is not resolved then you may be doing something illegal.  I highly encourage you and the employer to resolve the legal situation first.

[MichaelAlex]

Well, the employee is no longer with the company. They were hired in as a FM developer. The produced a FM program for the company and the company uses it. With that said tho, since the employee did not give the admin password to anyone before leaving, it is now lost. The program is FM 12 Adv. (no credentials to it tho), and is used on a FM 13 server. The company just needs to know if they can now access the database the employee created if they do not have the admin password.

Let me clarify. The company wants to know if they can reset the password so they can gain the admin rights to the database created in FM Adv. 12

[Wim Decorte]

They can use a cracker tool but it might very well damage the file.   And if the developer enabled EAR (encryption at rest) or stripped out the full access account then the cracker tools will fail.

To be clear: there is no resetting the pw.  The tools you have seen mentioned physically lobotomize the file and that is not without risk.

Or they can legal steps to make the employee hand over the master pw.   Which is the direction I would want to see this take.

[MichaelAlex]

You have been a great help Wim. I will talk with the company about the legal side of it and decide next steps. Thank you.