The workgroup security features in Access provide for very fine control over the objects in your database. Normally you create a special workgroup (.MDW) file, which holds the user and group information, and place it on a network share - and therein lies the exposure.

If the connection to the network share is interrupted or not available, Access may, silently and without notice, revert to using the default workgroup file SYSTEM.MDW which is created during installation of Access.

Result? If workgroup security was done correctly (removing & replacing the Admin user) then the user will not be able to log in to the database. However, if the Admin user was left in there, the database will be wide open, with no restrictions whatsoever.

This code snippet can be run at startup to verify that the correct workgroup file is in use (watch for line breaks):

Sub CheckForWorkgroup()
  If InStr(1, SysCmd(acSysCmdGetWorkgroupFile),
      "ACME.MDW") = 0 Then
    MsgBox "Cannot open without security file."
    DoCmd.Quit acQuitSaveNone
  End If
End Sub