MS-Access security can be easily compromised. There are inexpensive software utilities that will extract all users and/or passwords from encrypted Access databases.
After converting MS-Access databases to SQL Server, user-level or database security should be removed from the front-end application and like security enforced on SQL Server. By implementing security on SQL Server, all back-end database objects can be safely protected from unauthorized use. Refer to the Transact-SQL documentation for information about SQL Server security or consult with your DBA about implementing accounts and permissions appropriate for the converted Access application.
Removing User-Level Security
1. Start MS-Access.
2. Open the MDB of the original Access application.
3. Log on as the workgroup administrator (or any user in the Admins group).
4. Assign full permissions to all tables, queries, forms, reports, and macros to the Users group.
5. Exit and restart MS-Access and log on as Admin.
6. Create a new blank database, and leave it open.
7. Import all objects from the original database into the new blank database.
8. Ensure that all references in the original database are included in the one just imported. (Open any Module in Code View and open References from the Tools menu.)
Refer to the Microsoft Office Online article: Remove user-level security for additional information about removing security.
The following instructions apply If you wish to retain Access security.
MS-Access User-Level Security
When databases specify MS-Access user-level security, before using the Generate New Application form you must do the following:
1) Select User and Group Permissions from the Security folder on the Tools menu.
2) Highlight the Admin user.
3) Choose Database from the Object Type combo.
4) Check the Open/Run and Administer permissions.
5) Press the Apply button.
After the new application is generated, you will not have access to any database objects since permissions were not granted (by default) to the Admin user. To gain access to the application, you must create a shortcut to the newly generated MS-Access/SQL Server application that specifies the secured MDW file of the original application. Use the shortcut to open the database and enter your password when prompted.
MS-Access Database Passwords
Before generating a new MS-Access / SQL Server application, you must unset the database password by choosing Security from the Tools menu and select Unset Database Password.