I'm really struggling with this one, and any suggestions are welcome! My modest suite of in-house developed applications in (eek! I know, and please forgive me) MS Access 2003, running on a Windows 2003 server with IIS 6.0, has run into a major security snag.

In order for integrated authentication to work, and therefore allow or restrict pages, form fields, etc., we've had to allow read and execute access to all our domain users. The issue is that this means they can open the shared folder and browse records at their leisure, should they figure out where to go to open the database files.

Is there any possibility to set up access for domain users to see the web application and pass on their windows credentials, without having to grant any folder access? Or, conversely, can the MS access databases be locked down for shared folder access, while still allowing web application access?

Thanks very much in advance!