Win NT/2K and Oracle 9i - explain Local System and domain user ...
DBAsupport.com Forums - Powered by vBulletin
Results 1 to 10 of 10

Thread: Win NT/2K and Oracle 9i - explain Local System and domain user ...

  1. #1
    Join Date
    Jan 2000
    Location
    Chester, England.
    Posts
    818

    Win NT/2K and Oracle 9i - explain Local System and domain user ...

    Can any Windows gurus here explain about the different Windows accounts/users that the Oracle services run under?

    I want to be able to archive my redo logs to a mapped network drive. But it fails and Support say that the DB service has to started as a domain user with access to the remote machine. The service in question starts as the 'System Account'. Is this not sufficient? What does 'System Account' mean?

  2. #2
    Join Date
    Dec 2002
    Location
    Bangalore ( India )
    Posts
    2,434
    SYSTEM acc is specific to host.

    you have to use N/W identifiable acc & that would call for Domain Users.

    Change the service setting to run as Domain User if you dont get

    Vist WWW.Microsoft.com & search for Services

    Abhay.
    funky...

    "I Dont Want To Follow A Path, I would Rather Go Where There Is No Path And Leave A Trail."

    "Ego is the worst thing many have, try to overcome it & you will be the best, if not good, person on this earth"

  3. #3
    Join Date
    Nov 2002
    Location
    Geneva Switzerland
    Posts
    3,142
    Hi JMac, didn't we discuss this here http://www.dbasupport.com/forums/sho...threadid=37475 ?

    I'd create a domain user, make it a member of the local Administrators group - that has a good chance of being enough, but it depends on your NT security setup. I'm pretty sure that on the server the User Rights Policies "Log on as a Service" will have to include this user or a group that it is a member of.

    Then log on as that user and check the access to the remote machine - watch out that if this is done by adding the new user to a global group, it takes time for the changes to propogate.

    Once all that looks OK use the Services applet in Control Panel to change the user & password in the Startup option for the Oracle services OracleServiceSID and possibly the Listener? . . . not sure about that.

    (Note for Jeff: rebooting is NOT necessary!)

  4. #4
    Join Date
    Feb 2001
    Posts
    99
    Yep..was discussed before. I started a thread on it a few months back. Have decided not go that route and I am looking at setting up an archive repository. Read up on it in the Dataguard docs.

  5. #5
    Join Date
    Jan 2000
    Location
    Chester, England.
    Posts
    818
    Yes we did, but I didn't understand what we were talking about. I was getting confused with Oracle SYSTEM account and Windows system accounts. The fog's beginning to clear now and I'm going to attempt it again.

    Will report back chaps!

  6. #6
    Join Date
    Feb 2001
    Posts
    99
    Good Luck. I ended up changing the owner of the Oracle Service and TNS Listner service on the machine. Changed it to a domain level user that had administrative rights and service rights.

    Then, I set the log_archive_dest params and status params the way I wanted. Did a log switch...viola, archive log showed up where I wanted it.

    However, I now think I want to keep the Windows SYSTEM user as the service owner. So, I am now looking at setting up the archive repository. It looks fairly simpile. Create and oracle service on another machine. No instance, etc...just the service. Then, use the SERVICE flag of the log_archive_Dest to transfer the files to that spot as my storage location.

    Have not got a chance yet to try that out, but it seems fairly straight forward.....famous last words....

  7. #7
    Join Date
    Jan 2000
    Location
    Chester, England.
    Posts
    818
    Why did you want to keep the Windows SYSTEM account as the service 'owner'?

  8. #8
    Join Date
    Nov 2002
    Location
    Geneva Switzerland
    Posts
    3,142
    My worry was that a "hack" attempt might cause an account to be locked out, which would prevent the services starting - a problem if you do unattended restarts. This can't happen with SYSTEM (or with Administrator AFAIK).

  9. #9
    Join Date
    Jan 2000
    Location
    Chester, England.
    Posts
    818
    Good point.
    The account I was thinking of using is shared with several in IT Support. Its got more of a chance of being misappropriated ...
    Maybe I should get a "top-secret" user account that only I and the network admin guy know.

    Thanks.

  10. #10
    Join Date
    Feb 2001
    Posts
    99
    I wanted to keep it as SYSTEM because of security and less chance of screw-ups. Did not want someone to "inadvertanly" delete the user that owns the Oracle service.

    Plus, after reading up on the archive Repository scheme in Dataguard, I liked the looks of it better than what I was trying to do.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width