| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Windows DB best practices
Hi Stephen,
In terms of security, what I recommend is the following - which assumes a single windows domain rather than workgroup or standalone server.
First create a global group (called DB Admins or similar). Assign membership of this group to the personal accounts of your DBAs (and no-one else - there should be no anonymous accounts in this group).
Next on each local machine make the global group a member of the local "administrators" security group. This will enable the designated dba to install Oracle. After the install is complete you should make the domain group a member of the local ORA_DBA security group created by the install, and optionally remove it from the local administrators group.
This gets you:
I second the recommendation to make sure that you have a dedicated server for production oracle databases, but don't see that as a windows specific thing. I've also never worked anywhere that sys admins didn't share that view.
On 4/10/07, Stephen Andert <andert_at_gmail.com> wrote:
>
> Yes, I know the first one is "use *nix" but I am tired of fighting
> about it and my boss made the decision.
>
> The main question I have is whether to create an oracle-specific
> account or just use an administrator account. Also, any links to
> Windows best practices would be great.
>
>
> --
> Stephen
> http://andertfamily.net/racing_reports.aspx
>
> Any idiot can run.
> It takes a special kind of idiot to run a marathon.
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
-- Niall Litchfield Oracle DBA http://www.orawin.info -- http://www.freelists.org/webpage/oracle-lReceived on Wed Apr 11 2007 - 13:14:37 CDT
 |
 |