Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Oracle9i File Protection Issues on Windows 2000
There is something weird happening in regards to the security settings
associated with the Oracle9i Release 2 files.
The initial indications of a problem occurred when I tried to use the Microsoft OLE DB Provider for Oracle in a VBScript under the Windows 2000 task scheduler. The script runs fine from my interactive session, but failed under the scheduler with the 80004005 error:
---
Microsoft OLE DB Provider for Oracle: Oracle client and networking
components were not found. These components are supplied by Oracle
Corporation and are part of the Oracle Version 7.3.3 or later client
software installation.
Provider is unable to function until these components are installed.
---
Microsoft has a knowledgebase article describing a similar problem with IIS (Q255084), and none of the troubleshooting suggestions fixed my problem.
The error basically means "I can't find the Oracle client files which should be in the oracle \bin directory and which should be listed in the PATH environment variable."
Hmm...
Using the RUNAS command, I created a Command Prompt window running under the same account as my scheduled task. Guess what? The binary directory is listed in the PATH list, but directory contains no files!
Since the files do exist on the system in D:\Oracle\ora90\bin, this must be some sort of security violation. Sure enough, when I issue the command 'DIR D:\Oracle\ora90', I get a failure audit (event 560) in the event viewer stating:
---
Object Open:
Object Server: Security Object Type: File Object Name: D:\oracle\ora90 New Handle ID: - Operation ID: {0,202541} Process ID: 1816 Primary User Name: TestUser Primary Domain: OURDOMAIN Primary Logon ID: (0x0,0x1BD4F) Client User Name: - Client Domain: - Client Logon ID: - Accesses SYNCHRONIZE ReadData (or ListDirectory) Privileges -
Looking at the protection of the directory with CACLS gives the following:
---
C:\>cacls d:\oracle\ora90
d:\oracle\ora90 NT AUTHORITY\Authenticated Users:(OI)(CI)(special
access:)
READ_CONTROL FILE_READ_DATA FILE_READ_EA FILE_EXECUTE
FILE_READ_ATTRIBUTES
BUILTIN\Administrators:(OI)(CI)F NT AUTHORITY\SYSTEM:(OI)(CI)F
Hmm, looks like I should get in as an authenticated user.
Using the SECTOK utility from
http://home.earthlink.net/~joewarenet/win32/index.html, I can confirm
that the Command Prompt window I started via RUNS does indeed have the
appropriate token:
---
C:\>sectok
SecTok V01.00.00cpp Joe Richards (joe_at_joeware.net) November 2001
User: S-1-5-21-700192930-1906580503-837300906-1330 - OURDOMAIN\TestUser
Group: S-1-1-0 - Everyone Group: S-1-5-11 - NT AUTHORITY\Authenticated Users Group: S-1-5-21-700192930-1906580503-837300906-1126 - OURDOMAIN\TechGroup
So why can't I see the contents of the Oracle\ora90 directory?
Thanks for any suggestions