Re: Oracle archive logging over a Windows NT share - does it work?

konstantin_kudin_at_yahoo.com (Konstantin Kudin) wrote in message news:<ff88eb34.0302031410.64bc13fd_at_posting.google.com>...
> Hi

<snip>
> In my system (Oracle 8.1.7 with NT4 sp6a) even if I map a drive on
> the desktop, then do Services/Oracle stop/start thing, it still
> complains about
> not being able to access a network share. So somehow Oracle does not
> see a share that has been made through the desktop even if the Oracle
> is fully restarted.
>
> Is there anybody out there who actually managed to do this?
>
> Thanks in advance!
>
> Regards,
> Konstantin Kudin
>

Hey - how goes the NT4 sp6a standby project on 8.1.7? Eventually, you will tire of all of the needless restraints imposed by NT4, most likely before you complete your project.

Did you check out the end of error correction notice on Metalink for 8.1.7 yet?
Its for real. 31-Dec-2003, no more error correction, unless your CFO coughs up some major bucks for extended maintenance.

You know - I ran across another real pain in the arse in NT4 today. The "move" command has different syntax between NT4 and W2K, so its not just "xcopy" that has wonderfully different syntax that causes you to need to keep separate source for NT4 and W2K. wonderful. I can't wait until those last 2 sites wipe NT4 off their boxes and I don't have to support NT 3.51 syntax anymore.

Here is your real problem:

"localsystem" as jurisdiction over the local machine - and that's it. Imagine that you blow thru a speed trap in North Carolina, right near the border.
You happen to be a police officer in a municipality in south carolina. The funny thing is - just because you are "The Man" in your little sandbox in South Carolina - it doesn't mean squat across the border in North Carolina.
It doesn't matter if you're the freaking Governor of South Carolina. In North Carolina, you play by their rules - its their town (state). You have no privileges there. Post bail and don't forget to show up at the hearing.

LocalSystem has no jurisdiction on network shares. Period. It has no privileges outside of the local machine. Nimda did not use the LocalSystem accout directly to take over an entire NT domain. It used network shares, or shares from domain controllers to overwhelm an entire domain. One box with no domain account passwords cached, with no network shares does not cause an entire domain to be brought to its knees - to really screw things up you need domain accounts, network shares and domain controllers.

On W2K - its far easier to configure services to use a specific OS account, or OS groups - to execute a job under. A "Domain Account" may be the way you want to pursue "Network Resources" in a "Domain environment".

So buy some books that discuss security and NT/W2K system administration, throw NT4 out the door and migrate to W2K. And run your oracle services under a different account than local system.

Onme more thing - when you "login" on a desktop/workstation/server - you are running under the context of the account that you logged in as - whether that is to a local machine, or to a domain. If you have not configured the services to run under a non-default account, they run as localsystem, which is not the account that you logged into the console as, it it?

Ok - one last thing. Yes, I did implement a standby database between remote offices in NT4. It was truly a pain. It it far easier to do, far easier to support, in W2K. give up. migrate. and don't run the oracle services as localsystem.

Paul

(next time gets the rtfm comes out) Received on Wed Feb 05 2003 - 00:16:41 CST