Re: Windows 2K script

"Celtic" <celtic_at_cyberintel.com> wrote
>
> I am trying to run a script containing something along the lines of
> sqlplus "/as sysdba" as an at job run by the windows local system account.
> I have already assigned the local system to the ora_dba group but still
> get the error ora-01031: insufficient priviledges when I attempt to run
> the job. How can I do this without running the script as admin (we want to
> avoid having password changes effect the script - they would if it ran as
> administrator but not as system).

Weird. It works on Unix (i.e. non-oracle user, but in the dba group).

If we assume that the fault is not at Oracle's side (as I said it works on Unix), and you are positive that the correct group has been assigned... the only thing left that I can think of is underlaying o/s privs that is also required but not there.

For example, the local account needs to use IPC to establish comms with Oracle. You enter `sqlplus "/ as sysdba` - this part works (i.e. the account being part of the dba group). However, this account lacks the security token to cross VM boundaries and account boundaries to access a semaphore created by the oracle account (which belonging to the same group does not provide - or a default that has been changed by your NT sysadmin that now prohibits this).

NT is in many ways, many times more secure (aka restrictive) than Unix in that regard (having borrowed very heavily from VMS). Despite the asine implementation of Microsoft Networking.. :-)

To troubleshoot this problem. Give the local account full blown admin privs (i.e. everything). Test. If that works it then means that in addition to belonging to the DBA group, something else is also needed security wise.

--
Billy