Re: Oracle Software Owner WIndows 2K

"Matt" <mccmx_at_hotmail.com> wrote in message news:cfee5bcf.0309250449.3f714acf_at_posting.google.com...

>
> We have an 8.1.7 install on Windows that was installed using the
> Domain Admin account. Therefore the Oracle binaries and database
> files are owned by the domain admin account.

should have been the local administrator. Not the domain one...

>
> The Oracle database is configured as a service on Win 2K and runs
> under the SYSTEM account. Therefore in theory it is independant of a
> user account.

Not really, it *runs* under the SYSTEM account. That's all.

> One of the security guys on site is planning to remove the domain
> admin accounts from all the servers and I'm concerned that this will
> affect the database setup.

yes.

> I will still be able to log onto the server with a privileged account
> which I will add to the ORA_DBA group in order to gain SYSDBA
> privileges.

no problem there.

>
> Is anyone aware of any issues that will arise after dropping the
> Oracle software owner account (i.e. domain admin) from the system....?
> Metalink was not much help on this issue.

you need the original account if you need to re-register or modify or re-install the Oracle software configuration.

Or else, assuming you have a standard setup, you should be able to go to ORACLE_HOME and set its ownership and everything under it (cascade) to the local administrator. Same for oradata.

Make sure you do NOT remove SYSTEM access to the hierarchy. If it only has "everyone" access besides ownership, then it MUST have SYSTEM added before "everyone" is removed. Which it should be if they really are concerned with security.

Once that is done, you should end up with everything owned by local admin, the ora_dba group and SYSTEM given explicit full access. That's all you need.

-- 
Cheers
Nuno Souto
wizofoz2k_at_yahoo.com.au.nospam