I don't think you can really lock or prevent the user sys to connect into a DB: http://www.lc.leidenuniv.nl/awcourse/oracle/server.920/a96524/c23acces.h tm as long as it is in the OS group dba, it will be able to connect into the DB regardless of the lock, expire setting. SQL> alter user sys account lock ; User altered. SQL> exit [I changed my ORACLE_SID to another DB to force use of listener and remote login] sqlplus 'sys/sys@asdb as sysdba' SQL*Plus: Release 10.1.0.4.0 - Production on Wed Jan 3 09:30:27 2007 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.1.0.4.0 - Production With the Partitioning, OLAP and Data Mining options SQL> select ACCOUNT_STATUS from dba_users where username = 'SYS' ; ACCOUNT_STATUS -------------------------------- LOCKED bp From: Denham Eva [mailto:DEVA@xxxxxxxx] Sent: woensdag 3 januari 2007 9:19 To: oracle-l@xxxxxxxxxxxxx Subject: Locking the SYS account. This email is subject to Terms and Conditions as found in our Email Legal Notice which forms part of this email message in terms of section 11 of the Electronic Communications and Transaction Act 25 of 2002. Please click on http://www.mf.co.za/content/EMAIL_Legal_Notice.asp <http://www.mf.co.za/content/EMAIL_Legal_Notice.asp> , or send a blank email to disclaim@xxxxxxxx <mailto:disclaim@xxxxxxxx> . By receiving, reading or acting upon this email you will automatically be bound by the terms of the Email Legal Notice. Mutual & Federal Insurance Company Limited Authorised Financial Services Provider _____ Hi, I am being pressured into changing users on some oracle servers with regards to DBA accounts. The client wants all these accounts to expire and some commonly known accounts to be locked. I have not yet tried to experiment with this and would like to know from the community before actually trying this. What if any are the implications of locking the SYS account? TIA Denham