There are a few rights that are given to LocalSystem that are not given to the Administrators group, for example the 'ACT AS PART OF THE OPERATING SYSTEM' right - you can see these in the local security policy control panel applet (though you can't see their assignment to LocalSystem. However this should not affect the *install* so long as your domain account is directly a member of the *local* Administrators group - as opposed to Domain Admins (I can't now recall why that made a difference in the past and indeed it shouldn', but it did back in the 806/815 days). The only occasion that I'm aware of it making a difference is in the account that is used for executing OS jobs using EM where you need 4 rights Log on as a batch job -- self explanatory Replace a process level token -- enables one service to start another act as part of the operating system -- enables impersonate any user Increase memory quota for a process -- self explanatory I suspect that item 3, particularly given the ability to create em jobs via pl/sql and the ability to inject pl/sql into the db is a difficult to exploit but potentially extremely dangerous security loophole, and to be honest is a requirement that I don't understand. Arguably right 2 is inappropriate as well. Anyway if you also *run* the Oracle database under a different account, as opposed to installing it under a different account then there *may* be similar uses of non-default rights, I've never come across them except in the EM case though. On Tue, Feb 10, 2009 at 5:06 PM, William Wagman <wjwagman@xxxxxxxxxxx>wrote: > Greetings, > > I'm having a conversation with one of my co-workers re privileges, oracle > and windows. I am working with Windows Server 2003, 64-bit and Oracle 10gR2. > Our standard practice is to create an Oracle account which is a member of > the local administrators group, essentially full administrative rights on > the box. The Oracle installation is done while logged in as the Oracle user. > In one situation I encountered problems and Oracle had me uninstall and then > reinstall while connected as the local admin account. I just installed the > January 2009 CPU on a windows box and something broke. I opened an SR with > Oracle, we solved the problem but again the question arose as to whether the > installation had been done as Oracle or the local admin account with the > suggestion that it might be necessary to uninstall and reinstall while > connected as the local admin account. I have done quite a number of > installations as Oracle rather than the local admin account as well as > upgrades and patching but t > wice the question of who did the installation has arisen. > > My question, can someone explain why, if oracle is a member of the > administrators group with full administrative rights on the box it would > matter whether the installation is done as Oracle or the local admin > account? Is there documentation available which might give me some more > insight into this question? > > Thanks. > > Bill Wagman > Univ. of California at Davis > IET Campus Data Center > wjwagman@xxxxxxxxxxx > (530) 754-6208 > > -- > //www.freelists.org/webpage/oracle-l > > > -- Niall Litchfield Oracle DBA http://www.orawin.info