Hi Stephen, In terms of security, what I recommend is the following - which assumes a single windows domain rather than workgroup or standalone server. First create a global group (called DB Admins or similar). Assign membership of this group to the personal accounts of your DBAs (and no-one else - there should be no anonymous accounts in this group). Next on each local machine make the global group a member of the local "administrators" security group. This will enable the designated dba to install Oracle. After the install is complete you should make the domain group a member of the local ORA_DBA security group created by the install, and optionally remove it from the local administrators group. This gets you: 1. accountability - since everyone uses their own account. 2. groups used for the right things - local groups for access to resources, global groups for privileges for users. I second the recommendation to make sure that you have a dedicated server for production oracle databases, but don't see that as a windows specific thing. I've also never worked anywhere that sys admins didn't share that view. On 4/10/07, Stephen Andert <andert@xxxxxxxxx> wrote:
Yes, I know the first one is "use *nix" but I am tired of fighting about it and my boss made the decision. The main question I have is whether to create an oracle-specific account or just use an administrator account. Also, any links to Windows best practices would be great. -- Stephen http://andertfamily.net/racing_reports.aspx Any idiot can run. It takes a special kind of idiot to run a marathon. -- //www.freelists.org/webpage/oracle-l
-- Niall Litchfield Oracle DBA http://www.orawin.info