Hmmm. Interesting. I'll test this out and let you know. WGB -----Original Message----- From: Stephane Faroult [mailto:sfaroult@xxxxxxxxxxxx] Sent: Friday, June 11, 2010 12:40 PM To: Blanchard, William Cc: ORACLE-L; oracledba@xxxxxxxxxxx Subject: Re: Replacing OPS$ accounts William, What about setting ops_authent_prefix to something different? It will not lock the accounts, but in effect it's likely to look the same ... If you set ops_authent_prefix to 'hagahaga' and a user connected (to the OS) as joe tries sqlplus / Oracle will try to connect to hagahagajoe, which is unlikely to exist. The only risk is if the user explicitly connects as ops$joe AND if the account has an Oracle password (which sometimes happens, when people need to remotely connect). Hope that helps. Stephane Faroult RoughSea Ltd <http://www.roughsea.com> Konagora <http://www.konagora.com> RoughSea Channel on Youtube <http://www.youtube.com/user/roughsealtd> Blanchard, William wrote: > > Greetings, > > We have a legacy app that is currently using OPS$ accounts to log the > users into the database. Since this is a purchased application that > is no longer supported by the company we purchased it from, changing > the code isn’t possible. Has anyone found a way to get rid of these > accounts? If not, is there a “best practice” for locking down the > OPS$ accounts? > > > Thank you, > > WGB > > - > > This email and any information, files, or materials transmitted with it > are confidential and are solely for the use of the intended recipient. > If you have received this email in error, please delete it and notify > the sender. > > - This email and any information, files, or materials transmitted with it are confidential and are solely for the use of the intended recipient. If you have received this email in error, please delete it and notify the sender.