William, Originally you asked how to get rid of or locking OPS$ account. Simple answer to that is simply drop OPS$ account with CASCADE or LOCK the account and face the music; which certainly will result into undesirable consequences. By setting remote_os_authent to FALSE you are not dropping or locking the account. Only you are preventing any one from using OS authentication to log into the database. COBOL app should be able to log directly into the database with OPS$ id and correct password. - Mayen "Blanchard, William" <wblanchard@xxxxxxxxxxxxxxxxxxxx> Jun 11 2010 02:22 PM To Mayen Shah/ITS/Lazard@Lazard NYC cc ORACLE-L <oracle-l@xxxxxxxxxxxxx>, oracle-l-bounce@xxxxxxxxxxxxx, oracledba@xxxxxxxxxxx Subject RE: Replacing OPS$ accounts Mayen, The application, and old COBOL app, uses the OPS$ account to log into the database. WGB From: Mayen.Shah@xxxxxxxxxx [mailto:Mayen.Shah@xxxxxxxxxx] Sent: Friday, June 11, 2010 12:56 PM To: Blanchard, William Cc: ORACLE-L; oracle-l-bounce@xxxxxxxxxxxxx; oracledba@xxxxxxxxxxx Subject: Re: Replacing OPS$ accounts William, You may set to remote_os_authent to FALSE (default value) to prevent any one from logging in as OPS$ account or you may change value of os_authent_prefix to any string other than OPS$. HTH - Mayen "Blanchard, William" <wblanchard@xxxxxxxxxxxxxxxxxxxx> Sent by: oracle-l-bounce@xxxxxxxxxxxxx Jun 11 2010 01:02 PM Please respond to wblanchard@xxxxxxxxxxxxxxxxxxxx To ORACLE-L <oracle-l@xxxxxxxxxxxxx>, oracledba@xxxxxxxxxxx cc Subject Replacing OPS$ accounts Greetings, We have a legacy app that is currently using OPS$ accounts to log the users into the database. Since this is a purchased application that is no longer supported by the company we purchased it from, changing the code isn’t possible. Has anyone found a way to get rid of these accounts? If not, is there a “best practice” for locking down the OPS$ accounts? Thank you, WGB - This email and any information, files, or materials transmitted with it are confidential and are solely for the use of the intended recipient. If you have received this email in error, please delete it and notify the sender.