Re: Windows DB best practices
- From: "Paul Drake" <bdbafh@xxxxxxxxx>
- To: wjwagman@xxxxxxxxxxx
- Date: Wed, 11 Apr 2007 18:27:20 -0400
On 4/11/07, William Wagman <wjwagman@xxxxxxxxxxx> wrote:
Greetings,
I had an interesting experience installing 10gR2 on Windows recently. The
box is running Windows Server 2003 R2 Enterprise Edition SP1. I was logged
in as a user which was a member of the local administrators group and I
installed the client, that is all I needed. I subsequently encountered
difficulties with the networking piece, the reason I installed the client in
the first place, which I was unable to resolve. I opened an SR with Oracle
and was told that they have seen problems when the installation is done by a
user other than the Administrator. I uninstalled everything, connected as
the administrator account and everything worked. I don't know if this was
actually the cause of the problem or Oracle not wanting to solve the real
issues but it was an interesting situation. This is the second 10gR2 install
I have done on Windows, the other worked fine and I did that under an
account that was a member of the local administrators group. I don't know if
I did something wrong or if there is something to this but perhaps worth
keeping in mind.
Thanks.
Bill Wagman
Univ. of California at Davis
IET Campus Data Center
wjwagman@xxxxxxxxxxx
(530) 754-6208
Bill,
I've seen the same thing when installing the 10g R2 client on MS W2K3
Server and on Citrix Metaframe. The 10.2.0 patchset 2 (10.2.0.3) has
fixes in it to deal with such errors, such as permissions on the bin
directory.
Yes, that patchset is huge, but over time it gets drilled into your
head to apply the latest patchset (and possibly one-off patch) prior
to even opening a service request.
To add filler to what would have been a post that would have bounced,
I'll be verbose.
Regardless of whether its *nix or MS Windows, apply the latest
patchset and patch (if its a critical patch update) if at all
possible.
Paul
______________________________
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Niall Litchfield
Sent: Wednesday, April 11, 2007 11:15 AM
To: andert@xxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: Windows DB best practices
Hi Stephen,
In terms of security, what I recommend is the following - which assumes a
single windows domain rather than workgroup or standalone server.
First create a global group (called DB Admins or similar). Assign membership
of this group to the personal accounts of your DBAs (and no-one else - there
should be no anonymous accounts in this group).
Next on each local machine make the global group a member of the local
"administrators" security group. This will enable the designated dba to
install Oracle. After the install is complete you should make the domain
group a member of the local ORA_DBA security group created by the install,
and optionally remove it from the local administrators group.
This gets you:
accountability - since everyone uses their own account.
groups used for the right things - local groups for access to resources,
global groups for privileges for users.
I second the recommendation to make sure that you have a dedicated server
for production oracle databases, but don't see that as a windows specific
thing. I've also never worked anywhere that sys admins didn't share that
view.
On 4/10/07, Stephen Andert <andert@xxxxxxxxx> wrote:
> Yes, I know the first one is "use *nix" but I am tired of fighting
> about it and my boss made the decision.
> The main question I have is whether to create an oracle-specific
> account or just use an administrator account. Also, any links to
> Windows best practices would be great.
--
//www.freelists.org/webpage/oracle-l
Other related posts:
