If you are installing Oracle software for the first time and on the products that you are installing, create several operating system groups and users. Show
You can choose to create one administrative user and use one group for operating system authentication for all system privileges on the storage and database tiers. For example, you can designate the Log in as an Administrator user, and use the following instructions to create the Oracle Installation user for Oracle Database.
About the Oracle Installation UserTo install Oracle Restart or Oracle Database software, you must use either a local or a domain user that is also a member of the Administrators group. This user is the Oracle Installation User. The Oracle Installation User can be either a local user or a domain user. Creating Oracle Home UserDuring Oracle Database installation, you can specify an optional Oracle home user associated with the Oracle home. For example, assume that you use an Administrator user named Oracle home user can be a Windows Built-in Account (LocalSystem for Server and LocalService for Client), Virtual Account, or a regular (not an administrator) Windows account. If you specify an existing user as the Oracle home user, then the Windows User Account you specify can either be a Windows Domain User or a Windows Local User. A Windows User Account need not be created by the Administrator if a Virtual Account or a Windows Built-in Account is used during installation. If you specify a non-existing user as the Oracle home user, then the Windows User Account you specify must be a Windows Local User. The installer creates this account automatically to run the Windows services for the Oracle home. Do not log in using this account to perform administrative tasks. Starting with Oracle Database 12c Release 2 (12.2), the Group Managed Services Account (gMSA) and Virtual Accounts enables you to install Oracle Database, and create and manage Database services without passwords. The gMSA is a domain level account that can be used by multiple servers in a domain to run the services using this account. Windows User Account can be a Windows Local User, Windows Domain User, Managed Services Account (MSA), or Group Managed Services Account (gMSA). If you want to create a new user during installation, then it can only be a Windows Local User. It cannot be a Windows Domain User, an MSA, or a gMSA. The new user that is created is denied interactive logon privileges to the Windows computer. However, a Windows administrator can manage this account like any other Windows account. Oracle recommends that you use Virtual Account or a standard Windows User Account (instead of Windows Built-in Account) as the Oracle Home User for enhanced security. Note: You cannot change the Oracle Home User after the installation is complete. If you must change the Oracle Home User, then you must reinstall the Oracle Database software. When you specify an Oracle Home user, the installer configures that user as the Oracle Service user for all software services that run from the Oracle home. The Oracle Service user is the operating system user that the Oracle software services run as, or the user from which the services inherit privileges. Silent installation is enhanced to support password prompt for the Oracle home user. So, customers and independent software vendors (ISV) can use response files without hard coding the password into the source code. Oracle recommends using Virtual Account or a standard Windows User Account (not an Administrator account) as the Oracle Home User for typical installation, software-only installation, and cloning. If an existing Windows User Account is used as the Oracle home user for software-only installation, then a password is not required. Thus, you can perform a silent, software-only installation using Windows User Account. If you use a Windows User Account as the Oracle home user for cloning individual Oracle Database installations, then a password is not required. Virtual Account is the Oracle home user for Oracle Database Single Instance database installation. The account enables you to install Oracle Database, create, and manage Database services without passwords. The gMSA is a domain level account that can be used by multiple servers in a domain to run the services using this account. The gMSA is a low privilege user account. Understanding the Oracle Inventory Directory and the Oracle Inventory GroupThe Oracle Inventory directory is the central inventory location for all Oracle software installed on a server. By default, the location of the Oracle Inventory directory is When you install Oracle software on the system for the first time, Oracle Universal
Installer creates the directories for the Oracle central inventory and the Oracle Inventory group, Whether you are performing the first installation of Oracle software on this server, or are performing an installation of additional Oracle software on the server, you do not need to create the Oracle central inventory or the Operating System Groups Created During Oracle Database InstallationDuring installation, the user groups listed in the following table are created, if they do not already exist. The Table 4-1 User Groups Created During Oracle Database Installation
During the installation of Oracle Database, all groups mentioned in the table are populated for proper operation of Oracle products. You must not remove any group member populated by Oracle. However, if you want to assign specific database privileges to new Windows operating system users, then you can manually add users to these groups after the installation completes. Oracle creates other groups, such as, See Also:
Operating System Groups and Users for Job Role SeparationA job role separation configuration of Oracle Database and Oracle ASM is a configuration with groups and users to provide separate groups for operating system authentication.
About Job Role Separation Operating System Privileges Groups and UsersDuring the Oracle Database installation, the Members of these groups are granted operating system authentication for the set of database system privileges each group authorizes. Oracle recommends that you use different operating system groups for each set of system privileges. Oracle Software Owner For Each Oracle Software ProductYou can create a single user (for example, However, Oracle recommends that you create one software owner to own each Oracle software installation (typically, You must create at least one software owner the first time you install Oracle software on the system. Note: In Oracle documentation, a user created to own only Oracle Grid Infrastructure software installations is called the Standard Oracle Database Groups for Job Role Separation for Oracle DatabaseReview the standard Oracle Database groups. The following is a list of standard Oracle Database groups. These groups provide operating system authentication for database administration system privileges: Note: All these groups are automatically created as a part of Oracle Database installation on Windows.
Extended Oracle Database Groups for Job Role SeparationIn addition to the SYSOPER privilege to start up and shut down the database, you can create new administrative privileges that are more task-specific and less privileged than the Users granted these system privileges are also authenticated through operating system group membership. During installation, you are prompted to provide operating system groups whose members are granted access to these system privileges. You can assign the same group to provide authentication for these privileges (for example, The OSDBA subset job role separation privileges and groups consist of the following:
Note: All these groups, Oracle Automatic Storage Management Groups for Job Role SeparationReview the operating system groups. Create the following operating system groups if you are installing Oracle Grid Infrastructure:
Windows Group Managed Service Accounts and Virtual AccountsGroup Managed Services Account (gMSA) and Virtual Accounts are now supported and enable you to create and manage Database services without passwords. Microsoft Hyper-VMicrosoft Hyper-V enables you to create and manage a virtualized computing environment by running multiple operating systems simultaneously on a single computer and isolate operating systems from each other. Microsoft Hyper-V enables built-in integration services for supported guest operating systems to improve the integration between a computer and a virtual machine. What utility is available on a Windows PC to view current running applications and processes?Task List Viewer (TList), or tlist.exe, is a command-line utility that displays the list of tasks, or user-mode processes, currently running on the local computer.
Which Net command is used to starts a network service or lists running network services?The net start command is used to start a network service or list running network services. Use the net statistics command to show the network statistics log for the Server or Workstation service. The net stop command is used to stop a network service.
Which Windows tool selectively denies traffic to a computer or network segment?A firewall is a computer network security system that restricts internet traffic in, out, or within a private network. This software or dedicated hardware-software unit functions by selectively blocking or allowing data packets.
Is a utility that generates a list of hops that were successfully reached along the path?Traceroute (tracert) is a utility generates a list of hops that were successfully reached along the path. This list can provide important verification and troubleshooting information. If the data reaches the destination, then the trace lists the interface of every router in the path between the hosts.
|