Home » Infrastructure » Windows » Network permissions when using Windows virtual account (DB19.3, Windows 2019)
Network permissions when using Windows virtual account [message #677930] Thu, 24 October 2019 05:23 Go to next message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
I've installed my Oracle Home using a Windows virtual account, which seems to be the recommended method now. All fine except for RMAN backup to a remote device. When using a domain account, or even the built-in system account, this can be done by giving the account under which the service is running privileges on the remote device and writing to the UNC path. However, I can't see how to do this with a virtual account. It is virtual!

At the bottom of this
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/service-accounts
it saysQuote:
Services that run as virtual accounts access network resources by using the credentials of the computer account in the format <domain_name>\<computer_name>$.
What does that mean? How should the permissions be configured? Has anyone using virtual accounts made this type of backup work?

I have opened a TAR for this, but it would be nice to get an answer this century rather than waiting for Support.

Thank you for any insight.
Re: Network permissions when using Windows virtual account [message #678078 is a reply to message #677930] Fri, 08 November 2019 13:36 Go to previous messageGo to next message
Flyby
Messages: 188
Registered: March 2011
Location: Belgium
Senior Member
Hmm, that would mean you grant rights to a computer account (objecttype = computer, which connects as computer$) instead of a regular user/group account (objecttype = user).

[Updated on: Fri, 08 November 2019 13:39]

Report message to a moderator

Re: Network permissions when using Windows virtual account [message #678080 is a reply to message #678078] Sat, 09 November 2019 01:55 Go to previous message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
THank you for explaining, I'll try it next time. In this case, we ended up running the services under the local Administrator account and granting privileges to that. Probably not ideal, but it works.
Previous Topic: SQL Load Multiple files to Single table
Next Topic: unable to run preupgrade.jar - getting invalid username/password error
Goto Forum:
  


Current Time: Thu Mar 28 06:25:34 CDT 2024