Wednesday, October 12, 2011


How to Grant the SYS user sufficient privileges on Windows.



Several months ago I setup an Oracle instance on Windows for testing. Then we moved from one state to another. Finally the time arrived to startup that Windows server again. Enough time had passed that I could not remember setting any particular password on any of the SYSDBA accounts. The default passwords were not working. None of my favorite passwords were working. If I could connect / as sysdba, I could change the passwords to anything I like. When I tried that, it said ORA-01031: insufficient privileges.

What to do now?

I checked the Windows services to make sure they were running: yep.

I bounced the Windows services: no improvement.

I ran the orapwd.exe command to create a password file in the $ORACLE_HOME/dbs directory. It prompts you for the password to use for the SYSDBA account. That didn't help.

I mean, if you OWN the box, you should be able to connect / as sysdba, because that would use local authentication, which runs the service, which has authority to run the service, which should work. Right?

I opened the Database Configuration Assistant to see what it had to offer, but it wants to know the username and password for a SYSDBA account, so that was another dead end. I checked later and there was nothing that would have been helpful there anyway. Fine. If we're going to fail, let's fail as fast as possible.

I tried to "connect internal", but the error message that it gave me indicates that syntax is long out of date.

It reminds me of a quote – "America can be trusted to do the right thing, after exhausting all the alternatives."

Don't misunderstand that to be anti-American. Consider another quote, "Democracy is the worst form of government, except for all the others."

So I'm just thankful to even have such problems. Anyway,...

Finally, under the Start Menu for my Oracle program group, under Configuration and Management Tools, I found the Administration Assistant for Windows. It offers a screen such as the one shown below.




This computer is named SANDBOX. I login as Blue Cutie, which is "an administrator", although not "THE administrator". Somehow this Administrator account on this server is gone. I tried to add it back, and it said it was already there. You can't win an argument like that, can you? That is a puzzle for another day.

Nevertheless, after I right-mouse clicked on the OS Database Administrators – Computer line, and added Blue Cutie (which is the account I login with) as an administrator, I was able to go back to SQL*Plus, connect / as sysdba, and set the password to whatever I want. "Alter user sys identified by whatever;"

Best wishes to always be able to regain access to your SYSDBA account.

~ the hard-working DBA.
Posted by at No comments:
Subscribe to: Posts (Atom)