Filter
Top Products
Granting user rights (Windows)
This topic describes the steps required to grant user rights on Windows operating
systems. Specific user rights are recommended for user accounts required to install
and set up DB2.
Prerequisites:
To grant advanced user rights on Windows you must be logged on as a local
Administrator.
Procedure:
1. Click Start and select Run ....
2. Type secpol.msc and click OK.
3. Select Local Security Policy.
4. In the left window pane, expand the Local Policies object, then select User
Rights Assignment.
5. In the right window pane, select the user right that you want to assign.
6. From the menu, select Action —> Security...
7. Click Add, then select a user or group to assign the right to, and click Add.
8. Click OK.
If your computer belongs to a Windows 2000 or Windows Server 2003 domain, the
domain user rights may override your local settings. In this case, your Network
Administrator will have to make the changes to the user rights.
Related concepts:
v “User, user ID and group naming rules” in Administration Guide: Implementation
Related reference:
v “Required user accounts for installation of DB2 server products (Windows)” in
Quick Beginnings for DB2 Servers
DB2 system administrator group considerations (Windows)
By default, system administrative (SYSADM) authority is granted to any valid DB2
user account that belongs to the Administrators group on the computer where the
account is defined. If the account is a local account, then it must belong to the local
Administrators group. If the account is a domain account, then it must belong to
the Administrators group at the domain controller or the local Administrators
group.
For example, if a user logs on to a domain account and tries to access a DB2
database, the DB2 database server goes to a domain controller to enumerate
groups (including the Administrators group). You can force the DB2 database
server to always perform group lookup on the local computer by setting the
registry variable DB2_GRP_LOOKUP=local and adding the domain accounts (or
global groups) to the local group.
For a domain user to have SYSADM authority, they must belong to the local
Administrators group or the Administrators group at the domain controller. Since
the DB2 database server always performs authorization at the machine where the
Chapter 1. Installation prerequisites 9