Starting with Oracle Database 12c Release 1 (12.1), ORADIM creates Oracle Database service, Oracle VSS Writer service, and Oracle Scheduler service to run under the Oracle Home User account.
Oracle Home User is the standard Windows User Account (not an Administrator), specified during installation, that runs most of the Windows services required by Oracle for Oracle home.
If this Oracle Home User is a Windows Local User Account or a Windows Domain User Account, then ORADIM prompts for a password for that account and accepts the same through stdin.
All Oracle administration tools that create Windows services have been modified to prompt for the password of Oracle Home User when the Oracle Home User is a Windows Local User Account or a Windows Domain User Account, and the password for Oracle Home User is not stored in the Oracle Wallet.
Depending on the type of database installation and user account used as the Oracle Home User, Windows services run under low-privileged, non-administrative accounts such as a LocalService, or an authenticated Windows User Account, or as a high-privileged Local System Account (LSA) in Oracle home.
Table C-1 Running Windows Services
| Type of Installation | Oracle Home User | Windows Service User for the Services |
|---|---|---|
|
Oracle Database Server |
Windows User Account |
Windows User Account |
|
Oracle Database Server |
Built-in Account |
Local System Account |
|
Oracle Database Client |
Windows User Account |
Windows User Account |
|
Oracle Database Client |
Built-in Account |
LocalService |
|
Oracle Grid Infrastructure (with the Grid Infrastructure Management Repository) |
Windows User Account |
Grid Listeners using LocalService Database services using Windows User Account Foot 1Clusterware services using Local System Account |
|
Oracle Grid Infrastructure (without the Grid Infrastructure Management Repository) |
Built-in Account |
Grid Listeners using LocalService Clusterware services using Local System Account |
Footnote 1
Clusterware requires administrative privileges so it always uses Local System Account to run Windows services.
Certain functions performed by the Oracle Database service require additional privileges.
Oracle Universal Installer and other Oracle tools automatically grant the following privileges to the Windows services SID of the respective services during the creation of these services:
SeIncreaseBasePriorityPrivilege: A process requires this privilege to change the priority of its threads. This privilege is granted to Windows service SIDs of Oracle Automatic Storage Management (Oracle ASM) or Oracle Database services.
SeBackupPrivilege: This privilege is required to perform backup operations. It is granted to the Windows service SIDs of Oracle VSS Writer service.
SeBatchLogonRight: This privilege is required for an account to log on using the batch logon type. It is granted to the Windows service SIDs of Oracle Scheduler service.
To enable Oracle Database to use Large Pages or working set features, the following additional operating system privileges must be manually granted by the operating system administrator to either the Oracle Home User or to the Windows service SIDs of the specified Oracle Database service during the creation of these services.
Oracle recommends granting privileges to the Windows service SID of Oracle Database service instead of the Oracle Home User. The Windows service SID of the database service follows this syntax, NT AUTHORITY\OracleServiceSID.
SeLockMemoryPrivilege: This privilege is required to lock pages in memory. Oracle Database requires this privilege to use Large Pages.
SeIncreaseQuotaPrivilege: This privilege is required to change the memory quota for a process. This is needed while setting the max and min working set sizes for the database.
Related Topics
To grant an operating system privilege to a specific user, perform the following steps: