Beginning with Oracle Database 12c Release 1, Oracle introduces the new Oracle Home User account under Windows. But why? Unitl now, everything runs really fine without any special accounts. Those who work with Oracle databases on UNIX-like operating systems knows the clear seperation of root user and Oracle DBA (oracle). Everyone has their tasks, the DBA takes care of the database or the software installation (usually oinstall group) and only the root can make changes tot he server. On Windows this is different so far. It is difficult to design a granular assignment of rights sometimes and in doubt the administrator account has to serve. With 12c Oracle is now trying to bring the similar rights concept on UNIX to Windows database servers.
Home User Account
The Oracle Home User Account is a low privileged account without administrator rights. It is used to manage the database (not the database software) and the associated services. When you install the database software Oracle provides us with three choises.
For selection is firstly „Use Exisiting Windows User“, either a local user, a domain user or a so-called managed service account (MSA). The second option is to „Create New Windows User“, where a local user account is created on the computer. However, the account has no resgistration or login permission. The third option „Use Windows Built-in Account“ means the built-in acocunt that Windows uses internally to manage ist services and privileges. In general Oracle uses SYSTEM or local system for this. This last selection would then correspond to the configuration as it was made up to Oracle 11g. This practically defines to set up Home User account. No matter what choice you make, after installation, there is no way back. You can not change the Oracle Home User anymore!
I can not give an clear answer in which case you should choose which account. It really makes sense, if you’re in a domain to define a domain user account or a msa. The benefits of centrelized managagement through Active Directory to the local variant need no discussion here. However you should consider, distinguishing features between msa and „normal“ domain account. But what impact will now have the different options? In concrete terms, the new home user has full access to the entire Oracle Base directory. This permission will be inherited to all sub-directories and files. The patching of the software remains the task of the administrator. As already said the home user must not have administrative privileges and is excluded here. This distinction gets clearly when you look at the owner of the Oracle Home. It is the one administrator who installed the software. Owner of the data file directory and the data files is the Oracle Home User.
Another major change is that the Home User has the authority over services led by the database instance itself and the listener.
The Home User can therefore start and stop the appropriate services. As a consequence, the Home User is also required when creating a new listener
or when a new database is to be created.
At the end I like to refer to the Oracle Home User Control Tool. If the password of the Home User Account changes Oracle would like to be aware of this circumstance. Therefore you can find a shortcut to a Batch in the Oracle program folder „Update password of the Oracle Home User“.
Alternatively, you have to enter „orahomeuserctl“ on the command line and with „list“ you can initially display the Home User:
C:\Users\Administrator> orahomeuserctl list
And announce the new password with the following syntax:
orahomeuserctl updpwd [-user username] [-host hostname1, hostname2, …] [-log logfilename]
Very important additional information you will find here:
Caution, 12c Oracle Home User cannot be changed!
Very helpful Thank You!
Actually I had no problem changing it, on Windows.. I originally installed with the new Oracle Home User Account.. Then when I went to create the database I realized that was not what I wanted.. So I opened regedit and went to HKEY_LOCAL_MACHINESOFTWAREOracleKeyOraDB12Home1 and I changed ORACLE_SVCUSER from the new home account to the old way: NT AUTHORITYSYSTEM and also changed ORACLE_SVCUSER_PWDREQ from 1 to 0
That sounds good … but the Oracle Documentation is very clear about that: Oracle Home User cannot be changed post installation. https://docs.oracle.com/database/121/NTQRF/oh_usr.htm#NTQRF672 Hopefully you won’t face any issues later.
Testing the Migration from Oracle 12.1 to 12.2 and struggled with that Oracle Home User Account. In 12.2 the User can not be a member of the Administrator Group – in 12.1 this was still possible.
Installing the software with User “x” and change the registry entry to User “y” (the Oracle Home User from 12.1) will not work, oradim will fail with “DIM-0092 unable to determine Oracle Service user.”.
I had to create a new user and grant full control on the Oracle data-, log-, controlfile directories plus the network shares for datapump.
Thanks, for sharing your experience here. Didn’t check that “special” case with 12.2 for now. Thank you.
I’m installing Oracle 12.2 in Windows 10 machine. I’ve used the option of “Create new windows user” prompted during installation process. The installation failed in the Oracle Net configuration Assistant and Oracle Database configuration assistance.
========================================
INFO: Read: SYS_PASSWORD_PROMPT
INFO: SYS_PASSWORD_PROMPT
INFO: Processing: SYS_PASSWORD_PROMPT for argument tag -sysPassword
INFO: Read: ************
INFO: ************
WARNING: Skipping line: ************
INFO: Read: SYSTEM_PASSWORD_PROMPT
INFO: SYSTEM_PASSWORD_PROMPT
INFO: Processing: SYSTEM_PASSWORD_PROMPT for argument tag -systemPassword
INFO: Read: *************
INFO: *************
WARNING: Skipping line: *************
INFO: Read: SERVICE_USER_PASSWORD_PROMPT
INFO: SERVICE_USER_PASSWORD_PROMPT
INFO: Processing: SERVICE_USER_PASSWORD_PROMPT for argument tag -winServiceUserPassword
INFO: Read: **************
INFO: **************
WARNING: Skipping line: **************
INFO: Read: [FATAL] [DBT-10304] Oracle home user password is not correct.
INFO: [FATAL] [DBT-10304] Oracle home user password is not correct.
WARNING: Skipping line: [FATAL] [DBT-10304] Oracle home user password is not correct.
INFO: Completed Plugin named: Oracle Database Configuration Assistant
INFO: Oracle Database Configuration Assistant failed.
================================================
Any help why this error message is coming? I’ve make sure the password is correct and given same password everywhere.
Having the exact same issue, did you manage to resolve?