IBM Frozen Dessert Maker VERSION 9 ユーザーズマニュアル
Granting
user
rights
(Windows)
This
topic
describes
the
steps
required
to
grant
user
rights
on
Windows
operating
systems.
Specific
user
rights
are
recommended
for
user
accounts
required
to
install
and
set
up
DB2.
Prerequisites:
To
grant
advanced
user
rights
on
Windows
you
must
be
logged
on
as
a
local
Administrator.
Procedure:
1.
Click
Start
and
select
Run
...
.
2.
Type
secpol.msc
and
click
OK
.
3.
Select
Local
Security
Policy
.
4.
In
the
left
window
pane,
expand
the
Local
Policies
object,
then
select
User
Rights
Assignment
.
5.
In
the
right
window
pane,
select
the
user
right
that
you
want
to
assign.
6.
From
the
menu,
select
Action
—>
Security...
7.
Click
Add
,
then
select
a
user
or
group
to
assign
the
right
to,
and
click
Add
.
8.
Click
OK
.
If
your
computer
belongs
to
a
Windows
2000
or
Windows
Server
2003
domain,
the
domain
user
rights
may
override
your
local
settings.
In
this
case,
your
Network
Administrator
will
have
to
make
the
changes
to
the
user
rights.
Related
concepts:
v
“User,
user
ID
and
group
naming
rules”
in
Administration
Guide:
Implementation
Related
reference:
v
“Required
user
accounts
for
installation
of
DB2
server
products
(Windows)”
in
Quick
Beginnings
for
DB2
Servers
DB2
system
administrator
group
considerations
(Windows)
By
default,
system
administrative
(SYSADM)
authority
is
granted
to
any
valid
DB2
user
account
that
belongs
to
the
Administrators
group
on
the
computer
where
the
account
is
defined.
If
the
account
is
a
local
account,
then
it
must
belong
to
the
local
Administrators
group.
If
the
account
is
a
domain
account,
then
it
must
belong
to
the
Administrators
group
at
the
domain
controller
or
the
local
Administrators
group.
For
example,
if
a
user
logs
on
to
a
domain
account
and
tries
to
access
a
DB2
database,
the
DB2
database
server
goes
to
a
domain
controller
to
enumerate
groups
(including
the
Administrators
group).
You
can
force
the
DB2
database
server
to
always
perform
group
lookup
on
the
local
computer
by
setting
the
registry
variable
DB2_GRP_LOOKUP=local
and
adding
the
domain
accounts
(or
global
groups)
to
the
local
group.
For
a
domain
user
to
have
SYSADM
authority,
they
must
belong
to
the
local
Administrators
group
or
the
Administrators
group
at
the
domain
controller.
Since
the
DB2
database
server
always
performs
authorization
at
the
machine
where
the
Chapter
1.
Installation
prerequisites
9