Latest infos from IBM:

Local accounts (including Windows Local System Account) could be used for the
DB2 services if Pre-Windows 2000 Authentication (anonymous access) is enabled in
the Active Directory domain (which is NOT enabled at our site because of
security issues).

The DB2 service itself will authenticate other users like remote DB2
administrators etc. within the Windows 2000 domain and therefore MUST be able
(i.e. have the right) to browse the domain. If the DB2 service account is
(server) local and Pre-Windows 2000 Authentication is not enabled no other
domain users can be authenticated through DB2 server authentication.

So as all of you told us and now also IBM is telling us (and explainig it a bit)
we will use Domain accounts for the DB2 services in our Windows 2000 domain.
Thanks for all your input!

Günther


Günther Schöllhammer schrieb:

> To Alexandre and Mark (Yudkin):
>
> As IBM told us the alternative for running that service would / should be
> another LOCAL user account (e.g. LocUsrX).
>
> I would say that using another LOCAL account (instead of the SYSTEM account)
> doesn't improve anything. All the issues concerning network ressources (SAN,
> etc.) would apply, too. Only a Domain account would solve these problems /
> limitations.
>
> So speaking about LOCAL accounts (either user or the SYSTEM) the limitations
> seem the same. There's no advantage of using a local user account against
> the local SYSTEM account.
>
> Correct?
>
> Günther