Defining which users hold SYSADM authority (Windows )

Certain users have SYSADM authority if the sysadm_group database manager configuration parameter is not set (that is, it is NULL).

These users are:

Members of the local Administrators group
Members of the Administrators group at the Domain Controller, if the Db2® database manager is configured to enumerate groups for users at the location where the users are defined (you can use the DB2_GRP_LOOKUP environment variable to configure group enumeration)
Members of the DB2ADMNS group, if Windows extended security is enabled. The location of the DB2ADMNS group is decided during installation.
The LocalSystem account

There are cases where the previously mentioned default behavior is not desirable. You can use the sysadm_group database manager configuration parameter to override this behavior by using one of the following methods:

Create a local group on the Db2 server machine and add to it users (domain users or local users) that you want to have SYSADM authority. The Db2 database manager should be configured to enumerate groups for the user on the local machine.
Create a domain group and add to it the users that you want to have SYSADM authority. The Db2 database manager should be configured to enumerate groups for users at the location where the users are defined.

Then update the sysadm_group database manager configuration parameter to this group, using the following commands:

   DB2 UPDATE DBM CFG USING SYSADM_GROUP group_name
   DB2STOP
   DB2START