The usual method to install a DB2® database
product on Windows is to
use an Administrator user account. However, DB2 database products can be installed using
a non-administrator account. To do so, a Windows Administrator must configure the
elevated privileges feature in Windows.
About this task
This task explains how a Windows Administrator
can set up a computer with elevated privileges to allow installation
using a non-Administrator user account. The related task of granting DB2 administration authorities to
non-Administrator users is also covered.
Typically a Windows Administrator would perform
this task to enable another person who does not have an Administrator
account to install a DB2 database
product. The role of this person might be only to install DB2 database products or to also
administer DB2 database products
once installed.
Restrictions
Before
initiating this procedure, note the following restrictions on non-Administrator
installation using elevated privileges:
- Non-Administrator users can only install fix packs, add-on products,
or upgrade DB2 database products
if prior installations or upgrades were also performed by the same
non-Administrator user.
- Non-Administrator users cannot uninstall a DB2 database product. Those non-Administrator
users on a Windows operating system can uninstall a DB2 database product.
This procedure uses the Windows Group
Policy Editor.
Procedure
- Click and type gpedit.msc. The Group
Policy window opens.
- Click on .
- Enable the following Group Policy settings:
- Always install with elevated privileges (mandatory)
- Enable user control over installs (mandatory)
- Disable Windows Installer.
Then set it to Never.
- Enable user to patch elevated products (optional)
- Enable user to use media source while elevated (optional)
- Enable user to browse for source while elevated (optional for
new installations, mandatory for fix pack upgrades)
- Enable elevated privileges for the user account that will
be performing the installation.
- Click .
- Enable the Always install with elevated privileges
(mandatory) Group Policy setting.
- Perform setup related to the user account that will install
the DB2 database product.
- Identify the user account that will install the DB2 database product. If necessary, create that
account.
- Give that account write permission for the drive on which an installation
is planned.
- Optional: Complete additional steps applicable
to installing fix packs:
- Provide read access to the sqllib\cfg directory.
- Ensure that allowlockdownpatch is enabled
(as described in the Windows Installer
SDK documentation) because fix pack installations are considered minor
upgrades to the product.
- Refresh the computer's security policy in any one
of the following ways:
- Reboot the PC.
- At the command line, enter gpupdate.exe.
Results
By following this procedure you will have set up the computer
with elevated privileges and set up a user account that will be able
to install DB2 database server
products, clients and fix packs.
After DB2 database product installation
is complete:
- Any user in the system administrative (SYSADM) or system control
(SYSCTRL) authority group defined in the database manager configuration
for the instance can create and use DB2 databases
within the DB2 instance.
- Only a user with local Administrator authority can run DB2 instance utilities, such as db2icrt, db2idrop, db2iupdt,
or db2iupgrade.
- The authorization requirements for running the db2start or db2stop command
is defined in the topics START DATABASE MANAGER command,
and STOP DATABASE MANAGER command.
What to do next
- Using regedit instead of the Windows Group
Policy Editor
-
An alternative to using the Windows Group
Policy Editor is to use regedit.
In the registry branch HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows,
add the key installer
- Edit the key installer with the following values:
- For AlwaysInstallElevated, enter REG_DWORD=1
- For AllowLockdownBrowse, enter REG_DWORD=1
- For AllowLockdownMedia, enter REG_DWORD=1
- For AllowLockdownPatch, enter REG_DWORD=1
- For DisableMSI, enter REG_DWORD=0
- For EnableUserControl, enter REG_DWORD=1
In the registry branch HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows,
add the key installer
- Edit the key installer with the following values:
- Removing elevated privileges
-
After you have given elevated privileges, you can reverse
this action. To do so, remove the registry key Installer under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows.
- Granting a non-administrator user DB2 administration
authorities
-
At this point, only members of the Windows Administrators group will have DB2 administration authorities.
The Windows Administrator
has the option to grant one or more DB2 authorities,
such as SYSADM, SYSMAINT, or SYSCTRL to the non-Administrator user
who installed the DB2 database
product.