My Oracle Support Banner

Windows: How to Modify OS User Privileges for 11gR2 Grid Infrastructure and RAC Services (Needed for Backup To Network Shares) (Doc ID 1339053.1)

Last updated on JUNE 20, 2023

Applies to:

Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Cloud Service - Version N/A and later
Oracle Database Backup Service - Version N/A and later
Oracle Database - Enterprise Edition - Version to [Release 11.2]
Microsoft Windows x64 (64-bit)
Microsoft Windows Server 2003 (64-bit AMD64) Microsoft Windows Server 2008 (64-bit AMD64)
Oracle Server Enterprise Edition - Version: and up.

The method described in this document only modifies the OS privileges of certain OCR managed resources such as for the purposes specified. The only supported method to modify the software install owner of Oracle Clusterware is to uninstall / reinstall Oracle Clusterware.


Starting in 12c there is the concept of Oracle Home User (for the DB home) that makes the need for the modifications described in this note unnecessary. Therefore, the changes described in this note are not supported for 12c.

For details about the Windows Oracle Home User introduced in 12c see the Oracle® Database - Platform Guide - 12c Release 1 (12.1) for Microsoft Windows - Chapter 3 - "Supporting Oracle Home User on Windows"


This note details the step by step instructions for modifying Windows Grid Infrastructure 11.2 services and corresponding OCR resources. 

Some example of why one might want to make this change are:

-  to generate backups in a Windows environment to a network share

-  to use UTL_FILE_DIR to a network share


-  use of External tables

In short, certain services and corresponding OCR resources must be modified such that they are started with an OS user account with the necessary write privileges (on the network share).  

A strong word of caution from Oracle Support: This procedure HAS been tested and DOES work, however, it SHOULD be tested in a TEST environment and MUST be executed with extreme care when implementing in production.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 1.  Ensure proper set up for the OS user account to be used
 2.  Use the crsuser command to create the OracleCRSToken Service
 3.  Manually set the password for and start the new OracleCRSToken_<username> service
 4.  Stop LOCAL listener and OracleService<SID> services and set LogOnAs properties for LOCAL listener and OracleService<SID> services
 5.  Use the "crsctl setperm <resource>" command to set permissions in the OCR file
 6.  Restart all resources

 Reversing These Changes

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.