Problem with DB2 and Windows 2000

When you say "Shared drives" do you mean \\server\share access, which should
work for domain logons, or "net use x: \\server\share" and access via x:?

If you mean the second, I am amazed it ever worked on your system, as local
DOS device namespaces were not implemented until XP and 2003, and you're on
2000. On 2000, the DOS device namespace is global, but security is local to
the logon session. SP2 for 2000 changed the default behaviour to remove
global devices at logoff.

---

From the MS documentation:

Defining an MS-DOS Device Name
An MS-DOS device name is a junction that points to the path of an MS-DOS
device. These junctions comprise the MS-DOS device namespace. Call the
DefineDosDevice and SetVolumeMountPoint functions to create and modify these
junctions. DeleteVolumeMountPoint deletes a junction created by
SetVolumeMountPoint, and DefineDosDevice deletes junctions it creates.
After an MS-DOS device name is defined, it remains visible to all processes.
Before Windows 2000 SP2, a device name remained globally visible until
either explicitly removed or the system restarted. Security issues made
changes to this policy necessary in later versions of Windows.

Starting with Windows 2000 SP2, when a user that is logged in through an
interactive console session (that is, by running a console application on a
local machine), any drive letters defined by running a program that calls
DefineDosDevice are deleted when the interactive console user logs out.
Also, a security policy is implemented regulating the circumstances under
which drive letters can be deleted. This deletion policy is defined as
follows:
a.. If the user attempting the deletion is logged in as an Administrator,
or another account that belongs to the Administrator group, the user can
delete any drive letter.
b.. If the user attempting the deletion is not logged in as an
Administrator, and is logged in though the interactive console session, the
user can delete any drive letter except those created by other users logged
in as Administrators through logon sessions that are not the interactive
console session, such as background scheduled tasks or during system
startup.
c.. If the user attempting the deletion is not logged in as an
Administrator, and is logged in though a logon session that is not the
interactive console session, the user can delete only the drive letters that
he or she has created during the session.
This security fix does not affect Terminal Services sessions, because each
Terminal Services session defines its own MS-DOS Device namespace.

In Windows 2000 SP2 and earlier, calls to QueryDosDevice return all MS-DOS
devices that have been defined on the local machine.

In Windows XP, the policy changes defined in Windows 2000 SP2 were removed
and replaced with an architecture based on the following:
a.. All MS-DOS devices are identified by Windows through an authentication
ID. An authentication ID is the LUID (locally unique identifier) associated
with each logon session when created.
b.. The visibility of an MS-DOS device names is categorized as global or
local, and is defined as such by its inclusion in the Global MS-DOS Device
and Local MS-DOS Device namespaces. The contents of MS-DOS devices in the
Global namespace can be accessed by all users, and the contents of MS-DOS
devices in the Local namespace can be accessed only by the user whose access
token contains the AuthenticationID associated with that Local MS-DOS device
namespace
Multiple Local MS-DOS Device namespaces and only one Global MS-DOS Device
namespace may exist at one time and on one machine.

Note that only processes running in the LocalSystem context can call
DefineDosDevice to create an MS-DOS device in the Global MS-DOS device
namespace. Also, the Local MS-DOS device namespace corresponding to a
specific AuthenticationID is deleted when the last reference to that
AuthenticationID is removed.

When your code queries an existing MS-DOS device name by calling
QueryDosDevice, it first searches the Local MS-DOS Device namespace. If it
is not found there, the function will then search the Global MS-DOS Device
namespace. When your code queries all existing MS-DOS device names through
this function, the list of names that are returned is dependent on whether
it is running in the LocalSystem context. If so, only the MS-DOS device
names included in the Global MS-DOS Device namespace will be returned. If
not, a concatenation of the device names in the Global and Local MS-DOS
Device namespaces will be returned. If a device name exists in both
namespaces, QueryDosDevice will return the entry in the Local MS-DOS Device
namespace. This also applies to the list of all MS-DOS device names returned
by GetLogicalDrives and GetLogicalDriveStrings.

Note that the following scenario may occur:

1.. User A, who is not running within the LocalSystem context, creates a
device name in the corresponding Local MS-DOS Device namespace, and that
device name does not exist in the Global MS-DOS Device namespace.
2.. User B, who is running within the LocalSystem context, creates the
same device name in the Global MS-DOS Device namespace.
In this scenario, User A will not have access to the device name in the
Global MS-DOS Device namespace until he or she removes or renames the device
name in his or her Local MS-DOS Device namespace. To reduce the likelihood
of this scenario occurring, MS-DOS drive letters should be allocated in the
Global MS-DOS Device namespace starting with C: and ending with Z:. This
sequence should be reversed for the allocation of MS-DOS drive letters in
the Local MS-DOS Device namespace.

If you are not running within the LocalSystem context, DefineDosDevice will
not allow you to define a device name in the Local MS-DOS Device namespace
if that device name already exists in your Local or Global MS-DOS Device
namespaces. Call QueryDosDevice before calling DefineDosDevice to determine
whether the device name you intend to define exists in your MS-DOS Device
namespaces.

"Steven Fox" <st********@dfas.mil> wrote in message
news:25**************************@posting.google.c om...

================================================== ==========
About DB2 Administration Tools Environment
================================================== ==========
DB2 administration tools level:
Product identifier SQL08015
Level identifier 02060106
Level DB2 v8.1.5.449
Build level s040212
PTF WR21334
================================================== ==========
Java development kit (JDK):
Level IBM Corporation 1.3.1
================================================== ==========

After installing the full DB2, we lost all our shared drives (novell)
we are running windows 2000. If we log off and back on the script to
connect to the shared drives exicutes without a problem... It only
happens when we come into the system cold.....
(I am posting this also on the windows news group)

Gut feeling :
novell login with drive allocations isn't finished before db2 starts.
e.g. drives are not present at the time db2 is referencing/looking for them.

PM

"Steven Fox" <st********@dfas.mil> a écrit dans le message de
news:25**************************@posting.google.c om...

================================================== ==========
About DB2 Administration Tools Environment
================================================== ==========
DB2 administration tools level:
Product identifier SQL08015
Level identifier 02060106
Level DB2 v8.1.5.449
Build level s040212
PTF WR21334
================================================== ==========
Java development kit (JDK):
Level IBM Corporation 1.3.1
================================================== ==========

After installing the full DB2, we lost all our shared drives (novell)
we are running windows 2000. If we log off and back on the script to
connect to the shared drives exicutes without a problem... It only
happens when we come into the system cold.....
(I am posting this also on the windows news group)

I doubt if it's even relevant when Novell drive mappings are finished, as
they running in a different logon session from DB2 and consequently are not
supposed to "work". WK2 SP2 closed the security loophole, WXP and W2K3 fixed
the problem by adding local namespaces (thus your X: and my X: are different
X:'s).
"PM (pm3iinc-nospam) CGO" <PM (pm3iinc-nospam)@cgocable.ca> wrote in message
news:E5*****************@charlie.risq.qc.ca...

Gut feeling :
novell login with drive allocations isn't finished before db2 starts.
e.g. drives are not present at the time db2 is referencing/looking for them.
PM

"Steven Fox" <st********@dfas.mil> a écrit dans le message de
news:25**************************@posting.google.c om...

================================================== ==========
About DB2 Administration Tools Environment
================================================== ==========
DB2 administration tools level:
Product identifier SQL08015
Level identifier 02060106
Level DB2 v8.1.5.449
Build level s040212
PTF WR21334
================================================== ==========
Java development kit (JDK):
Level IBM Corporation 1.3.1
================================================== ==========

After installing the full DB2, we lost all our shared drives (novell)
we are running windows 2000. If we log off and back on the script to
connect to the shared drives exicutes without a problem... It only
happens when we come into the system cold.....
(I am posting this also on the windows news group)