Chris,
i dove through all sorts of pain with windows security and PostgreSQL services while postgresql on win32 was in beta. Even deployed some big application to > 30 computers installing win32 PostgreSQL in beta. So, some areas where I had things to learn:
1.) group policies.
On win32 computers within a domain, as a local administrator you are quite able to create (local) users with all sort of privileges; esp. if you do it via the api and not with GUI tools from MS.
Group Policies will NOT interfer with the creation of a user that is outside the policie! ... but it will silently roll his priviliges back to "normal", whatever "normal" is in that domain.
Most common error: the PostgreSQL service user needs the "logon as service" privilege. No normal user needs it, so most "normal user" policies (esp. the default by Microsoft) strips this privilege. On a "random time basis" - that is, not with every logon, but every 2 to 7 days. Have fun with bug hunting!
2.) Problems in the field of sockets
PostgreSQL spawns (or forks?) a new process to deal with every connection. The master has to pass an open connection socket to this child. SOME
- firewalls
- voice over ip
- adult service USB tokens
- viral scanners
- computer telephony integration software
screw up the Windows tcp/ip stack. We spend some nights in repairing ( that is: me crying and testing, Magnus patching and compiling) the "passing of sockets even if the tcp/ip stack is screwed"; but maybe, even maybe your customer found a new way to destroy it?
3.) read the event log
4.) read the log in data/pg_log
Best wishes
Harald
--
GHUM Harald Massa
persuadere et programmare
Harald Armin Massa
Reinsburgstraße 202b
70197 Stuttgart
0173/9409607
-
PostreSQL - works as documented
