Does anyone have any ideas or facts about the Windows service user accounts used to run the Oracle database server, particularly 11g?
Preferably, I'd like to have it run as a user account other than "Local System". I started with a new, working installation. I created a new non-privileged Windows user account, and granted full permissions to that account on the oracle home directory on the file system, as well as HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE in the registry. After changing the "Log On As" from "Local Service" to the new user account on both services using Windows' Services control panel, both the listener and the database instance services "start", but the TNS Listener only responds that it doesn't recognize the SID (ORA-12505). The database service also started almost instantly, which isn't normal, but I can't find any logs with any errors. Looking at the timestamps, the log files (alert_*.log) actually aren't touched at all.
If I assign this new new account to the Administrators group, then everything again works as expected.
I've followed this practice for many other services, and rarely encounter such issues. Other database servers that run on Windows do this by default. This is a non-production instance, so I'm not worried about this approach being non-certified, etc. Consider this an experiment if nothing else. I'll continue to dig a bit, but don't want to repeat what may already be a proven success or failure.