Trace IP address of Successful login

Hi
We have had a security incident within our company. We know the user name (Windows Username) that was given elevated rights either by accident or on purpose. What we can't pick up is from what PC this account was used to access the database.
1) Is there a way using the transaction logs to determine the IP address of machine that was used.
2) Can we check when the windows profile was changed and by whom
3) is there any advice on how to go about tracking down the culprit through SQL server or other means after the fact?
regard
Stephen

...We know the user name (Windows Username) that was given elevated rights either by accident or on purpose. What we can't pick up is from what PC this account was used to access the database.
1) Is there a way using the transaction logs to determine the IP address of machine that was used.
2) Can we check when the windows profile was changed and by whom
3) is there any advice on how to go about tracking down the culprit through SQL server or other means after the fact?
Hi Stephen
by elevated rights/permissions you mean on SQL Server and not Windows AD already, right?
I am not aware that the IP Address is captured in the Transaction Log.
Using the default trace, located under your Log-folder, you should get the Host-Name though.
The Default Trace captured the following Security relevant events:
Security audit events
Audit Add DB user event
Audit Add login to server role event
Audit Add Member to DB role event
Audit Add Role event
Audit Add login event
Audit Backup/Restore event
Audit Change Database owner
Audit DBCC event
Audit Database Grant, Deny, Revoke
Audit Login Change Property event
Audit Login Failed
Audit Login GDR event
Audit Schema Object GDR event
Audit Schema Object Take Ownership
Audit Server Starts and Stops
So, if you still have the trace files from that date range, you should find the privilege elevation aka
escalation.
I am not sure what you mean by "Windows Profile". That would be an AD matter and logged at the DC.
For forensics several methods are being used, beginning by using the ErrorLog (by default only containing failed logons) and default trace up to a memory dump. General rule would be to freeze all activity on the machine under examination. This depends on
the level of the security incident. YMMV
Andreas Wolter (Blog |
Twitter)
MCM - Microsoft Certified Master SQL Server 2008
MCSM - Microsoft Certified Solutions Master Data Platform, SQL Server 2012
www.andreas-wolter.com |
www.SarpedonQualityLab.com

Similar Messages

  • Black screen after successful login into Remote Session

    Hi,
    I am having windows 8.1 pro(64bit) and windows 7 pro(64bit) machines using which i am trying to connect to a remote VM with windows 7 enterprise through vpn client 5(64bit). After successful login, BLACK SCREEN with Connection bar is displayed. Ctrl+Alt+End
    did not work.
    In fact, a strange behaviour experienced. After failing once, i tried again with IP address instead of host name. Bingo, it works well. Then disconnect and try to reconnect, problem repeats. What i mean is, the problem is neither Consistent not persistent.
    I am frustrated trying to solve the issue. Blogs, forums, communities.... where ever what ever solutions suggested, tried without any luck. Any help please ? Thanks in advance.

    Hi,
    Thank you for posting in Windows Server Forum.
    From your description it seems that you facing Black screen issue, but when you tried with IP address you can logon to the remote session but during reconnection issue repeats. Correct me if misunderstand your case.
    From last how may days you are facing this issue?
    Can you find any suitable error\event ID for this case?
    For this firstly please check that you have proper connectivity between systems. Please check that you can Ping successfully to the remote system with IP address and hostname. 
    Might this issue caused by some stopped service “Desktop window manager session” which stop after RDP login. You can check the status as follow.
    1. After the issue appear, please use RDP connect to the computer again and check the Desktop Window Manager Session Manager service status. 
    2. Then, please restar the computer and check System Event log to check if has a Desktop Window Manager Session Manager service error.
    Hope it helps!
    Thanks.
    Dharmesh Solanki

  • How to log successful logins to a syslog server in NX-OS

    Does anyone know how to do this in NX-OS?  I do it in IOS with the following commands:
    login on-failure log
    login on-success log
    logging x.x.x.x
    With that I get a syslog message that I can then log to a file to track who has logged into which device and when.  But I can't find the syntax to do the same thing in the Nexus switches that we have.  Does anyone know what the equivalent commands are?
    Thanks,
    Ben

    Hi Ben,
    By default, failed logins are logged.
    You can checked the log using:
    show logging logfile | last 15
    and for every logging failed (by default) you will get something like this:
    2012 Dec 18 14:51:08 Nexus5010-B %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication
    failed for user en from 2.2.2.1 - login
    To get the success-login to show up in the logs we need to increase the level of the authpriv to 5 (it is 3 by default), and doing this will add a new log for failed or succesful connections.
    Use the following command:
    Nexus5010-A(config)# logging level authpriv 5
    You can check loggin levels by using:
    #show logging level
    After you do this with the logging level you will see in the log something like this when a succesful login takes place:
    2005 Jan  6 03:29:48 Nexus5010-A %AUTHPRIV-5-SYSTEM_MSG:    admin :TTY=unknown
    ; PWD=/var/sysmgr/vsh ; USER=root ; COMMAND=/usr/bin/strings/proc/18340/environ
    - sudo
    Now for a failed login and after increasing the authpriv level you will see the following logs:
    2005 Jan  6 03:31:36 Nexus5010-A %AUTHPRIV-4-SYSTEM_MSG: pam_unix(aaa:auth):check pass; user unknown - aaad
    2005 Jan  6 03:31:36 Nexus5010-A %AUTHPRIV-5-SYSTEM_MSG: pam_unix(aaa:auth):
    aut
    hentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  - aaad
    For logging *****
    Nexus7018(config)# logging ?
      console           Set console logging
      event             Interface events
      ip                IP configuration
      level             Facility parameter for syslog messages
      logfile           Set File logging
      message           Interface events
      module            Set module(linecard) logging
      monitor           Set terminal line(monitor) logging level
      origin-id         Enable origin information for Remote Syslog Server
      server            Enable forwarding to Remote Syslog Server
      source-interface  Enable Source-Interface for Remote Syslog Server
      timestamp         Set logging timestamp granularity
    You can use logging source-interface ....
    Thanks-
    Afroz
    ***Ratings Encourages Contributors ****

  • I need to change my iCloud email address.  I changed it for my Apple id but I can't log out of iCloud to change it there.  Find my iPad is activated so I can't delete my iCloud account.  I don't have the email address the iCloud login has anymore.

    I need to change my iCloud email address.  I changed it for my Apple id but I can't log out of iCloud to change it there.  Find my iPad is activated so I can't delete my iCloud account.  I don't have the email address the iCloud login has anymore so I can't have the password sent there.  To sum it up, iCloud has an old email for the account log-in.  I don't remember the password for the old email.  I have Find My iPad activated so the iCloud account cannot be deleted.  And I am already logged out of iTunes & App Store. 

    If you mean that Find My Phone is asking for a password to a different Apple ID to your current Apple IDand that ID is a previous version of your current ID, not an entirely different one.
    This feature has been introduced to make stolen phones useless to those that have stolen them.
    However it can also arise when the user has changed their Apple ID details with Apple and not made the same changes to their iCloud account/Find My Phone on their device before upgrading to iOS 7, or if you restore from a previous back up made before you changed your details and some other circumstances.
    The only solution is to change your Apple ID back to its previous state with Apple at My Apple ID using your current password, you don’t need access to this address if it’s previously been used with your Apple ID, once you have saved these details enter the password as requested on your device and then turn off "find my phone" and delete the account from your device. It may take a short while to remove the account.
    You should then change your Apple ID back to its current state, save it once again and then log back in using your current Apple ID. Finally, turn "find my phone" back on once again.
    This article provides more information about Activation Lock.

  • Guest Portal appears again after successful login

    I'm setting a Wireless Guest with a WLC 5508 (7.3) and ISE (1.1.2) -- (no anchor).
    It appears to work (still some adjustments are required), but I found when the guest user log in, it receives the successful login screen and inmediately the guest portal again. If another browser window or tab is open, the user can browse properly.
    I think I'm missing something.

    Sorry for the delay! Were you able to figure out what was/is causing this? I have done many deployments and never had this issue before, unless something was misconstrued in a custom HTML portal. Couple of more questions:
    1. Do you have the latest patch installed
    2. Have you tried adding a new portal based on the pre-built templates and try it again

  • Retrieving all users and last successful login

    Hi. I"m trying to return a list of all users and thier last successful login to a particular database. Oracle version is 10.2.0.4 on RHEL 5.3. I am attempting to join to the sys.aud$ table or use the audit_trail views but I didn't know if there was something more obvious to do. We don't have Audit vault yet nor do we have actual logon triggers that write to an audit table - just have auditing turned on. audit_trail=db_extended.
    I appreciate any help in advance.

    Thanks....I have that on. I am now trying to get this information out of the sys.aud$ table to a report in a format similar to
    username, last successful logon
    by joining the all_users and sys.aud$ tables to get the max timestamp for action 100
    where user is in a list of users from all_users.
    This is taking a long time to return any information.
    I am wondering if there are other ways to get this information out of the database in a quicker fashion.

  • Is there a way to decrypt the SQL login-only encryption in the netmon trace or disable the SQL login-only encryption?

    We know by default the SQL Server use the self-signed certificate to encrypt the  SQL login information when  building the connection, my question is if
    there is a way to decrypt the SQL login-only encryption in the netmon trace  or disable the SQL login-only encryption?
    Please click the Mark as Answer button if a post solves your problem!

    Not without login as admin.   To avoid using credentials to login to SQL, use Windows Credentials instead.
    jdweng

  • Last Successful Login

    Hello,Is there any way to get a User's Last Successful Login date/time stamp using MAXL? We are on v6.5.3. Thanks in advance.

    I know you can get this from the GETUSERINFO command in Esscmd. Couldn't find it in MAXL.

  • Displaying last successful login details of user

    Hi,
    I want to display last successful login details (timestamp may be) on Portal homepage.
    By configuration
    Is there any configuration that we can do to display it on Masthead area may be?
    By code
    I found following two links that talk about direct access of Portal table.
    http://wiki.sdn.sap.com/wiki/display/Snippets/DirectAccesstoDatabaseTables
    http://help.sap.com/saphelp_nw04/helpdata/en/48/6aa9429b930b31e10000000a1550b0/frameset.htm
    In this case, what query should I write to get the last login details of user?
    Please help.
    Thanks and regards,
    Amey

    Hi Ameya,
    Thanks for reply.
    1. I was wondering if there is any System admin level configuration we can do to show this info?.
    Is there any such facility?
    2. Through code, this is what I did: -
    I am getting the last logon timestamp by following code (inside JSPDynpage) : -
    import java.sql.Connection;
    import java.sql.ResultSet;
    import java.sql.Statement;
    import java.sql.Timestamp;
    import javax.naming.InitialContext;
    Connection con=null;
    Statement stmt=null;
    ResultSet rs=null;
    InitialContext ctx = new InitialContext();
    DataSource ds = (DataSource)ctx.lookup("jdbc/SAP/EP_PCD");
    con = ds.getConnection();
    stmt = con.createStatement();
    String connectedUser = _request.getUser().getUniqueName();
    rs = stmt.executeQuery("select MAX(TIMESTAMPHOUR) from WCR_USERSTAT where LOGONID='"+connectedUser+"'");
    int m = 0;
    while(rs.next()){
         m++;
           Timestamp ts = new Timestamp(rs.getLong(m));
         lastLoginString = ts.toGMTString();
    I guess selecting 'MAX' value of time-stamp would return the latest logon time.

  • Courier-IMAP disconnecting at successful login

    Hi,
    I'm using an x64 Arch Linux Server and I've been very happy with Arch Linux so far, especially the Wiki was very helpful.
    Unfortunately I've run into trouble with the courier imap server.
    I'm autheticating via authdaemond via mysql (plain) and everything works fine, I can logon, send & receive mail etc. until after an (seemingly undefined) uptime the server disconnects after a successful login. All I get is
    # telnet localhost 143
    Trying ::1...
    Connected to localhost.
    Escape character is '^]'.
    * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc.  See COPYING for distribution information.
    0 LOGIN %user %wrongpass
    0 NO Login failed.
    1 LOGIN %user %pass
    Connection closed by foreign host.
    mail.log is full of
    May 21 23:33:48 %host imapd: Connection, ip=[::ffff:%IP]
    May 21 23:39:09 %host imapd: Connection, ip=[::ffff:%IP]
    May 21 23:39:09 %host imapd: Connection, ip=[::ffff:%IP]
    May 21 23:39:09 %host imapd: Connection, ip=[::ffff:%IP]
    May 21 23:39:09 %host imapd: Connection, ip=[::ffff:%IP]
    May 21 23:39:25 %host imapd: Connection, ip=[::ffff:%IP]
    May 21 23:39:25 %host imapd: Connection, ip=[::ffff:%IP]
    May 21 23:39:25 %host imapd: Connection, ip=[::ffff:%IP]
    May 21 23:39:25 %host imapd: Connection, ip=[::ffff:%IP]
    May 21 23:39:45 %host imapd: Connection, ip=[::1]
    Where ::1 is telnet (obviously) and %IP is my mail client
    Authetication itself (authdaemond) works, postfix (sending mail) still works and I can successfully use authtest
    # authtest %user %pass
    Authentication succeeded.
         Authenticated: %user  (uid 999, gid 999)
        Home Directory: /www/mail
               Maildir: %user@%host
                 Quota: (none)
    Encrypted Password: (none)
    Cleartext Password: %pass
               Options: (none)
    Restarting courier, authdaemond, mysqld does not help, rebooting temporarily fixes the problem.
    A similar server on x86 doesn't have the problem but the config isn't entirely the same so I can't say it must be x64.
    Not sure wether this is a bug or I'm missing something. Anyone able to help?
    Thanks so far
    Last edited by XT (2012-05-21 22:01:02)

    How were you able to build FAM?  I'm getting a ton of build errors in DNotify:
    DNotify.c++:627:14: error: redefinition of ‘int DNotify::pipe_write_fd’
    DNotify.c++:44:5: error: ‘int DNotify::pipe_write_fd’ previously defined here
    DNotify.c++:628:14: error: redefinition of ‘int DNotify::pipe_read_fd’
    DNotify.c++:45:5: error: ‘int DNotify::pipe_read_fd’ previously defined here
    DNotify.c++:629:32: error: redefinition of ‘volatile sig_atomic_t DNotify::queue_overflowed’
    DNotify.c++:46:23: error: ‘volatile sig_atomic_t DNotify::queue_overflowed’ previously defined here
    DNotify.c++:630:32: error: redefinition of ‘volatile sig_atomic_t DNotify::queue_changed’
    DNotify.c++:47:23: error: ‘volatile sig_atomic_t DNotify::queue_changed’ previously defined here
    DNotify.c++:631:36: error: redefinition of ‘int DNotify::change_queue [1024]’
    DNotify.c++:48:5: error: ‘int DNotify::change_queue [1024]’ previously declared here
    DNotify.c++:632:23: error: redefinition of ‘volatile int DNotify::queue_head’
    DNotify.c++:49:14: error: ‘volatile int DNotify::queue_head’ previously defined here
    DNotify.c++:633:23: error: redefinition of ‘volatile int DNotify::queue_tail’
    DNotify.c++:50:14: error: ‘volatile int DNotify::queue_tail’ previously defined here
    DNotify.c++:634:32: error: redefinition of ‘void (* DNotify::ehandler)(dev_t, ino_t, int)’
    DNotify.c++:51:23: error: ‘void (* DNotify::ehandler)(dev_t, ino_t, int)’ previously declared here
    DNotify.c++:636:50: error: redefinition of ‘DNotify::DirWatch* DNotify::dir_hash [367]’
    DNotify.c++:53:20: error: ‘DNotify::DirWatch* DNotify::dir_hash [367]’ previously declared here
    DNotify.c++:637:53: error: redefinition of ‘DNotify::FileWatch* DNotify::file_hash [823]’
    DNotify.c++:54:21: error: ‘DNotify::FileWatch* DNotify::file_hash [823]’ previously declared here
    DNotify.c++:639:17: error: redefinition of ‘struct DNotify::FileWatch’
    DNotify.c++:56:17: error: previous definition of ‘struct DNotify::FileWatch’
    DNotify.c++:648:17: error: redefinition of ‘struct DNotify::DirWatch’
    DNotify.c++:65:17: error: previous definition of ‘struct DNotify::DirWatch’
    DNotify.c++:658:17: error: redefinition of ‘struct DNotify::ChangeEventData’
    DNotify.c++:75:17: error: previous definition of ‘struct DNotify::ChangeEventData’
    DNotify.c++:664:1: error: redefinition of ‘DNotify::DNotify(Monitor::EventHandler)’
    DNotify.c++:81:1: error: ‘DNotify::DNotify(Monitor::EventHandler)’ previously defined here
    DNotify.c++:670:1: error: redefinition of ‘DNotify::~DNotify()’
    DNotify.c++:87:1: error: ‘DNotify::~DNotify()’ previously defined here
    DNotify.c++:695:1: error: redefinition of ‘static void DNotify::overflow_signal_handler(int, siginfo_t*, void*)’
    DNotify.c++:112:1: error: ‘static void DNotify::overflow_signal_handler(int, siginfo_t*, void*)’ previously defined here
    DNotify.c++:713:1: error: redefinition of ‘static void DNotify::signal_handler(int, siginfo_t*, void*)’
    DNotify.c++:130:1: error: ‘static void DNotify::signal_handler(int, siginfo_t*, void*)’ previously defined here
    DNotify.c++:748:1: error: redefinition of ‘static bool DNotify::is_active()’
    DNotify.c++:165:1: error: ‘static bool DNotify::is_active()’ previously defined here
    DNotify.c++:781:1: error: redefinition of ‘static DNotify::DirWatch* DNotify::lookup_dirwatch(int)’
    DNotify.c++:198:1: error: ‘static DNotify::DirWatch* DNotify::lookup_dirwatch(int)’ previously defined here
    DNotify.c++:804:1: error: redefinition of ‘static DNotify::DirWatch* DNotify::lookup_dirwatch(dev_t, ino_t)’
    DNotify.c++:221:1: error: ‘static DNotify::DirWatch* DNotify::lookup_dirwatch(dev_t, ino_t)’ previously defined here
    DNotify.c++:826:1: error: redefinition of ‘static DNotify::FileWatch* DNotify::lookup_filewatch(dev_t, ino_t)’
    DNotify.c++:243:1: error: ‘static DNotify::FileWatch* DNotify::lookup_filewatch(dev_t, ino_t)’ previously defined here
    DNotify.c++:849:1: error: redefinition of ‘static void DNotify::hash_dirwatch(DNotify::DirWatch*)’
    DNotify.c++:266:1: error: ‘static void DNotify::hash_dirwatch(DNotify::DirWatch*)’ previously defined here
    DNotify.c++:860:1: error: redefinition of ‘static void DNotify::hash_filewatch(DNotify::FileWatch*)’
    DNotify.c++:277:1: error: ‘static void DNotify::hash_filewatch(DNotify::FileWatch*)’ previously defined here
    DNotify.c++:869:1: error: redefinition of ‘static void DNotify::unhash_dirwatch(DNotify::DirWatch*)’
    DNotify.c++:286:1: error: ‘static void DNotify::unhash_dirwatch(DNotify::DirWatch*)’ previously defined here
    DNotify.c++:888:1: error: redefinition of ‘static void DNotify::unhash_filewatch(DNotify::FileWatch*)’
    DNotify.c++:305:1: error: ‘static void DNotify::unhash_filewatch(DNotify::FileWatch*)’ previously defined here
    DNotify.c++:907:1: error: redefinition of ‘static Monitor::Status DNotify::watch_dir(const char*, dev_t, ino_t)’
    DNotify.c++:324:1: error: ‘static Monitor::Status DNotify::watch_dir(const char*, dev_t, ino_t)’ previously defined here
    DNotify.c++: In function ‘char* dirname_dup(const char*)’:
    DNotify.c++:956:1: error: redefinition of ‘char* dirname_dup(const char*)’
    DNotify.c++:373:1: error: ‘char* dirname_dup(const char*)’ previously defined here
    DNotify.c++: At global scope:
    DNotify.c++:966:1: error: redefinition of ‘Monitor::Status DNotify::express(const char*, stat*)’
    DNotify.c++:383:1: error: ‘virtual Monitor::Status DNotify::express(const char*, stat*)’ previously defined here
    DNotify.c++:1026:1: error: redefinition of ‘Monitor::Status DNotify::revoke(const char*, dev_t, ino_t)’
    DNotify.c++:443:1: error: ‘virtual Monitor::Status DNotify::revoke(const char*, dev_t, ino_t)’ previously defined here
    DNotify.c++:1071:1: error: redefinition of ‘static void DNotify::all_watches_changed()’
    DNotify.c++:488:1: error: ‘static void DNotify::all_watches_changed()’ previously defined here
    DNotify.c++:1090:1: error: redefinition of ‘static void DNotify::read_handler(int, void*)’
    DNotify.c++:507:1: error: ‘static void DNotify::read_handler(int, void*)’ previously defined here
    *Edit: apologies to moderator for incorrect tagging
    Last edited by shaggystyle (2012-06-04 12:39:06)

  • Disable WebAuth Successful login screen on 1.1.1.1

    We're using an external redirect URL and external RADIUS for our webauth setup and it all works fine.
    I need to disable the popup page you get from a successful authentication after posting to 1.1.1.1/login.html and RADIUS succeeds
    See attached image.
    Do you have any ideas?
    We have a 2504 on v7.6
    Thanks
    James

    The image you posted looks like the default Cisco Web Auth Successful page, which is internal.  When external web page authentication is successful it should redirect the user to the configured redirect URL or the page the client tried to get to.
    Could you verify the address that your redirect URL is configured to and post your custom external server captive portal code?
    If you haven't already there is this document on configuring external web auth as well:
    http://tinyurl.com/nkxeaxf
    Thank you,
    John

  • Calendar server and address book server login fails with outlook connector

    Hi all,
    I have installed Java Communication Suite 5 according to the doc http://blogs.sun.com/factotum/resource/comms5-install-linux.html.
    When i deploy the connector i get the pop ups saying "Server:servername:3080
    Error:service not available" also
    "Server:servername:80/uwc"
    Error:service not available"
    asking to login to calendar server and address book server.Clicking "OK" allows install.
    In outlook i can send and receive mails but not the meeting requests.It gives the error "login to calendar server" when i create a meeting request.
    Please let me know what i have to do to get rid of the error.The username and passwd entered is correct.
    Regards,
    lmeenakshy

    Hi,
    When i deploy the connector i get the pop ups saying
    "Server:servername:3080
    Error:service not available" also Do you get exactly what you say above, or have you substituted in the real server name for "Server:servername:" above?
    I would check through the outlook connector deployment configuration to verify that you have inserted valid information into all of the host & port fields - perhaps check the .ini file that is created to see if it has "Server" and "servername" listed.
    "Server:servername:80/uwc"
    Error:service not available"You are able to log into UWC via the web-interface and access your calendar/pab and edit/modify/delete calendar & addressbook entries right? The services are all up?
    asking to login to calendar server and address book
    server.Clicking "OK" allows install.The outlook connector deployment software gives you the option to increase the logging level, try that and see what the logs say - what was it trying to connect to/check which failed.
    In outlook i can send and receive mails but not the
    meeting requests.It gives the error "login to
    calendar server" when i create a meeting request.
    Please let me know what i have to do to get rid of
    the error.The username and passwd entered is
    correct.I suspect this is more of an underlying configuration issue that needs to be sorted out, once that happens you shouldn't have to keep logging in.
    Regards,
    Shane.

  • Mobile Home Directories not syn'g address book on login/out

    Mobile Home Directories should be sync'g ~/Library on login and logout .. but its not syn'g anything in !/Library .. so address book changes are not being sync'd.
    Any ideas?
    /s

    If you're managing the Portable Homes (home sync) preferences via Workgroup Manager, you need to adjust the items that are excluded on login/logout. Look in Workgroup Manager > Preferences > (select user, computer, computer group, or group) > Click Mobility. Then look in the Rules section for Login & Logout Sync. By default, ~/Library is excluded from background sync, but not from login/logout sync. (Did you exclude it there?)
    Another possibility is that you're excluding ~/Library/Application Support/Sync Services, which contains the Address Book data. That item *is excluded* from login/logout sync by default.
    --Gerrit

  • Check for successful login

    Hi
    I have the following problem (hopefully rather simple but I'm new to SQL*Plus and PL/SQL):
    I execute a batch file b.bat (under windows) that in turn executes a SQL-script s.sql via
    sqlpus /nolog @s.sql.
    The script then tries to CONNECT user/pwd@service, does it's stuff and exits.
    If user/pwd is a valid login, all is fine, but it would like the batch to know whether the login was successful or not, for example with a signal file. I can use spool to send information into a file but it gets created even when the login fails so what I'm looking for is a way that creates a file if and only if the login was successful (so that the batch just has to test for it's existence and not analyse it's content). I have tried PL/SQL which gives me "IF"-statements that will probably help me determine wheter the login was successful, but could not execute a spool command from there.

    You could use WHENEVER SQLERROR and check the return status of SQL*Plus
    http://download-uk.oracle.com/docs/cd/B10501_01/server.920/a90842/ch13.htm#1014742

  • Deleting old email address in itunes login.

    Recently handed my old iphone down to my wife.
    When she goes to login to itunes it still shows my old email address.
    How can I change this.
    TIA, Craig.

    She has her own iTunes account with her own iTunes library on a different computer, or she has her own iTunes account along with your iTunes account with the same iTunes library on the same computer?
    For the former, she can restore the iPhone with iTunes as a new iPhone with iTunes on her computer. This will make her iTunes account available on the iPhone after syncing the iPhone with her iTunes library on her computer being logged in to her iTunes account along with removing all iTunes content on the iPhone that was purchased/downloaded with your iTunes account.
    If the latter, she needs to be logged in to her iTunes account with iTunes on the computer you share when syncing the iPhone with iTunes. This should make her iTunes account available for the iTunes Store, the App Atore, and the Apple Store.

Maybe you are looking for