# Database Discussions > IBM DB2 >  annot create db2 database

## jadeite100

Hi All:

I am using Ibm Db2 97 ExpressC on a windows xp computer.
I have administrator rights on my computer attached to a particular domain. I am at work, so I used the work domain.
I thought I installed the db2 972 Express Edition successfully because I go to the control centre and I see the "sample" database.

I forgot to add, when installing the db2 express Edition 972, under the screen "Set user information the Db2 Administration Server", I used the default for domain-->None-use local user account
User Name:db2admin

Under computer management, for Users I see the user "db2admin". I believed this user was created by Db2 972 Express during its installation.

Does anybody knows how to change the logon user id for the db2 server instance.

In the "controle centre" I tried to create a new database and get the following error:
SQL1092N  "SmithJohn16" does not have the authority to perform the 
requested command or operation.

Explanation: 

Possible causes are as follows:

1. There was an attempt to execute a command or operation without having
   the appropriate authority for that command or operation.
2. In a Windows 2000 environment in which Kerberos authentication is
   being used, an attempt was made to log on to a computer with an
   account that is not a domain account.
3. In an LDAP environment, the user ID or the DB2 Connect gateway might
   not have the authority to perform the CATALOG DATABASE, CATALOG ...
   NODE, or CATALOG DCS DATABASE command.
4. In a Windows environment, the DB2 Server logon user ID,
   DB2_GRP_LOOKUP setting, and other group enumeration settings might
   not be configured properly, preventing the authorization ID
   "<authorization-ID>" from gaining access. A very common sample
   scenario follows: 
   *  An attempt is made to connect to the DB2 Server by using a domain
      user ID.
   *  The logon user ID for the DB2 Server instance is LocalSystem or a
      local account.
   *  Groups (SYSCTRL, SYSADM, SYSMAINT) are defined to be domain
      groups.
   *  DB2_GRP_LOOKUP is not set. As a result, an attempt is made to
      enumerate the groups at the location where "<authorization-ID>" is
      defined. This fails because the DB2 Server instance is running
      under the context of LocalSystem or the local account and so
      cannot access the network resources required to enumerate the
      groups.

5. In a Windows environment with Extended Security enabled, the user ID
   "<authorization-ID>" might be attempting to use or modify a database
   resource, but the user ID is not a member of the local DB2USERS or
   DB2ADMNS group. This is not allowed. The command cannot be processed.
6. On Windows Vista or later versions of the Windows operating system,
   this command might be launched from a command prompt with only
   standard user privileges, even if the user is a local administrator.
   In this case, the command cannot be run because of insufficient
   administrative privileges.

The command cannot be processed.

Federated system users: The data source might have detected that the
authorization ID does not have the authority to perform the requested
command.

User response: 

Solutions to the problem causes are as follows:

1. Log on as a user with the correct authority and retry the failed
   command or operation. Contact your security administrator for
   assistance with adjusting your authorization. Refer to the Database
   Security Guide or search the DB2 Information Center for information
   about required authorization for the attempted command or operation.
2. Log on with a domain account.
3. Run the command UPDATE DBM CFG USING CATALOG_NOAUTH YES at the client
   or the gateway.
4. Make appropriate configuration settings changes. To fix the problem
   described in the scenario in the Explanation, change the logon user
   ID for the DB2 server instance to a domain account, and add this
   domain account to the local Administrators group. If Windows Extended
   Security is enabled, you must add the domain account to the DB2ADMNS
   group or its equivalent. For more information about Windows operating
   system security and groups, search the DB2 Information Center using
   phrases such as "DB2_GRP_LOOKUP" and "Windows authentication".
5. Add the user ID "<authorization-ID>" to the local Windows security
   groups DB2USERS or DB2ADMNS by using the Windows Computer Management
   tool. A workaround is to disable Extended Security but this may not
   be desirable because it reduces the level of security on your system.
6. Launch the command from a command window that is running with full
   administrative privileges. To do this, you can launch the "Command
   Window - Administrator" shortcut, and rerun the command.

Federated system users: If necessary, isolate the problem to the data
source that is rejecting the request (see the Troubleshooting Guide for
procedures to follow to identify the failing data source), and ensure
that the authorization ID has the appropriate authority on that data
source.


Yours,

Frustrated.

----------

