We're trying to justify why we need remote access to servers (both AIX and Windows) and that in Window's case, need "administrator" rights on the box. Anyone else have to do this?? Anyway, there are 2 groups that db2 sets up on a Windows server and one ID (db2admin).

Groups db2admns and db2users

DB2ADMIN is part of db2admns and the box's "Administrator" group. The LAN people don't like it that we have admin rights on their box and we need to justify why.

My question(s)
Why does db2admin have to be in the Administrator group?
To use the control center from a client, which group(s) does the ID need to be in?

Any help would be appreciated.

Have a look here: http://publib.boulder.ibm.com/infoce...t/r0007134.htm
just as a justification for the required "act as part of the OS".

There are probably lots of minor issues why DB2 must be able to do so; for one thing: DB2 database files are "system" files in the sense that they should be unmovable (e.g., not moved during defragmentation). This gives some performance improvement to DB2.