How to stop other application accessing SQL port 1433

  • We are planning to do some maintanance on SS 2008 and we DO NOT want any users / application accessing the SQL server during that time .

    The ask is , is there anyway by which I can stop the access of the all the IP on the SQL port 1433 . if I am not wrong I think I can block it using IP Security policy .....but was just trying to know if is there other way out ......Single user is NOT an option here .

    Thanks

    Himanshu

  • A simple option disable the user which applciation uses and enable it once the activity completes.

    other option is change the sql port and restart the sql service and who ever knows the port only can connect.

    Regards
    Durai Nagarajan

  • durai nagarajan (8/21/2012)


    A simple option disable the user which applciation uses and enable it once the activity completes.

    Will have to do one by one, is it ?

  • You could just disable the TCP/IP protocol?

  • Just disable the logins and the engine won't let anybody in !

    It works as well for SQLUsers as for windows logins and groups.

    ALTER LOGIN [AnySQLUser] DISABLE ;

    ALTER LOGIN [yourdomain\your_windowsgroup_EXEPT_SQL_ADMINS] DISABLE ;

    Generate your scripts ( disable and enable ) up front and only touch the accounts you need !

    No hassle with login triggers, ports, protocols, ...

    Don't disable your SQLAdmins !

    Just keep in mind to re-enable the disabled logins after your maintenance !

    Johan

    Learn to play, play to learn !

    Dont drive faster than your guardian angel can fly ...
    but keeping both feet on the ground wont get you anywhere :w00t:

    - How to post Performance Problems
    - How to post data/code to get the best help[/url]

    - How to prevent a sore throat after hours of presenting ppt

    press F1 for solution, press shift+F1 for urgent solution 😀

    Need a bit of Powershell? How about this

    Who am I ? Sometimes this is me but most of the time this is me

  • Disabling the TCP/IP .....sounds good ...;-) ...Will test this and let you guys know . But I foumd that we can block it using IPSEC policy .

  • Apparently you didn't want to do a one by one approach, just generate your stuff !

    Select 'ALTER LOGIN ['+ name + '] DISABLE ; '

    from sys.server_principals

    /* exclude disabled accounts, sysadmins and ##-accounts */

    where is_disabled = 0

    and IS_SRVROLEMEMBER('sysadmin', name) = 0

    and name not like '##%'

    order by name ;

    /* only re-enable the ones you disabled !! */

    Select 'ALTER LOGIN ['+ name + '] ENABLE ; '

    from sys.server_principals

    /* exclude disabled accounts, sysadmins and ##-accounts */

    where is_disabled = 0

    and IS_SRVROLEMEMBER('sysadmin', name) = 0

    and name not like '##%'

    order by name ;

    Run the full script up front to generate ALL you need !!

    Johan

    Learn to play, play to learn !

    Dont drive faster than your guardian angel can fly ...
    but keeping both feet on the ground wont get you anywhere :w00t:

    - How to post Performance Problems
    - How to post data/code to get the best help[/url]

    - How to prevent a sore throat after hours of presenting ppt

    press F1 for solution, press shift+F1 for urgent solution 😀

    Need a bit of Powershell? How about this

    Who am I ? Sometimes this is me but most of the time this is me

  • when you want to develop your data base and don't want to let other users to access to you db server

    you can change Sql sever db from multi user to single user so that you can access the database as Admin(sa user)

  • You could also tell the firewall to block port 1433.

Viewing 9 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply