Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

How to stop other application accessing SQL port 1433 Expand / Collapse
Author
Message
Posted Tuesday, August 21, 2012 1:50 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, October 16, 2013 2:14 PM
Points: 5, Visits: 18
We are planning to do some maintanance on SS 2008 and we DO NOT want any users / application accessing the SQL server during that time .

The ask is , is there anyway by which I can stop the access of the all the IP on the SQL port 1433 . if I am not wrong I think I can block it using IP Security policy .....but was just trying to know if is there other way out ......Single user is NOT an option here .

Thanks
Himanshu
Post #1347617
Posted Tuesday, August 21, 2012 3:04 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Friday, May 30, 2014 8:15 AM
Points: 1,056, Visits: 2,687
A simple option disable the user which applciation uses and enable it once the activity completes.

other option is change the sql port and restart the sql service and who ever knows the port only can connect.



Regards
Durai Nagarajan
Post #1347643
Posted Tuesday, August 21, 2012 10:34 PM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Today @ 12:44 AM
Points: 1,505, Visits: 2,530
durai nagarajan (8/21/2012)
A simple option disable the user which applciation uses and enable it once the activity completes.


Will have to do one by one, is it ?
Post #1348177
Posted Tuesday, August 21, 2012 10:41 PM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Monday, June 2, 2014 7:24 PM
Points: 286, Visits: 572
You could just disable the TCP/IP protocol?

Clare
_________________________________________________________________________________________________________________
Measure twice; cut once (and have a good saw)

Hey, just a thought.....did you check Books Online yet?
Post #1348178
Posted Tuesday, August 21, 2012 11:54 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Wednesday, July 23, 2014 12:40 AM
Points: 7,001, Visits: 8,439
Just disable the logins and the engine won't let anybody in !
It works as well for SQLUsers as for windows logins and groups.

ALTER LOGIN [AnySQLUser] DISABLE ;

ALTER LOGIN [yourdomain\your_windowsgroup_EXEPT_SQL_ADMINS] DISABLE ;

Generate your scripts ( disable and enable ) up front and only touch the accounts you need !

No hassle with login triggers, ports, protocols, ...

Don't disable your SQLAdmins !

Just keep in mind to re-enable the disabled logins after your maintenance !




Johan


Don't drive faster than your guardian angel can fly ...
but keeping both feet on the ground won't get you anywhere

- How to post Performance Problems
- How to post data/code to get the best help


- How to prevent a sore throat after hours of presenting ppt ?


"press F1 for solution", "press shift+F1 for urgent solution"


Need a bit of Powershell? How about this

Who am I ? Sometimes this is me but most of the time this is me
Post #1348192
Posted Tuesday, August 21, 2012 11:56 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, October 16, 2013 2:14 PM
Points: 5, Visits: 18
Disabling the TCP/IP .....sounds good ... ...Will test this and let you guys know . But I foumd that we can block it using IPSEC policy .
Post #1348193
Posted Wednesday, August 22, 2012 12:10 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Wednesday, July 23, 2014 12:40 AM
Points: 7,001, Visits: 8,439
Apparently you didn't want to do a one by one approach, just generate your stuff !

Select 'ALTER LOGIN ['+ name + '] DISABLE ; '

from sys.server_principals
/* exclude disabled accounts, sysadmins and ##-accounts */
where is_disabled = 0
and IS_SRVROLEMEMBER('sysadmin', name) = 0
and name not like '##%'

order by name ;

/* only re-enable the ones you disabled !! */
Select 'ALTER LOGIN ['+ name + '] ENABLE ; '

from sys.server_principals
/* exclude disabled accounts, sysadmins and ##-accounts */
where is_disabled = 0
and IS_SRVROLEMEMBER('sysadmin', name) = 0
and name not like '##%'

order by name ;


Run the full script up front to generate ALL you need !!


Johan


Don't drive faster than your guardian angel can fly ...
but keeping both feet on the ground won't get you anywhere

- How to post Performance Problems
- How to post data/code to get the best help


- How to prevent a sore throat after hours of presenting ppt ?


"press F1 for solution", "press shift+F1 for urgent solution"


Need a bit of Powershell? How about this

Who am I ? Sometimes this is me but most of the time this is me
Post #1348197
Posted Wednesday, August 22, 2012 6:33 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Tuesday, November 20, 2012 5:22 AM
Points: 4, Visits: 15
when you want to develop your data base and don't want to let other users to access to you db server
you can change Sql sever db from multi user to single user so that you can access the database as Admin(sa user)
Post #1348345
Posted Thursday, August 23, 2012 5:33 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Sunday, November 11, 2012 11:32 PM
Points: 4, Visits: 77
You could also tell the firewall to block port 1433.
Post #1349395
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse