Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Enabling Remote DAC Expand / Collapse
Author
Message
Posted Wednesday, January 2, 2013 4:07 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Yesterday @ 6:39 AM
Points: 207, Visits: 307
Hi

Seen lots of stuff about how to enable remote DAC, but I can't find anything regarding the implications of enabling.

Are there any security or resource implications?

SQL Server 2005, Enterprise Edition.

Thanks



Post #1401757
Posted Wednesday, January 2, 2013 5:35 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 3:32 AM
Points: 6,762, Visits: 14,417
The fact that it allows a remote connection to the server may raise eyebrows in some organisations. You do have to connect as a member of the sysadmin role so it's not completely wide open.

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1401794
Posted Wednesday, January 2, 2013 1:57 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 1:25 AM
Points: 7,141, Visits: 12,767
Some scenarios where enabling remote DAC might be plausible:

- you are in a shop where the DBAs do not have Remote Desktop access to the server hosting SQL Server (rare in my experience, but the situation does exist)
- you do not install SSMS on the server and are not comfortable using sqlcmd.exe for troubleshooting so want to be able to connect to the DAC using SSMS from your own machine
- you are worried about a server being so busy that it cannot support a Remote Desktop session so you want to be able to connect to the DAC from anywhere

These restrictions on DAC still apply even when remote connections are enabled:

- you have to be in the sysadmin Fixed Server Role
- only one person can be connected to the DAC at a time regardless of whether it is a local or a remote connection

There are likely other scenarios you could come up with to help justify enabling remote connections to the DAC.

One reason not to enable remote DAC connections is that if someone connects and leave the connection open you could be out of luck when the server becomes otherwise unusable. You can kill the session using the DAC, but if you cannot initiate a session without using DAC in the first place that might be difficult. The same could be said of local DAC sessions if opened in a Remote Desktop session and that session were disconnected and left there indefinitely.

Personally I do not have a problem with allowing remote DAC connections but opinions may vary.


__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1402072
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse