Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

How to I backup the database without Agent XPs enabled? Expand / Collapse
Author
Message
Posted Tuesday, June 08, 2010 9:46 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Tuesday, December 03, 2013 2:11 PM
Points: 54, Visits: 349
The company I work for recently went through a MITRE federal security audit.
They are telling my boss that I must diable Agent XPs.
I have done this, but now my backup jobs don't appear to be working.
Is it true that the backup agent will not work?
Any ideas?

Thanks.

Post #934080
Posted Saturday, June 12, 2010 9:18 PM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Tuesday, January 14, 2014 5:30 PM
Points: 1,264, Visits: 721
You wouldn't be able to use SQL Server Agent to run jobs. SQL Server Agent will not start without this parameter enabled. You can create sqlcmd backup scripts and run Windows tasks instead of SQL Server Agent jobs.
Post #936481
Posted Saturday, June 12, 2010 10:32 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 6:27 AM
Points: 6,997, Visits: 8,411
Kind of crab sold to your boss.

You should indeed disable them if you are not using sql agent jobs.

If your system is secure and you have implemented all security related best practices and are up to date with service packs, it shouldn't be a problem to use sqlagent.

I haven't seen a recommendation on sqlagent from our sox auditors.



Johan


Don't drive faster than your guardian angel can fly ...
but keeping both feet on the ground won't get you anywhere

- How to post Performance Problems
- How to post data/code to get the best help


- How to prevent a sore throat after hours of presenting ppt ?


"press F1 for solution", "press shift+F1 for urgent solution"


Need a bit of Powershell? How about this

Who am I ? Sometimes this is me but most of the time this is me
Post #936484
Posted Sunday, June 13, 2010 3:13 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Saturday, April 12, 2014 11:40 AM
Points: 2,795, Visits: 8,297
I recently implemented a free tool called SQL Scheduler to use with SQL Internal Database (SSEE) that does not have SQL Agent. It's simple & works well, allowing me to schedule SQL Scripts.

http://www.lazycoding.com/home.aspx



Post #936499
Posted Sunday, June 13, 2010 1:29 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Tuesday, December 03, 2013 2:11 PM
Points: 54, Visits: 349
Thanks for the awesome suggestions. What I ended up doing was to script out all the backups and then run them from the command line using Windows 2003 Scheduled Tasks. That was done just to get everything compliant. I will not allow it to stay in such a vunerable state. I need a more secure (and stable) task sheduling system other than Windows 2003 Scheduled Tasks. So, with that in mind....HomeBrew (user from post above) your suggestion of that freeware scheduling app will be downloaded and tried out.
Any suggestions for better blind backup job monitoring in such an environment?
I love all feedback, so don't hold back on me with those excellent ideas!!

Thanks.
Post #936560
Posted Sunday, June 13, 2010 3:06 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 4:31 PM
Points: 32,780, Visits: 14,941
I somewhat fail to see what's insecure about the Agent XPs. If the auditor's don't like that, did they pass Windows Scheduled Tasks? Is that more secure somehow?

I'd ask them what they recommend. They must have passed someone as secure that schedules tasks.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #936566
Posted Monday, June 14, 2010 6:50 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Monday, April 14, 2014 3:21 AM
Points: 2,797, Visits: 3,079
I would definitely ask WHY the SQL Agent tasks are prohibited. The answer needs to be more than 'the auditor said so', as this just shows the auditor probably knows very little about SQL Server.

You should be told what exposure exists with SQL Agent, and how that exposure does not exist with the alternatives allowed by the auditor.


Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2014, 2012, 2008 R2, 2008 and 2005. 25 March 2014: now over 28,000 downloads.
Disclaimer: All information provided is a personal opinion that may not match reality.
Concept: "Pizza Apartheid" - the discrimination that separates those who earn enough in one day to buy a pizza if they want one, from those who can not.
Post #936793
Posted Tuesday, June 15, 2010 6:15 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: 2 days ago @ 5:22 AM
Points: 881, Visits: 1,352
As mentioned above, you need to know the "why?" and be offered alternative recommendations by the auditor.

The SQL Agent is highly used and any vulnerabilities would be fixed by MS, using other tools such as the "freeware" schedule mentioned above (SQL Scheduler) might make you more vulnerable to security holes.




Post #937411
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse