Security Audit requires turning Remote Access off on all SQL 2005 and SQL 2008 Servers

Question

Security Audit requires turning Remote Access off on all SQL 2005 and SQL 2008 Servers

Viewing 5 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply

Lynn Pettis SSC Guru Points: 442467 More actions · Answer 1

Are you talking about the ability to RDP to a server or SQL Server being able to accept remote connections (like from an application)?

tpalmer SSC Eights! Points: 962 More actions · Answer 2

No. I am talking about SQL System Configurations (e.g. SP_CONFIGURE 'REMOTE ACCESS'). Default value is 1 (on) and we now need to set it to 0 (off).

Lynn Pettis SSC Guru Points: 442467 More actions · Answer 3

tpalmer (6/14/2012)
No. I am talking about SQL System Configurations (e.g. SP_CONFIGURE 'REMOTE ACCESS'). Default value is 1 (on) and we now need to set it to 0 (off).

Dumb question, what good is SQL Server if noone can access/update the data stored in the databases?

Lynn Pettis SSC Guru Points: 442467 More actions · Answer 4

Lynn Pettis (6/14/2012)
tpalmer (6/14/2012)
No. I am talking about SQL System Configurations (e.g. SP_CONFIGURE 'REMOTE ACCESS'). Default value is 1 (on) and we now need to set it to 0 (off).
Dumb question, what good is SQL Server if noone can access/update the data stored in the databases?

Okay, little more research and Remote Access refers to this:

Use the remote access option to control the execution of stored procedures from local or remote servers on which instances of Microsoft SQL Server are running. Set remote access to 1 (default) to grant permission to run local stored procedures from remote servers or remote stored procedures from the local server. Set the option to 0 to prevent local stored procedures from being run from a remote server or remote stored procedures from being run on the local server.

tpalmer SSC Eights! Points: 962 More actions · Answer 5

This is off for all of our new servers. This is on for all servers that we either acquired or were built prior to policy to set the option to OFF by default. Turning this option off does not disable RPC, but it does limit other types of remote calls (from what I can find this restricts remote execution of stored procedures that are not using linked servers). This entire option is for backward compatibility and will not be part of future SQL Server builds.