Microsoft Security Changes and SQL Server

Question

Post reply

Microsoft Security Changes and SQL Server

Steve Jones - SSC Editor

SSC Guru

Points: 741784
More actions
February 14, 2026 at 12:00 am

#4734665

Comments posted to this topic are about the item Microsoft Security Changes and SQL Server

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply

Site Owners SSC Guru Points: 80411 More actions · Answer 1

Thanks for posting your issue and hopefully someone will answer soon.

This is an automated bump to increase visibility of your question.

Rod at work SSC-Dedicated Points: 34115 More actions · Answer 2

Networking is my weakest knowledge point. I know the basics, but that's it. But I am pretty sure that at work we use named pipes to connect to our SQL Servers. I rely upon the network admins and DBAs to tell me what to do and how to change the code I support. I hope they'll do that, soon.

Kindest Regards, Rod Connect with me on LinkedIn.

Steve Jones - SSC Editor SSC Guru Points: 741784 More actions · Answer 3

Hopefully, or things might break when you least expect or, or are ready to handle things.

Brandie Tarvin SSC Guru Points: 173132 More actions · Answer 4

Oh, goodness. I'm doing research for this issue for my company (Thank you so much for the article, Steve!) and discovered a "nasty."

Per SQLFingers:
Local connections
Connections from the SQL Server host to itself (ie., SSMS on the server, local jobs, local apps) always use NTLM due to a per-service SID hardening feature added in Windows 2008. This is by design and won't change.

Further down in the comments:

When NTLM is disabled, the local SQL Server connections like SSMS, Agent jobs, etc., relying on it will fail. MSFT's solution is called Local KDC, which is designed to allow local machine-based Kerberos authentication. It is supposed to be available before Phase 3 - the final NTLM disabling. Without the Local KDC, local SQL authentication using Windows credentials could be severely impacted in non-Active Directory or edge-case scenarios when NTLM is disabled.

So I researched Local KDC and, if I'm reading things correctly, this will only be available in Windows Server 2025? As of last year, still not available though artifacts in the OS are showing it will be there.

Can someone tell me if I'm wrong on this or does anyone have additional details on Local KDC?

Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.