SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


How to stop other application accessing SQL port 1433


How to stop other application accessing SQL port 1433

Author
Message
himanshu.sinha
himanshu.sinha
SSC-Enthusiastic
SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)

Group: General Forum Members
Points: 103 Visits: 107
We are planning to do some maintanance on SS 2008 and we DO NOT want any users / application accessing the SQL server during that time .

The ask is , is there anyway by which I can stop the access of the all the IP on the SQL port 1433 . if I am not wrong I think I can block it using IP Security policy .....but was just trying to know if is there other way out ......Single user is NOT an option here .

Thanks
Himanshu
durai nagarajan
durai nagarajan
Hall of Fame
Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)

Group: General Forum Members
Points: 3381 Visits: 2784
A simple option disable the user which applciation uses and enable it once the activity completes.

other option is change the sql port and restart the sql service and who ever knows the port only can connect.

Regards
Durai Nagarajan
Joy Smith San
Joy Smith San
SSCertifiable
SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)

Group: General Forum Members
Points: 6212 Visits: 3200
durai nagarajan (8/21/2012)
A simple option disable the user which applciation uses and enable it once the activity completes.


Will have to do one by one, is it ?
MissTippsInOz
MissTippsInOz
Right there with Babe
Right there with Babe (769 reputation)Right there with Babe (769 reputation)Right there with Babe (769 reputation)Right there with Babe (769 reputation)Right there with Babe (769 reputation)Right there with Babe (769 reputation)Right there with Babe (769 reputation)Right there with Babe (769 reputation)

Group: General Forum Members
Points: 769 Visits: 597
You could just disable the TCP/IP protocol?

Clare
_________________________________________________________________________________________________________________
Measure twice; cut once (and have a good saw)

Hey, just a thought.....did you check Books Online yet?
ALZDBA
ALZDBA
One Orange Chip
One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)

Group: General Forum Members
Points: 28743 Visits: 8986
Just disable the logins and the engine won't let anybody in !
It works as well for SQLUsers as for windows logins and groups.


ALTER LOGIN [AnySQLUser] DISABLE ;

ALTER LOGIN [yourdomain\your_windowsgroup_EXEPT_SQL_ADMINS] DISABLE ;



Generate your scripts ( disable and enable ) up front and only touch the accounts you need !

No hassle with login triggers, ports, protocols, ...

Don't disable your SQLAdmins !

Just keep in mind to re-enable the disabled logins after your maintenance !

Johan


Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere w00t

- How to post Performance Problems
- How to post data/code to get the best help


- How to prevent a sore throat after hours of presenting ppt ?


press F1 for solution, press shift+F1 for urgent solution :-D


Need a bit of Powershell? How about this

Who am I ? Sometimes this is me Alien but most of the time this is me Hehe
himanshu.sinha
himanshu.sinha
SSC-Enthusiastic
SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)SSC-Enthusiastic (103 reputation)

Group: General Forum Members
Points: 103 Visits: 107
Disabling the TCP/IP .....sounds good ...;-) ...Will test this and let you guys know . But I foumd that we can block it using IPSEC policy .
ALZDBA
ALZDBA
One Orange Chip
One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)

Group: General Forum Members
Points: 28743 Visits: 8986
Apparently you didn't want to do a one by one approach, just generate your stuff !


Select 'ALTER LOGIN ['+ name + '] DISABLE ; '

from sys.server_principals
/* exclude disabled accounts, sysadmins and ##-accounts */
where is_disabled = 0
and IS_SRVROLEMEMBER('sysadmin', name) = 0
and name not like '##%'

order by name ;

/* only re-enable the ones you disabled !! */
Select 'ALTER LOGIN ['+ name + '] ENABLE ; '

from sys.server_principals
/* exclude disabled accounts, sysadmins and ##-accounts */
where is_disabled = 0
and IS_SRVROLEMEMBER('sysadmin', name) = 0
and name not like '##%'

order by name ;




Run the full script up front to generate ALL you need !!

Johan


Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere w00t

- How to post Performance Problems
- How to post data/code to get the best help


- How to prevent a sore throat after hours of presenting ppt ?


press F1 for solution, press shift+F1 for urgent solution :-D


Need a bit of Powershell? How about this

Who am I ? Sometimes this is me Alien but most of the time this is me Hehe
behrang1360
behrang1360
Forum Newbie
Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)

Group: General Forum Members
Points: 4 Visits: 16
when you want to develop your data base and don't want to let other users to access to you db server
you can change Sql sever db from multi user to single user so that you can access the database as Admin(sa user)
Jimbo Jones
Jimbo Jones
Forum Newbie
Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)

Group: General Forum Members
Points: 4 Visits: 79
You could also tell the firewall to block port 1433.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search