Curious to see if anyone has done this or thought of doing this.
Our Security team was questioning if we really need to install the workstation components on our production database server. An interesting question????
Preface: The DB servers reside in a separate domain from the web servers and the application servers and a firewall is in front of the DB server. So it is configured like this. Internet-->Firewall-->Web Server-->Firewall-->App Server-->Firewall-->DB Server.
Basically their argument goes like this...a management network exists that has the workstation components on it and we should be using it to connect to the DB server. Also, if a hacker were to get to this, the command line sql utility would be there and thus it would put the data at greater risk. Simply they are arguing that if the workstation tools, BOL,... aren't there it would make it harder for the hacker.
My argument is to install them as there will be a time when the management network isn't there and I will need those utilities to do something on the server. The command line sql utility isn't really required to get inside the database, you can get to it via other methods, .Net, ASP, SQL-DMO,...you don't necessarily need the Management Studio or the command line utility. So it is really pointless to hamstring the DBA like this as they will be breathing down his neck when something does (and will) go wrong with the server.
I am curious to see what you all have done for your production database servers?