locked
SQL Server 2012 Best Practices Analyzer Security RRS feed

  • Question

  • I would like to run SQL Server 2012 BPA on a cloud server and I want it to be as secure as possible. However, SQL Server 2012 BPA enables PSRemoting and makes a number of other configuration changes. Is it correct to say that a server is less secure after making these changes? Is there any way around this?
    Thursday, December 27, 2012 4:24 PM

Answers

  • Addition to above responses, you can choose to configure restrictive authentication. For details, please refer Installation and Configuration for Windows Remote Management.


    Please use Marked as Answer if my post solved your problem and use Vote As Helpful, if a post was useful to help other user's find a solution quicker.

    • Marked as answer by TD615 Friday, January 4, 2013 11:59 AM
    Tuesday, January 1, 2013 11:20 AM

All replies

  • What changes does it make?

    Best Regards,Uri Dimant SQL Server MVP, http://sqlblog.com/blogs/uri_dimant/

    MS SQL optimization: MS SQL Development and Optimization
    MS SQL Blog: Large scale of database and data cleansing
    Remote DBA Services: Improves MS SQL Database Performance

    Sunday, December 30, 2012 8:20 AM
  • Hi TD615,

    Yes, it is safe to enable PSRemoting. Additionally, to secure your SQL Server instance, we can do other things, for example, give the required permission to the user, data encryption, etc. For more detail information, please refer to the following document and the related topics.

    SQL Server Security
    http://msdn.microsoft.com/en-us/library/bb669074.aspx


    Allen Li
    TechNet Community Support

    Monday, December 31, 2012 2:57 AM
  • Hi

    What will be your IASS Windows Azure or ...?


    Ahsan Kabir Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread. http://www.aktechforum.blogspot.com/

    Monday, December 31, 2012 6:57 PM
  • Addition to above responses, you can choose to configure restrictive authentication. For details, please refer Installation and Configuration for Windows Remote Management.


    Please use Marked as Answer if my post solved your problem and use Vote As Helpful, if a post was useful to help other user's find a solution quicker.

    • Marked as answer by TD615 Friday, January 4, 2013 11:59 AM
    Tuesday, January 1, 2013 11:20 AM
  • According to the download page, it does the following:

    • Runs the Set-WSManQuickConfig cmdlet, which performs the following tasks:
      • Starts the WinRM service
      • Sets the startup type on the WinRM service to Automatic
      • Creates a listener to accept requests on any IP address
      • Enables a firewall exception for WS-Management communications
      • Enables all registered Windows PowerShell session configurations to receive instructions from a remote computer
      • Registers the "Microsoft.PowerShell" session configuration, if it is not already registered
      • Registers the "Microsoft.PowerShell32" session configuration on 64-bit computers, if it is not already registered
      • Removes the "Deny Everyone" setting from the security descriptor for all the registered session configurations
      • Restarts the WinRM service to make the preceding changes effective

    Wednesday, January 2, 2013 12:44 PM
  • I'll take a look, thanks...
    Wednesday, January 2, 2013 12:44 PM
  • I'm not sure what IASS is, but no, we are not using Windows Azure. Thanks..
    Wednesday, January 2, 2013 12:48 PM
  • Thanks for the link, I'll check it out...
    Wednesday, January 2, 2013 12:51 PM
  • Any update?

    Please use Marked as Answer if my post solved your problem and use Vote As Helpful, if a post was useful to help other user's find a solution quicker.

    Thursday, January 3, 2013 11:24 AM