Avoid SQL Server accidental Database and physical files/ log files corruption RRS feed

  • Question

  • Hi 

    We do periodically security  patches  on windows VM which run SQL Servers . My question to expert advise.

    SQL Server installed on C:\Program Files\Microsoft SQL Server

    Other physical files on H ,D , T drives 

    Q1. Our windows team  has admin privileges  to SQL physical file locations. When apply Monthly security patches does this apply to SQL server binaries locations ?

    C:\Program Files\Microsoft SQL Server location ?

    Q2. how to prevent accidental  action of delete/modify/alteration  SQL Server  physical files

    Q3  Advise to prevent access  SQL server files location while enable windows patching process  

    I would much appreciate your expert advise. 




    • Edited by ashwan Thursday, July 18, 2019 6:15 AM
    Thursday, July 18, 2019 6:14 AM


All replies

  • Q1: No

    Q2: As with any other application: Test it on a test machine before applying to production

    Q3: Windows OS updates don't touch SQL Server files, only SQL Server updates do ... see Q2

    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    Thursday, July 18, 2019 6:21 AM
  • Hi Olaf Many thanks for your great advise. if I asked to restrict access to 

    C:\Program Files\Microsoft SQL Server and other drivers(H ,D , T drives )  or driver locations 

    D:\Microsoft SQL Server

    H:\Microsoft SQL Server

    will that can   stop  accidentally DB corruptions ?

    What other locations you would advise while enable windows patching .

    Thank you   

    Thursday, July 18, 2019 6:31 AM
  • I work with SQL Server for over 25 years and I never have had the case that a Windows updated harm SQL Server in any way, so I don't understand what you worry about.

    Ensure that you have a working backup procedure of your databases and everything is fine.

    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    Thursday, July 18, 2019 7:37 AM
  • Hi Olaf My question is I dont mean windows update harm to SQL Servers. I am worried with people have admin access to server can Access the Server and  harm SQL Server binaries and locations accidentally  . Therefor how to mitigate this. 

    I am not sure some windows update come with  SQL Security patches as well. In this case  C:\Program Files\Microsoft SQL Server need  full  access for windows team . 


    • Edited by ashwan Thursday, July 18, 2019 10:06 AM
    Thursday, July 18, 2019 10:02 AM
  • If a user is an "administrator", you cannot restrict them in any way.  They are immune to all security checks.  You have to trust your administrators.  If you don't, you need to fire them.

    Thursday, July 18, 2019 12:02 PM