Microsoft has turned off all the potential features of SQL Server 2005 that could be susceptible to security risks and hacker attacks. Many features of SQL Server 2005 i.e. xp_cmdshell, DAC etc comes disabled by default, this makes the vulnerable surface area less visible to potential attacks. The Surface Area Configuration tool provides DBAs with a single, easy-to-use method of configuring external security of SQL Server. Use SQL Server Surface Area Configuration to enable, disable, start, or stop the features, services, and remote connectivity of your SQL Server 2005 installations. You can use SQL Server Surface Area Configuration on local and remote servers.
Following are the features of the SQL Server Surface Area Configuration Tool, which can be turned on and off as needed by application.
Analysis Services Features
- Ad-hoc Data Mining Queries
- Anonymous Connections
- Linked Objects
- User-Defined Functions
Database Engine Features
- Ad-hoc Remote Queries
- CLR Integration
- Database Mail
- HTTP Access
- OLE Automation
- Service Brokerenables
- SMO and DMO
- SQL Mail
- Web Assistant
- xp_cmdshell
Reporting Services Features
- HTTP and Web Service Requests
- Scheduled Events and Report Delivery
Following are the services of the SQL Server Surface Area Configuration Tool, which can be turned on and off as needed by application. Not all services are available in all the edition of SQL Server.
- Analysis Services
- Database Engine
- Full-Text Search Service
- Integration Services Service
- MSSQLServerADHelper Service
- Notification Services Service
- Reporting Services Service
- SQL Server Agent Service
- SQL Server Browser Service
- SQL Server Writer Service
Following diagrams explains the methods to enable the features and services using SQL Server Surface Area Configuration Tool.
1) On the Start menu, point to All Programs, Microsoft SQL Server 2005, Configuration Tools, and then click SQL Server Surface Area Configuration.
2) Click the change computer link adjacent to Configure Surface Area for. The default value is localhost. This can be changed and connected to any other SQL Server node.
3) After selecting the computer to configure, you can launch either of services.
- Surface Area Configuration for Services and Connections
- Surface Area Configuration for Features
Reference : Pinal Dave (http://blog.SQLAuthority.com) , BOL, All the image are protected by copyright owned by SQLAutority.com
pinaldave
Full Text Indexing and security at the file level?
We have some FULL Text indexes on semi-sensitive data\columns – and info could be gleaned from looking for just specific words (presense or absence of them).
I have not found anything that tells me how concerned I should be (or not be) with locking down the files from being seen/read/copied.
They are binary, to my basic editor, but are they readable\hackable?
Also are there any stats on how much overhead is involved in the maintenance of a FULL Text index on a table that is updated frequently?
I’m using Vista Home Premium and I installed already MS SQL Server 2005 in it and also the SQL Server Management Studio Express.
I need to enable remote connections in order to succesfully connect to my local database and I can do that by going to SQL Server Surface Area Configuration. But after installing all these (also SQL Server 2005 SP2) I can’t find that option. Did I missed something?
Only the SQL Error and Usage Reports Settings appears under the Configuration Tools.
I have a problem like this at the moment.
Please send me your quick advice.
make sure you have installed SQL Server 2005 Express Edition as well as the Management Studio Express. At first I thought MSE included SQL Server but it doesn’t, once both are installed the start menu icons you’re missing will appear.
I am helping a friend that has a log file that is 16gb. When i went to use the surface config tool in sql 2005, it is simply not there. how do i install this feature? thanks for your help!
Thanks for taking the time to write-up this fix.
We had just done an upgrade from SQL 2005 Eval to SQL 2005 Std and I would have been spinning my wheels trying to resolve what I thought were upgrade issues.
I am getting ‘failed to connect localhost\ACT7 (Microsoft.sqlserver.connectioninfo)’ and not able to login when i am clicking ’surface area configuration for features’. Please help me. Thanks
hi i have sql server 2005 in my pc.I am getting the following error while click on surface area configurations for services and connections,computer cannot be configured remotely make sure remote computer has windows instrumentation management and try again.wats this?