??'s About Security Patch

Dec 28, 2001

I plan to apply the new security patch on my SQL 7.0 sp3 servers and get my SQL 2000 servers up to SP2 (which apparently already includes this)

But I was reading the Mitigating Factors in the announcement of this vulnerability and one reads as below:

"The effect of exploiting the first vulnerability would depend on how the SQL Server service was configured. SQL Server can be configured to run in a security context of the administrator’s choosing. (By default, it runs as a domain user). If best practices are followed, and the service is configured to run with the least privileges necessary, it would limit the worst-case damage an attacker could achieve. "

So my question is: What is the best practice for the SQL Server service and Agent service? Also are there resources for Best Practices?

Thanks!!

View 2 Replies


ADVERTISEMENT

Security Patch/Service Pack Questions

Sep 17, 2007

<!--[if !supportLists]--><!--[endif]-->

I posted this question before, and got a response about Windows Update. However, I work in a larger corp. and need to know if there are any other answers to this? We use a patch client that rolls out patches and service packs after we have tested them in our environment. What can we do to stay as up to date as possible for security patches?



How are security patches for SQL Server Express made available (e.g., as separate distributions or bundled into other Microsoft patch distribution mechanisms)? Are there specific procedures that I need to put in place to ensure that it gets patched on end user machines?



-Kyle

View 1 Replies View Related

MS03-031 Security Patch Indexed View Bugs...

Jan 22, 2004

Hey!

Has anybody here had any issues with the MS03-031 security patch and SQL 2000 on Windows 2003?

We recently installed this patch on one of our test SQL 2000 machines, and the performance of queries running on this machine have gone up (gotten worse) by at least 10X.

We use indexed views and all queries are run with WITH(NOEXPAND) to force the indexed view to be used.

Anyway, after the patch was installed, the queries on the indexed view will ONLY use the clustered index, and not any of the other indexes, causing a Clustered Index Scan.

I removed the patch (well, re-installed SQL) patched it up to SP3a, and performance is back to normal.

Anybody experience anything similar?
Paul

View 4 Replies View Related

SQL2K: Performance Problem With A Query After Security Patch Ms03-031

Jul 20, 2005

After applying security patch MS03-031 (Sql server ver 8.00.818) aquery that used to execute in under 2 seconds, now takes over 8Minutes to complete. Any ideas on what the heck might be going on?I have tested this extensively and can say for certain that installingthis hot fix is what has caused the performance problem. I just don'tknow why or how to fix it.Brian Oster

View 3 Replies View Related

After Applying Security Patch MS03-031, I Lose My SQL 2K Performance Monitor Counters

Aug 20, 2003

This is related to an earlier post, but I found out that I was able to see SQL Server counters in Performance monitor before applying the patch, but the counters were not present afterwards....

do I need to edit the registry ?

View 3 Replies View Related

Q323875_SQL2000_SP2_en Patch

Aug 2, 2002

I am trying to apply this patch to a Developers Edition of SQL 2000. According to the instructions, I am to replace ssnetlib.pdb, located int the binndll folder. well, this file does not exist in this or any other folder on the server. I have installed SP2 and all previous patches. Anyone have any idea why this is and how to resolve it?

Thanks,
Mitchel

View 1 Replies View Related

Need Knowledge About Patch

Jun 3, 2004

Hello, everyone:

Are ther any basic information about patch on SQL Server? How to develop patch, and run it? Thanks a lot

ZYT

View 7 Replies View Related

Do I Need To Reinstall Or Patch Something??

Apr 17, 2007

Hi,

I have discovered something wrong with my SSIS package and I thought it best to post a new thread since the problem is not what I thought it was initially.

With relation to my post of 'directory variable problem' I have now discovered by opening my project this morning that apparently my project had gone corrupt, according to the dev environment since the message reads:

"There were errors while the package was being loaded.The package might be corrupted.See the Error List for details."

The Error List:
"Error 13 Error loading MyTestSSISPackage.dtsx: The connection "(local).MyTestDB.sa" is not found. This error is thrown by Connections collection when the specific connection element is not found."
This is a buggy ADO.net connection that I deleted yesterday since, even though it connects successfully, doesn't want to work! It keeps on telling me log in failed for user <MyTestUser> even after I test it and it connects fine with the username and password during the UDL screen of the connection.. It's like it forgets the bloody password.
I created another connection, this time an OLE connection and it seems to work fine.

*EDITED*
I stand corrected..no bloody connection manager is working now. They all fail stating that they cannot connect to the db due to some or another 'unsupported' value in the connection string...the connectionstring was set up by the environment's udl????? how is this possible. I am beginning to get annoyed with SSIS

Now finally my question...WHY is it that every time I change something its like the dev environment doesn't cascade the change throughout the project or package? The problem I have been having with my variables not getting picked up with the correct values which I gave them during design time is probably also related to this. How or where can I remove the reference to this old ADO.Net connection since I cannot find it anywhere in the <package>.dtsx file?

Anyone ever experienced this?

Regards
Mike

View 2 Replies View Related

Patch Null Value?

May 11, 2007

following is my sql:


select a.dcode, b.district from table1 a, table2 b
where
a.id = b.id

and return following result:



dcode district
123 south
321 north
456 east
789 west
123
789


so for those records that district are null, how can i fill them up as i know they have the same dcode as the other records?

View 9 Replies View Related

How To Patch A 2005 Cluster?

Dec 12, 2007

According to SP1 documentation patching the Active node in a cluster will automatically apply the SP1 patch to the Passive nodes. However, I found a MS document that says if you have management tools installed on the passive node, you must patch this node separately. Is this correct?

Also, since Integration Services is not cluster-aware and therefore must be installed separately to the passive node(s), does SP1 need to be applied directly to the passive node(s) to patch Integration Services or is it automatically patched when I patch the Active node?

Thanks, Dave

View 5 Replies View Related

Patch Apply Question

Feb 11, 2008

I got 4 sql2k5 servers with service patch version as following:

Microsoft SQL Server 2005 - 9.00.2221.00 (Intel X86) Feb 9 2007 17:30:38
Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows
NT 5.2 (Build 3790: Service Pack 2)
Microsoft SQL Server 2005 - 9.00.2153.00 (Intel X86) May 8 2006 22:41:28
Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT
5.2 (Build 3790: Service Pack 2)
Microsoft SQL Server 2005 - 9.00.3054.00 (Intel X86) Mar 23 2007 16:28:52
Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT
5.2 (Build 3790: Service Pack 2)

Can anyone please advise me what is the easiest way to upgrade them to the
most updated patch version? i.e. update path.

Meanwhile, what is the best practice to apply patches? Do you go to
microsoft website and check it out daily and apply it or other tricks?
Please advise. Thanks.

View 1 Replies View Related

Error In Install Service Patch 5a

Nov 29, 1999

Hi,

I have problem in install SQL Server 6.5 service patch 5a. I download the .exe
from Microsoft and try to install it, it give error:

"setup initalizarion could not be successfully completed.
isql.exe can not be executed.
see error from relevant.OUT file. "

I thought the setup file need to run name pipes prototal instead of TCP/IP, so I change, but still give me the error. I install SS service patch 5a in other mechines before. Never has any problem. This time two of my server run into this problem, any help will be appreciated.


Eugene Shi

View 2 Replies View Related

Critical Patch KB824105 And SQL Failure

Jul 20, 2005

On the re-boot required for critical patch KB824105 MS SQL Server failed torecgnize the log on for the account it is registered under, and all otheraccounts when manually cahnged.It seems to have completely lost all ability to recognize and logon.SQL is totally hooped - no ODBC at all at the service doesn't start. At allbecause of no recognition of any accounts.Any suggestions? I've been trying for a while.

View 1 Replies View Related

Latest Sql Server 2005 Patch

Jan 27, 2008



Please advice me, now we are using service pack1, what is the latest service pack i can upgrade and has all the issues been recitified.

Thanks

View 17 Replies View Related

Determing SQL Server Patch Level

May 12, 2008

Sort of new to MSSQL and I have a problem with my maintenance script not deleting files on 2 out of 3 servers so I am trying to determine what patch level I am at.
'Server A' works as expected:

Microsoft SQL Server 2005 - 9.00.2050.00 (Intel X86)

Feb 13 2007 23:02:48

Copyright (c) 1988-2005 Microsoft Corporation

Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)


These two servers don't:
Server B.

Microsoft SQL Server 2005 - 9.00.2050.00 (Intel X86)

Feb 13 2007 23:02:48

Copyright (c) 1988-2005 Microsoft Corporation

Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 1)


Server C.
Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86)

Oct 14 2005 00:33:37

Copyright (c) 1988-2005 Microsoft Corporation

Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

So I can see where I should patch server B to SP2 but why does Server C report as 9.00.1399 SP2?

View 5 Replies View Related

Moving A Database Between Two SQL Server With Different Patch Levels

Jul 20, 2005

Hi,I need to move a database from an instance running SQL Server 2000 SP3to another running SQL Server 2000 SP2. Can I just use backup/restoreor detach/reattach and let SQL server take care of any downgrading (ifany).Many thanksGiovanni

View 4 Replies View Related

Report Server Errors After DST Patch Applied

Mar 12, 2007

After applying the DST (daylight savings time) fix by METHOD-2 in the following KB article:

http://support.microsoft.com/default.aspx/kb/914387

We are receiving the following error for all reports we currently serve:

aspnet_wp!webserver!3c88!03/12/2007-08:44:53:: e ERROR: Internal error: System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.
Parameter name: date
at System.Web.HttpCachePolicy.UtcSetLastModified(DateTime utcDate)
at System.Web.HttpCachePolicy.SetLastModified(DateTime date)
at Microsoft.ReportingServices.WebServer.ReportServiceHttpHandler.ReturnResponseHeaders(HttpClientRequest sessionManager, RSStream result, HttpResponse resp)
at Microsoft.ReportingServices.WebServer.ResponseHeaderData.ReturnResponseHeaders()
at Microsoft.ReportingServices.WebServer.HttpResponseStream.InternalFlush(Boolean finalFlush)
at Microsoft.ReportingServices.WebServer.HttpResponseStream.Close()
at Microsoft.ReportingServices.WebServer.HttpResponseStreamFactory.CloseAllOpenStreams()
at Microsoft.ReportingServices.WebServer.ReportServiceHttpHandler.RenderReport()
at Microsoft.ReportingServices.WebServer.ReportServiceHttpHandler.RenderItem(ItemType itemType)
at Microsoft.ReportingServices.WebServer.ReportServiceHttpHandler.RenderItem()
at Microsoft.ReportingServices.WebServer.ReportServiceHttpHandler.RenderPageContent()
at Microsoft.ReportingServices.WebServer.ReportServiceHttpHandler.RenderPage()


Reporting Services Version: Microsoft SQL Server Reporting Services Version 8.00.1042.00

SQL Server Version: Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)

We are using the work around specified in the following post to fix this issue:
http://groups.google.com/group/microsoft.public.sqlserver.reportingsvcs/browse_thread/thread/3f2b4854dc79e5e8/1b8261f4cf149078?lnk=st&q=Reporting+Services+dst+error&rnum=2&hl=en#1b8261f4cf149078

Any Help would be greatly appreciated!

Thanks,

ML

View 4 Replies View Related

Daylight Savings Patch For 2000 Server

Feb 13, 2007

I was wondering if there is a simple patch for 2000 server. It seems that the only fix is to edit the registry and to use the time zone editor app. If there is a simple patch like there is for the 2003 servers i would appreciate it if anyone can show me where. I have about 80+ servers with 2000!!!

Much appreciated!

View 7 Replies View Related

Rretrieve The DST Patch Updated Date In Sqlserver 2000

Oct 30, 2007



Hello all,

Hope all of us know that DST Patch update will be on 4th November,07.
Here my query is how to retrieve the DST patch updated date in sqlserver 2000?
any queries on this?
Would any one help me on this?


Thanks in advance,


View 6 Replies View Related

Setup And Upgrade :: Failed To Run Patch Request For Instance

Sep 17, 2012

Having an issue updating SQL Server 2012 RTM Standard  to CU3.I'm getting the following error from the Detail log on each try: "Error: Failed to run patch request for instance: MSSQLSERVER (exit code: -2061893565)"I've tried rebooting the server, ensuring the user running the installer is a local admin account, ran the repair wizard on the SQL install...Nothing seems to work.I have two identical servers, the first has gone smoothly, this is bugging me...

Server: Dell R720XD, Dual E5-2643 CPU, 64Gb RAM, Windows Server 2008 R2 Enterprise x64, SQL Server 2012 RTM CU2 x64 Installed.

Final result: The patch installer has failed to update the following instance: MSSQLSERVER. To determine the reason for failure, review the log files.
  Exit code (Decimal):           -2061893565
  Start time:                    2012-09-17 16:25:32
  End time:                      2012-09-17 16:28:41
  Requested action:              Patch

Instance MSSQLSERVER overall summary:
  Final result:                  The patch installer has failed to update the shared features. To determine the reason for failure, review the log files.
  Exit code (Decimal):           -2061893565
  Start time:                    2012-09-17 16:27:21
  End time:                      2012-09-17 16:28:39
  Requested action:              Patch

[code]...

View 14 Replies View Related

SQL 2012 :: Persist Security Info And Integrated Security In Connection String

Dec 4, 2014

I use from sql server 2008. and c#

what is the best connectionstring?

I don't know if i use Persist Security Info and Integrated Security or not?

And if yes then their value must be true or false?

View 1 Replies View Related

Code Access Security Across Multiple Assembly Security Extension

Oct 14, 2005

Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.

View 9 Replies View Related

SSRS -- Security Filter And Model Item Security Setting

Jul 31, 2007



Hi,


I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.


The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says:
Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.



For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;

in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.



My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?


The article also says:

"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."



So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.



I can only get one result at a time but not both:

either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.



Your help is highly appreciated!

Desperate developer

View 1 Replies View Related

Differance Between Persist Security Info And Integrated Security

Apr 26, 2007

hi i want to know what is the differance between  
Persist Security Info=False;Integrated Security=Yes;

View 1 Replies View Related

SQL Security :: Running Job As Windows Security Group

Oct 18, 2015

Is there any possibility to schedule SQL job execution as Windows Security Group? I need to run powershell script through SQL job with one of this group member's permissions. 

View 4 Replies View Related

Setup Of Security / Integrated Win Security On Vista

Jul 6, 2007

I have Sql Server Express installed on Vista (service pack 2)

I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.



The login ID of the service is added to the database.

The database has remote access turned on.

The ID is granted access to all databases within the server.

The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.

The dataserver is set with using Windows Authentication for security.



When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.



How to I get past this? I've done everything right.

View 1 Replies View Related

Use An Existing AD DL Security Group For Security Role

Jun 18, 2007

I want to use an Active Directory security group that is a Distribution List for a new role assignment for an existing report. Can someone tell me if this is possible? I get an error each time I try:














The user or group name <DLName> is not recognized. (rsUnknownUserName)"

View 1 Replies View Related

SQL 2K Security Baseline Or Security Checklist

Jul 20, 2005

Is there anybody out there with a MS SQL 2K Security Baseline orSecurity Checklist. Where can I get one????Thanks in advanceDavid

View 1 Replies View Related

SQL Security Events In Windows Security Log

Feb 28, 2008



Hi;

I am looking for a way to log all security related events for SQL in Windows Security Log. I am trying to use SCOM for monitoring SQL and I am looking at ways to generate alerts in my SCOM Console for specific events in SQL e.g. A table is deleted, user is modified, deleted, etc. Is this possible and if yes how do I achieve the same?

Rgds;

View 6 Replies View Related

Transport Security Vs Dialog Security

Aug 3, 2006

In an environment where there are many initaitors speaking to a central target with frowarders in between, from what i can understand this best policy is to disable encryption on the endpoints, since dialog encryption will be enforced this is all that is really required, is this correct.

If the endpoints used encryption the message would need to be encrypted and decrypted at each forwarder resulting in slower perfromance, where as dialog encryption would only encrypt at the sender and decrypt at the target, so is this the best way to go?

Secondly is it best practice to open a dialog initally and send messages over this dialog for years never ending the conversation? This way the services only have to authenticate eachother once, if there are no reboots etc that is of course.

I would think performance wise sending each message and ending the conversation each time is a much greater overhead ? So would it be best practice to keep dialogs open and keep sending messages ?

Initally when i was learning service broker i thought that one must send a message and end the dialog until the next message, but i think the other way is the best option ?

Is this correct ?

Thanx

View 1 Replies View Related

Dialogue Security Vs Transport Security

Feb 19, 2007

Hi

I'm designing a distributed application where I will have SQL Server 2005 distributed databases replicating data to my central hub which is again a SQL Server 2005 database using SQL Service Broker. Data will be sent from the central hub to the distributed sites and vice versa. I need to authenticate the communication and also secure the communication by encrypting the messages. Which security shall I use? Where do I configure the type of security being used? What is the difference between transport security Vs dialogue security - Full security model?



Thanks

View 4 Replies View Related

NT Security Vs SQL Server Security

Jun 19, 2000

Hi:

Can anybody tell me the advantage and disadvantage to use NT security for SQL Server 7.0? For a corporation with 400 users, what is your recommendation for the SQL Server security management. Thanks.

Joan

View 1 Replies View Related

Windows Security Vs. SQL Security

Jul 30, 2004

What's the better security to use? Currently I'm always registering using the Windows authentication. When I'm trying to register using SQL authentication I always get "Login failed for user 'sa'" error....

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved