To control access to your server, few things are more important than the configuration of the SQL Server’s services, components, and networking capabilities. Every SQL Server installation has a specific configuration for the services, components, and network, and the configuration determines security levels that control access in the surface area of the server such as:
Who can access the server and by what means
What SQL Server services run automatically at startup or manually as needed
Where and by what means SQL Server components can connect to (or be connected from) remote resources
By limiting these who, what, and where aspects of the server’s configuration, you reduce the server surface area, which improves the server security and can also enhance overall performance because you are running only necessary services and components.
Client access to SQL Server is managed through SQL Native Client Configuration parameters. SQL Server access to local and remote resources is managed through the SQL Server 2005 services and the SQL Server 2005 network configuration. You can manage client access, SQL Server services, and the network configuration using either SQL Server 2005 Surface Area Configuration or SQL Server Configuration Manager. These two tools are best used together, so you will learn how to use both tools in this chapter.
SQL Server 2005 Surface Area Configuration and SQL Server Configuration Manager are found under Programs or All ProgramsMicrosoft SQL Server 2005 Configuration Tools. You can also start either tool from the command line by typing sqlsac or sqlservermanager.msc at a command prompt. By default, SQL Server 2005 Surface Area Configuration and SQL Server Configuration Manager connect to the local computer. You can start SQL Server 2005 Surface Area Configuration with the focus set on a remote computer using the following syntax:
sqlsac RemoteComputer
where RemoteComputer is the name or IP address of the remote computer you want to work with, such as:
sqlsac CorpSvr04
Real World
By default, SQL Server 2005 Surface Area Configuration is stored in the %ProgramFiles%Microsoft SQL Server90Shared folder. By default, this folder is not added to the operating system command path. If you plan to use this tool, you can add the folder to the command path by following these steps:
Open a command prompt. Change to the base folder of the C drive by typing:
cd c:
Save the current path to a file by typing:
path > origpath.txt
Update the path for the current command prompt by typing:
set path=%path%;%ProgramFiles%Microsoft SQL Server90Shared
Verify the path is set correctly by typing:
path
Update the Registry to reflect the current command prompt’s path by typing:
setx PATH "%PATH%"
Be sure to type the commands with the exact case and syntax shown in these steps.