Export (0) Print
Expand All

SQL Server Surface Area Configuration

SQL Server 2005

Updated: 17 July 2006

Surface area reduction is a security measure that involves stopping or disabling unused components. Surface area reduction helps to improve security by providing fewer avenues for potential attacks on a system.

For new installations of Microsoft SQL Server 2005, some features, services, and connections are disabled or stopped to reduce the SQL Server surface area. For upgraded installations, all features, services, and connections remain in their pre-upgrade state.

Use SQL Server Surface Area Configuration to enable, disable, start, or stop the features, services, and remote connectivity of your SQL Server 2005 installations. You can use SQL Server Surface Area Configuration on local and remote servers.

SQL Server Surface Area Configuration uses Window Management Instrumentation (WMI) to view and change server settings. WMI provides a unified way for interfacing with the API calls that manage registry operations that configure SQL Server. For information about configuring permissions related to WMI, see the topic How to: Configure WMI to Show Server Status in SQL Server Tools.

After you install SQL Server 2005 or upgrade to SQL Server 2005, you should run SQL Server Surface Area Configuration to verify which features and services are enabled and running, and to verify which types of connections SQL Server 2005 will accept. After initial configuration, you can use SQL Server Surface Area Configuration to verify or change the state of features, services, and connections.

SQL Server Surface Area Configuration is available on the SQL Server Start menu:

  • On the Start menu, point to All Programs, Microsoft SQL Server 2005, Configuration Tools, and then click SQL Server Surface Area Configuration.

The first page to appear is the SQL Server Surface Area Configuration start page. On the start page, specify which server you want to configure:

  1. Click the change computer link adjacent to Configure Surface Area for. The default value is localhost. If you previously selected a named server, you would see the server name.
  2. In the Select Computer dialog box, do one of the following:
    • To configure SQL Server 2005 on the local computer, click Local computer.
    • To configure SQL Server 2005 on another computer, click Remote computer, and then enter the computer name in the text box.
    • To configure a failover cluster, click Remote computer, and then enter the failover cluster instance name in the text box.
  3. Click OK.

After selecting the computer to configure, you can launch two tools:

  • Use Surface Area Configuration for Services and Connections to enable or disable Windows services and remote connectivity.
    For descriptions of the service and connectivity settings and defaults for those settings, see Surface Area Configuration for Services and Connections.
  • Use Surface Area Configuration for Features to enable and disable features of the Database Engine, Analysis Services, and Reporting Services.
    For descriptions of the features and information about default feature settings, see Surface Area Configuration for Features.

To import and export surface area settings, use the sac command-prompt utility. Using this utility, you can configure the surface area on one computer, and then apply the same settings to other computers.

The easiest way to use the sac utility is to use SQL Server Surface Area Configuration to configure one computer, and then use the sac utility to export the settings of that computer to a file. You can use that file to apply the same settings to SQL Server 2005 components on other computers.

For more information, see sac Utility.

Release History

17 July 2006

Changed content:
  • Updated the introduction to state why it is good to reduce the surface area of a system.
  • Added section about when to use the surface area configuration tools.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft