Re: SQL Server Specific Windows Firewall Exception

---

• From: Sue Hoegemeier <Sue_H@xxxxxxxxxxxxx>
• Date: Sun, 05 Aug 2007 21:43:21 -0600

---

You generally don't want something that installs and
automatically opens up ports - that's been a huge problem in
the past. So things are intentionally designed to be secure
by default now with the newer Microsoft services. There are
applications that use only local, nonremote connections to
SQL Server so automatically opening up ports in such cases
would unnecessarily increase the surface area of exposure to
threats, hacks.

-Sue

On Sun, 29 Jul 2007 18:30:01 -0700, Andrew Hayes
<AndrewHayes@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

If you edit File and Print Sharing in Windows Firewall, you'll see that it
lists 2 UDP ports and 2 TCP ports.

This is something that cannot be done normally but is offered through the
XPSP2 resource DLL. You can see this by looking at the registry entry for
GloballyOpenPorts under HKLM.

"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"

My question is - when will such a DLL or other method become available for
SQL Server 2005 so that we don't have to add a number of different program
and port exceptions to get remote connections and administration to work
through Windows Firewall?

Or possibly have it install the exceptions for us, such as Office 2007 does
for Groove, OneNote and Outlook? The SQL Server Surface Area Configuration
tool is the best place for such firewall changes to be chosen.

.

---

• Follow-Ups:
  • Re: SQL Server Specific Windows Firewall Exception
    • From: Andrew Hayes

• Prev by Date: RE: Create view "disconnected" (correct group this time)
• Next by Date: Re: Intermittent Login failure at boot
• Previous by thread: Re: AAArgh! sp_addlinkedserver giving me fits
• Next by thread: Re: SQL Server Specific Windows Firewall Exception
• Index(es):
  • Date
  • Thread

---

Relevant Pages ports system woes ... What exactly "removing dependency on package" means? ... port installs?). ... Allow it 3-5 hours per 1000 installed ports 8-) The good thing is that ... (freebsd-hackers) Re: How to block RealPlayer ?? ... I like the Linux idea best... ... > Doz wrote: ... >> which ports to block? ... > 1) Develop a policy where an employee who installs any unathorized ... (comp.security.firewalls) RWW Stopped working..Please Help ... SBS 2003 Standard, Dual Nics, Linksys Router, SBC Standard DSL, ... and have double checked the ports as being forwarded. ... The cert lists the same as other certs I've ... port 80 on all my installs and only connect via https. ... (microsoft.public.windows.server.sbs) Re: New FreeBSD package system (a.k.a. Daemon Package System (dps)) ... port installs, and /usr/local for local source installs. ... OS is separate from the apps. ... ports, which we promptly throw away by providing a settable LOCALBASE. ... There's a nice feeling to running the latest version of appX on FreeBSD ... (freebsd-hackers) Re: Port, package and buildworld problems. ... With some failures listed ... > The gnucash port fails in gnomeprint: ... > The shell port rc installs ok. ... Perhaps the ports tree contains all the ... (freebsd-questions)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > SQL-Server  > microsoft.public.sqlserver.connect  > 2007-08