SQL2K WIN2K3 CONNECTION SECURITY

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

I moving an old SQL Server-backend-IIS5/ASP-fronte­­nd application to
servers with windows 2003 standard edition. One server will run the
database the other will run IIS 6.0. Note that i haven't set-up a
domain, which i think requires one machine to be domain controller
which would decrease performance and stuff. I've simply put them on the
same group.

I wan't to restrict access to the sql server so only the incomming
connection from the webserver is allowed. I can use either named
pipes(which should be the fastest protocol) or tcp(which should be
slight slower than named pipes) but I seem to have a problem. If I use
named pipes to connect, the IUSR(the user under which IIS is running)
must have access-rights to IPC$ share on the sql server. I can't seem
to set any access-right directly for IPC$ share, but I can reactivate
my guest user and then it works, but then everyone can now access the
ipc$ share so it's not really what i'm looking for.

I can also connect through TCP( and set up some kind of filter only
allowing incomming connections on port 1433 from the ip of the web
server. But i don't know how to do this. I've taken a look at the IPSec
stuff but it's all about kerberos authentication and other bull which i
don't think i need.

What i need is a simply ip port filter, which does nothing else but
reject incomming connections to sql server on port 1433 originating
from any other ip's than my webserver.

My question is how do I do this? Do i need to have a additional
"firewall" service running and, if so, how much extra overhead will
this create for the sql server.

Alternately, is it possible to change the access right for the IPC$
share manually?

Thanks in advance for any input you might have on this?

.

Relevant Pages

  • Re: IIS and SQL Server on separate machine
    ... Created a user account on the Domain Controller called ... Added this user account to the Guest Group of both SQL ... Server & the IIS Machine. ... "On the computer that is hosting SQL Server, ...
    (microsoft.public.sqlserver.connect)
  • Re: Installing IIS on a domain controller.
    ... If you are going to be using that domain *exclusively* to host a single server - your IIS server, ... it really doesn't matter how you secured the access between the SQL Server and the DC running IIS. ... This leads me to the simple conclusion that it is indeed a good idea to promote the web server to a domain controller just for the added password protection. ...
    (microsoft.public.inetserver.iis.security)
  • Re: New to Merge/Replication
    ... ADO.NET 3.0 includes "Synchronization Services" that does not require IIS. ... Hitchhiker's Guide to Visual Studio and SQL Server ... It was my deepest hope that Merge/Replication between SQL Compact Edition and SQL Server 2005 Enterprise Edition would have it's own sync services NOT dependent on IIS. ... You can use merge replication with SQL Server on your main desktop serving as the publisher with SQL Compact on PPC, TabletPC, or other desktops as subscribers, so that would probably be the easiest solution for you. ...
    (microsoft.public.sqlserver.ce)
  • Re: Help on synch to SQL server
    ... from SQL CE to SQL Server from your smart-device application's code. ... This can occur whenever the device has a network path to IIS, ... Unlike merge replication between SQL Servers where you can use RMO ... Ideally I would like to use Sql CE to synch with a SQL ...
    (microsoft.public.sqlserver.ce)
  • Re: SMS_MP_CONTROL_MANAGER error 4960
    ... When I try to restart the IIS it says nothing.... ... Manually restart the SMS Agent Host service on the MP. ... MP encountered an error when connecting to SQL Server. ... The Default Web Site is disabled in IIS. ...
    (microsoft.public.sms.setup)