Chapter 1 Securing Your Server and Network (7): Disable SQL Server Browse

Original: Chapter 1 securing Your Server and Network (7): Disable SQL Server Browse

Source: http://blog.csdn.net/dba_huangzj/article/details/38227187, Special catalogue:http://blog.csdn.net/dba_huangzj/ article/details/37906349

No person shall, without the consent of the author, be published in the form of "original" or used for commercial purposes, and I am not responsible for any legal liability.

Previous article: http://blog.csdn.net/dba_huangzj/article/details/38082123

Objective:

The SQL Server Browser service starts automatically when you install a SQL Server cluster or named instance, and it is used to interact with the SQL Server instance on the machine and to have the client send information through the port on which the named instance is listening. To block an instance of SQL Server, you can stop the instance from running, or configure it to not respond to broadcast requests.

Realize:

When you upgrade SQL Server, install into a clustered environment, install a named instance, SQL Server Browser starts automatically, and you can check whether it is running by following these steps and disable:

1. Open SQL Server Configuration Manager, select the SQL Server service tag, double-click the SQL Server Browser service, and in the Login tab, click Stop to stop the SQL Server Browser service.
2. Select the Services tab and in startup mode, select Disabled:
3. If you have a named instance, you need to set up a fixed TCP port for the client to access the named instance, you can find the corresponding protocol in the SQL Server Network configuration node in Configuration Manager, right-click on the "TCP/IP" button "Properties":
4. In the property page, in IP address, select the IP address used by the client to access SQL Server's interface, and if the TCP Dynamic ports property is 0, remove and enter the port you want.
5. Restart SQL Server for the modifications to take effect.
6. You can use the < server name >,< port number > To test in the connection string, such as sql1,8200 (assuming that 8200 is defined as a TCP port), the full string:

Data source= sql1,8200;initial catalog=adventureworks2012; User id=fred; password= #Fr3d!;

Original Source:http://blog.csdn.net/dba_huangzj/article/details/38227187, featured catalogue:http://blog.csdn.net/dba_huangzj/article/details/37906349

Principle:

The default instance listens on port 1433, and if a named instance is installed, the port is dynamically assigned when the service restarts/starts, in order to access the port and start the TCP session, the client sends a request to the UDP 1434 port that SQL Server browser listens on.

Additionally, the client sends a broadcast request to the network to search for a SQL Server instance that is available, and SQL Server Browser is responsible for responding to this request, and if there is only one instance, SQL Server Browser is not necessary, and the default installation is disabled. In multi-instance environments, disabling browser can improve security.

More information:

If you want to preserve the dynamic port functionality but want to block the instance, you can let SQL Server browser not display the SQL Server instance, just open the SQL Server Network Configuration node in SQL Server Configuration Manager and right-click the < instance name > protocol , open properties, and select Yes in hidden instances on the flags page.

Filed under: http://blog.csdn.net/dba_huangzj/article/details/38263043

Chapter 1 Securing Your Server and Network (7): Disable SQL Server Browse