Some SQL Server 2000 Personal Edition instances and SQL Server 2000 Desktop Engine (also known as MSDE 2000) instances may run as local data storage and are only used by applications running on the same computer. If you have never connected to these MSDE 2000 instances, you do not need network support for these instances. Closing those unnecessary resources is a wise choice. If you use SQL Server 2005 Concepts and discussions about SQL Server 2000 are also applicable to SQL Server 2005 and SQL Server Express. Each SQL Server 2000 instance or MSDE 2000 instance can be configured to listen to a specific set of network protocols and addresses. If a network connection is not required for an instance, disabling unnecessary network support reduces the Security dependency of the instance. You can do this by configuring the instance to not listen for any network protocol. In general, you should only configure SQL Server 2000 running as a local data storage: • SQL Server 2000 Personal Edition • SQL Server 2000 Desktop Engine (MSDE 2000) After an SQL Server instance is configured to not listen on the network protocol, all applications on the same computer will use the shared memory network library to communicate with it. Disabling network protocol support does not mean that network protocols are inherently insecure. When a program accesses an external resource at any time, the program obtains the dependencies related to the security of other resources, even if the other resources are very secure. By disabling unused resources, the program can reduce its security dependencies. Note: All management of this instance must be completed on the computer on which it runs. When an SQL Server 2000 SP3a or MSDE 2000 SP3a instance is configured to not listen on any network protocol, they stop listening on UDP port 1434. Early versions of SQL Server 2000 or MSDE 2000 always listen to UDP 1434 regardless of the configuration. If the instance runs in "Windows Authentication" mode, one of the Windows accounts on this computer must be a member of the SQL Server sysadmin fixed Server role. If the instance runs in mixed mode, the administrator can log on to the instance using the sa account or a Windows Account in the SQL Server sysadmin fixed Server role. To use the "SQL Server 2000 Server network" utility to configure an existing SQL Server 2000 or MSDE 2000 instance to not listen for network connections, follow these steps: 1. If you have installed the SQL Server Client tool on your computer, open the Microsoft SQL Server program group and start the "Server network" utility. If the SQL Server Client utility is not installed, run the Svrnetcn.exe file in the SQL Server Tools/Binn folder. Generally, the reason for not installing the SQL Server Client utility on a computer is that the computer only runs the MSDE 2000 instance, these instances do not allow you to use the SQL Server Client utility. 2. on the "General" tab, select the name of the SQL Server instance in the "instances on this computer" list box. Click "server name" of the default instance to select it, or select "server name/Instance name" for any specified instance ". 3. to limit the SQL Server instance to allow only local connections, click Disable until no protocols are listed in the enabled protocols list. If you need to change this setting later to allow remote connection, perform this process reversely and enable one or more protocols. 4. Click OK ". 5. Restart the SQL Server instance to make the changes take effect. For an SQL Server 2000 instance that is currently configured to not support network connections, you can use the "SQL Server 2000 SERVER network" utility to enable network connections to it. Disablenetworkprotocols Switch SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 3 installer introduces a new disablenetworkprotocols switch, you can use it to install a new MSDE 2000 instance without any network connection enabled. For SP3, if disablenetworkprotocols is not specified, the instance will be installed to enable network protocol connections. If you specify disablenetworkprotocols = 1, no network protocol is enabled for this instance. In sp3a, there are two changes to the disablenetworkprotocols behavior: • When installing a new instance of sp3a, network protocol support is disabled by default, making the instance more secure by default. • When upgrading an existing MSDE 2000 instance, you can disable network protocol support. The following table describes the behavior: MSDE 2000 sp3a installation: Result of network protocol settings specified by the current user Disabled Disabled No settings specified by the user are disabled. Upgrade to MSDE 2000 SP3a: Result of network protocol settings specified by the current user Disable disable Enable or disable Disabled without user-specified settings Enable and enable Enable or disable Enable without user-specified settings Note: When you use "/?", The/disablenetworkprotocols switch is not listed when MSDE 2000 setup.exe is enabled to list the switches it supports. |