August 21, 2012 at 1:50 am
We are planning to do some maintanance on SS 2008 and we DO NOT want any users / application accessing the SQL server during that time .
The ask is , is there anyway by which I can stop the access of the all the IP on the SQL port 1433 . if I am not wrong I think I can block it using IP Security policy .....but was just trying to know if is there other way out ......Single user is NOT an option here .
Thanks
Himanshu
August 21, 2012 at 3:04 am
A simple option disable the user which applciation uses and enable it once the activity completes.
other option is change the sql port and restart the sql service and who ever knows the port only can connect.
Regards
Durai Nagarajan
August 21, 2012 at 10:34 pm
durai nagarajan (8/21/2012)
A simple option disable the user which applciation uses and enable it once the activity completes.
Will have to do one by one, is it ?
August 21, 2012 at 10:41 pm
You could just disable the TCP/IP protocol?
August 21, 2012 at 11:54 pm
Just disable the logins and the engine won't let anybody in !
It works as well for SQLUsers as for windows logins and groups.
ALTER LOGIN [AnySQLUser] DISABLE ;
ALTER LOGIN [yourdomain\your_windowsgroup_EXEPT_SQL_ADMINS] DISABLE ;
Generate your scripts ( disable and enable ) up front and only touch the accounts you need !
No hassle with login triggers, ports, protocols, ...
Don't disable your SQLAdmins !
Just keep in mind to re-enable the disabled logins after your maintenance !
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
August 21, 2012 at 11:56 pm
Disabling the TCP/IP .....sounds good ...;-) ...Will test this and let you guys know . But I foumd that we can block it using IPSEC policy .
August 22, 2012 at 12:10 am
Apparently you didn't want to do a one by one approach, just generate your stuff !
Select 'ALTER LOGIN ['+ name + '] DISABLE ; '
from sys.server_principals
/* exclude disabled accounts, sysadmins and ##-accounts */
where is_disabled = 0
and IS_SRVROLEMEMBER('sysadmin', name) = 0
and name not like '##%'
order by name ;
/* only re-enable the ones you disabled !! */
Select 'ALTER LOGIN ['+ name + '] ENABLE ; '
from sys.server_principals
/* exclude disabled accounts, sysadmins and ##-accounts */
where is_disabled = 0
and IS_SRVROLEMEMBER('sysadmin', name) = 0
and name not like '##%'
order by name ;
Run the full script up front to generate ALL you need !!
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
August 22, 2012 at 6:33 am
when you want to develop your data base and don't want to let other users to access to you db server
you can change Sql sever db from multi user to single user so that you can access the database as Admin(sa user)
August 23, 2012 at 5:33 pm
You could also tell the firewall to block port 1433.
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply