March 7, 2012 at 7:15 pm
I have been working on a project that soon will need to be run from a server through an SSIS package. I am trying to anticipate the System Administrator questions I am going to get. How are PowerShell scripts and processing handled typically in a secure company network?
My understanding is that the PowerShell process will be run from the SQL Server Agent. I am not clear about other things and considerations.
Thanks
A clever person solves a problem. A wise person avoids it. ~ Einstein
select cast (0x5365616E204465596F756E67 as varchar(128))
March 8, 2012 at 2:15 am
I think you need to specify a little more before anyone could give specific suggestions and/or advice.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
March 8, 2012 at 11:08 am
Not security related, but relevant if you use the PowerShell subsystem in SQL Agent. Make sure you choose a proper number of PowerShell worker-threads for SQL Agent to allow to run concurrently. See this thread: http://www.sqlservercentral.com/Forums/Topic1245048-1550-1.aspx
Re: security, some random thoughts, some not necessarily PS-specific:
- make sure you set the ExecutionPolicy on your server appropriately before deploying any code
- use Windows Authentication wherever possible; if you must use a login & password to do work do not store in plain-text
- store scripts in a secure location so unauthorized code cannot be injected into your scripts for later execution under elevated permissions
- use SQL Agent proxy accounts so scripts only run with privileges necessary to do their work, nothing more, nothing less
I hope that helps.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
March 8, 2012 at 8:56 pm
Thank you very much opc.three. It does help a great deal!
opc.three (3/8/2012)
Not security related, but relevant if you use the PowerShell subsystem in SQL Agent. Make sure you choose a proper number of PowerShell worker-threads for SQL Agent to allow to run concurrently. See this thread: http://www.sqlservercentral.com/Forums/Topic1245048-1550-1.aspxRe: security, some random thoughts, some not necessarily PS-specific:
- make sure you set the ExecutionPolicy on your server appropriately before deploying any code
- use Windows Authentication wherever possible; if you must use a login & password to do work do not store in plain-text
- store scripts in a secure location so unauthorized code cannot be injected into your scripts for later execution under elevated permissions
- use SQL Agent proxy accounts so scripts only run with privileges necessary to do their work, nothing more, nothing less
I hope that helps.
A clever person solves a problem. A wise person avoids it. ~ Einstein
select cast (0x5365616E204465596F756E67 as varchar(128))
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply