Post reply

sys.configurations not showing 'common criteria compliance enabled' row

  • November 12, 2010 at 9:58 am

    #228784

    I recently discovered an oversight in my knowledge of SQL Server security (I am still a neophyte):

    Column GRANT overrides Table DENY by default.

    Apparently you can change this setting, using the "common criteria compliance enabled" advanced option:

    sp_configure 'show advanced options', 1;

    GO

    RECONFIGURE;

    GO

    sp_configure 'common criteria compliance enabled', 1;

    go

    sp_configure 'show advanced options', 0;

    GO

    RECONFIGURE;

    GO

    However, for some reason, I can't access the current state of this setting using the normal method:

    select * from sys.configurations order by name;

    I only see the related "c2 audit mode" show up, and "c2 audit mode" has been superseded by "common criteria compliance enabled". Does anyone know why I can't see the current state of this option? Is there another system view that I need to use instead? Is this a bug? I haven't found any information via Google or on MSDN about this...

  • November 12, 2010 at 10:27 am

    #1250150

    Tested and I can see it on my 2008 instance. You have permissions?

    SELECT * from sys.configurations where configuration_id = 1577

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • November 12, 2010 at 11:27 am

    #1250170

    Tried it as a user with server role sysadmin, and another time as 'sa'.

    Both times 0 records:

    select *

    from sys.configurations

    where

    name = 'common criteria compliance enabled'

    or configuration_id = 1577

    Edit: Could it be that since the option was never turned on, it is not in the table? If so, yikes. I have 64 entries in sys.configurations. I can also see advanced, restart-only options like "max worker threads" and advanced, restart-only, self-configuring options like "user connections".

  • November 12, 2010 at 11:43 am

    #1250179

    I figured this out. The version of the server is Standard Edition.

    SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPERTY ('edition')

    results in:

    10.0.2531.0SP1Standard Edition (64-bit)

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply