Surface Area Configuration (SAC)

Surface Area Configuration (SAC) is an example of Microsoft's commitment to security initiatives in SQL Server 2005. SAC refers to two things: the features and components that are not implicitly installed or activated during setup and a new tool that you can use to enable or disable features, services, and network protocols. By having you selectively install or activate the components and by providing the SAC tool, SQL Server 2005 lets you protect your SQL Server 2005 environment by reducing the attackable area of a system.

When you install SQL Server 2005, components such as Analysis Services, Reporting Services, Notification Services, Full-Text Search, and Integration Services are not implicitly selected. You can explicitly select to install these components.

SQL Server 2005 by default disables several engine features, such as CLR integration, execution of xp_cmdshell extended stored procedures, SQLMail, Database Mail, execution of OLE automation stored procedures, ad hoc distributed queries using OPENDATASET and OPENDATASOURCE, Web Assistant stored procedures, and so on. You can turn these features on or off by using the sp_configure stored procedure or by using the SAC tool. As in the database engine, certain Analysis Services features are also turned off. These include ad hoc data mining queries using OPENROWSET, anonymous connections, user-defined functions written using .NET CLR or COM, and linked objects. You can use the SAC tool (which you open by selecting Start | All Programs | Microsoft SQL Server 2005 | Configuration Tools | SQL Server Surface Area Configuration) to enable or disable these features as well. The sys.system_components_surface_area_configuration security catalog view can be used to obtain a list of executable system objects that can be enabled or disabled by SAC.

Figure 7.4 shows the SAC tool to configure services and network protocols.

Figure 7.4. SAC is a new tool dedicated to protecting SQL Server 2005 systems by reducing the attackable surface area.

Figure 7.5 shows the SAC tool for configuring database engine and Analysis Services features.

Figure 7.5. In addition to services and network connections, SAC can also be used to enable and disable database engine and Analysis Services features.

Table 7.1 lists the engine features that can be turned on or off.

Table 7.1. SQL Server 2005 Database Engine Features





CLR Integration

clr enabled

Enables executing .NET CLR stored procedures, triggers, user-defined types, and userdefined functions.


HTTP Access

Not applicable

The tool lists all the current HTTP endpoints and allows you to start or stop an HTTP endpoint.

No HTTP endpoints are created by default.



Enables running an xp_cmdshell extended stored procedure, which allows running operating system commands from within SQL Server.


Web Assistant Stored Procedures

Web Assistant Procedures

Allows generating HTML files from SQL Server databases.



Ad hoc distributed queries

Supports ad hoc connections to remote data sources without linked or remote servers.


Database Mail

Database Mail XPs

Enables sending emails over SMTP by using Database Mail.


SQL Mail

SQL Mail XPs enabled

Enables sending emails by using MAPI-based SQL Mail.


OLE Automation

OLE automation procedures

Enables calling COM automation objects from within T-SQL code by using sp_OAxxx procedures.


Service Broker Endpoints

Not applicable

Allows enabling or disabling endpoints created for Service Broker communication across instances.

No Service Broker Endpoints created by default.

SMO and DMO Extended Stored Procedures


Enables access to SMO and DMO.


Remote Dedicated Administrator Connection (DAC)

Remote admin connections

Enables DAC from a remote computer.


SQL Server Agent Extended Stored Procedures

Agent XPs

Enables executing SQL Server Agent extended stored procedures.


Replication Extended Stored Procedures

Replication XPs

Enables executing Replication extended stored procedures.


Microsoft SQL Server 2005(c) Changing the Paradigm
Microsoft SQL Server 2005: Changing the Paradigm (SQL Server 2005 Public Beta Edition)
ISBN: 0672327783
EAN: 2147483647
Year: 2005
Pages: 150 © 2008-2017.
If you may any questions please contact us: