SUMMARY
Some instances of the SQL Server 2000 Personal Edition and
the SQL Server 2000 Desktop Engine (also known as MSDE 2000) may operate as
local data stores, used only by applications that are running on the same
computer. If network connections are never made to these instances of MSDE
2000, the instances do not require network support and it is prudent to turn
off resources that are not required.
If you are using SQL Server 2005The same concepts and discussions about SQL Server 2000
also apply to SQL Server 2005 and SQL Server Express. For more information
about this subject in SQL Server 2005, see the following topics in SQL Server
2005 Books Online:
- How to: Configure Client Protocols (SQL Server
Configuration Manager)
- Configuring Server Network Protocols and Net-Libraries
- Default SQL Server Network Configuration
MORE INFORMATION
Each instance of SQL Server 2000 or MSDE 2000 can be
configured to listen on a specific set of network protocols and addresses. If
an instance does not require network connectivity, turning off the unused
network support decreases the security dependencies of the instance. You can do
this by configuring the instance to not listen on any network protocols.
Typically, you only do this with the versions of SQL Server 2000 that operate
as local data stores:
- SQL Server 2000 Personal Edition
- SQL Server 2000 Desktop Engine (MSDE 2000)
As soon as you configure an instance of SQL Server not to
listen for network protocols, all applications on the same computer communicate
with the instance by using the shared memory Net-Library.
Turning off
the network protocol support does not imply that the network protocols are
inherently insecure. Any time a program accesses an external resource; the
program acquires dependencies on the security of the external resource, even if
the external resource is very secure. by turning off unused resources, the
program simply reduces its security dependencies.
Note All administration of that instance must be completed on the
computer that is instance is running on.
Instances of SQL Server 2000
SP3a or MSDE 2000 SP3a will stop listening on UDP port 1434 when they are
configured to not listen on any network protocols. Earlier versions of SQL
Server 2000 or MSDE 2000 always listen on UDP 1434, regardless of their
configuration. For more information, please see the Readme.htm for SP3a,
available from the following Microsoft Web site:
SQL Server version 2000 Service
Pack 3a Readme.htmIf the instance is running in Windows
Authentication mode, one of the Windows accounts on that computer must be a
member of the SQL Server
sysadmin fixed server role. If the instance is running in mixed mode,
administrators can log in by using the sa account or by using a Windows account
that is in the SQL Server
sysadmin fixed server role.
To use the SQL Server 2000 Server
Network utility to configure an existing instance of SQL Server 2000 or MSDE
2000 not to listen for network connections, follow these steps:
- If the SQL Server client tools are installed on the
computer, open the Microsoft SQL Server program group, and then start the
Server Network utility. If the SQL Server client utilities are not installed,
run the Svrnetcn.exe file that is in the SQL Server Tools\Binn folder.
Generally, the reason the SQL Server client utilities are not installed on a
computer is that the computer is only running instances of MSDE 2000 that do
not give the user a license to use the SQL Server client
utilities.
For more information about the folder structure for SQL
Server 2000 files, visit the following Microsoft Web site:
File Locations for Multiple Instances of SQL
Server - On the General tab, select the name of
the instance of SQL Server in the Instance(s) on this computer
list box. Click to select servername for the default instance,
or select servername/instancename for any named instance.
- To limit the instance of SQL Server to only permit local
connections, click Disable until there are no protocols listed
in the Enabled protocols list. If you have to change this
later to permit remote connections, reverse this process and enable one or more
protocols.
- Click OK.
- Restart the instance of SQL Server for the changes to take
effect.
You can use the SQL Server 2000 Server Network utility to enable
network connections to an instance of SQL Server 2000 that is currently
configured not to support them.
The DISABLENETWORKPROTOCOLS Switch
The SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 3
Setup program introduced a new DISABLENETWORKPROTOCOLS switch that you can use
to install a new instance of MSDE 2000 that does not have any network
connectivity enabled.
For SP3, the behavior of this switch is such
that if DISABLENETWORKPROTOCOLS is not specified, the instance is installed
with network protocol connections enabled. If you specify
DISABLENETWORKPROTOCOLS=1, no network protocols are enabled for that
instance.
There are two changes to the behavior of
DISABLENETWORKPROTOCOLS in SP3a:
- The default when installing a new instance of SP3a is to
disable network protocol support, making the instance more secure by
default.
- You can specify that the network protocol support be turned
off when upgrading an existing instance of MSDE 2000.
The following tables describe this behavior:
New
installations of MSDE 2000 SP3a.
| Current Setting | User-specified Network Protocols
Setting | Network Protocols Result |
| None | Disabled | Disabled |
| None | Enabled | Enabled |
| None | No User-specified Setting | Disabled |
Upgrades to MSDE 2000 SP3a
| Current Setting | User-specified Network Protocols
Setting | Network Protocols Result |
| Disabled | Disabled | Disabled |
| Disabled | Enabled | Enabled |
| Disabled | No User-specified
setting | Disabled |
| Enabled | Enabled | Enabled |
| Enabled | Disabled | Disabled |
| Enabled | No User-specified
setting | Enabled |
Note The /DISABLENETWORKPROTOCOLS switch is not listed when you run
the MSDE 2000 setup.exe with the "/?" switch to list the switches it supports.
For more information about DISABLENETWORKPROTOCOLS, please see the
SQL Server 2000 Service Pack 3a Readme file available from the following
Microsoft Web site
SQL Server version
2000 Service Pack 3a Readme.htm