Академический Документы
Профессиональный Документы
Культура Документы
B ASICS
Configure a Windows Firewall for Database Engine
Access
SQL Server 2016
Topic Status: Some information in this topic is preview and subject to change in future releases.
Preview information describes new features or changes to existing features in Microsoft SQL Server
2016 Community Technology Preview 2 (CTP2).
This topic describes how to configure a Windows firewall for Database Engine access in SQL Server
2016 by using SQL Server Configuration Manager. Firewall systems help prevent unauthorized access
to computer resources. To access an instance of the SQL Server Database Engine through a firewall,
you must configure the firewall on the computer running SQL Server to allow access.
For more information about the default Windows firewall settings, and a description of the TCP ports
that affect the Database Engine, Analysis Services, Reporting Services, and Integration Services,
see Configure the Windows Firewall to Allow SQL Server Access. There are many firewall systems
available. For information specific to your system, see the firewall documentation.
The principal steps to allow access are:
1. Configure the Database Engine to use a specific TCP/IP port. The default instance of the
Database Engine uses port 1433, but that can be changed. The port used by the Database
Engine is listed in the SQL Server error log. Instances of SQL Server Express, SQL Server
Compact, and named instances of the Database Engine use dynamic ports. To configure these
instances to use a specific port, see Configure a Server to Listen on a Specific TCP Port (SQL
Server Configuration Manager).
2. Configure the firewall to allow access to that port for authorized users or computers.
Note
The SQL Server Browser service lets users connect to instances of the Database Engine that are not listening
on port 1433, without knowing the port number. To use SQL Server Browser, you must open UDP port
1434. To promote the most secure environment, leave the SQL Server Browser service stopped, and
configure clients to connect using the port number.
Note
By default, Microsoft Windows enables the Windows Firewall, which closes port 1433 to prevent Internet
computers from connecting to a default instance of SQL Server on your computer. Connections to the default
instance using TCP/IP are not possible unless you reopen port 1433. The basic steps to configure the
Windows firewall are provided in the following procedures. For more information, see the Windows
documentation.
As an alternative to configuring SQL Server to listen on a fixed port and opening the port, you can list
the SQL Server executable (Sqlservr.exe) as an exception to the blocked programs. Use this method
when you want to continue to use dynamic ports. Only one instance of SQL Server can be accessed in
this way.
1
Introduction to SQL
In This Topic
Before you begin:
Security
To configure a Widows Firewall for Database Engine access, using:
https://msdn.microsoft.com/en-us/library/ms175043.aspx
Introduction to SQL
Opening ports in your firewall can leave your server exposed to malicious attacks.
Make sure that you understand firewall systems before you open ports. For more information, see Security
Considerations for a SQL Server Installation
1. On the Start menu, click Run, type WF.msc, and then click OK.
2. In the Windows Firewall with Advanced Security, in the left pane, right-click Inbound
Rules, and then clickNew Rule in the action pane.
3. In the Rule Type dialog box, select Port, and then click Next.
4. In the Protocol and Ports dialog box, select TCP. Select Specific local ports, and then type
the port number of the instance of the Database Engine, such as 1433 for the default
instance. Click Next.
5. In the Action dialog box, select Allow the connection, and then click Next.
6. In the Profile dialog box, select any profiles that describe the computer connection
environment when you want to connect to the Database Engine, and then click Next.
7. In the Name dialog box, type a name and description for this rule, and then click Finish.
1. On the Start menu, click Run, type WF.msc, and then click OK.
2. In the Windows Firewall with Advanced Security, in the left pane, right-click Inbound
Rules, and then clickNew Rule in the action pane.
3. In the Rule Type dialog box, select Program, and then click Next.
4. In the Program dialog box, select This program path. Click Browse, and navigate to the
instance of SQL Server that you want to access through the firewall, and then click Open. By
default, SQL Server is atC:\Program Files\Microsoft SQL
Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\Sqlservr.exe. Click Next.
5. In the Action dialog box, select Allow the connection, and then click Next.
6. In the Profile dialog box, select any profiles that describe the computer connection
environment when you want to connect to the Database Engine, and then click Next.
7. In the Name dialog box, type a name and description for this rule, and then click Finish.
https://msdn.microsoft.com/en-us/library/ms175043.aspx
Introduction to SQL
The SQL Server Database Engine ships with a variety of tools. This topic describes the first tools you
will need, and helps you select the right tool for the job. All tools can be accessed from
the Start menu. Some tools, such as SQL Server Management Studio, are not installed by default.
You must select the tools as part of the client components during setup. For a complete description of
the tools described below, search for them in SQL Server Books Online. SQL Server Express contains
only a subset of the tools.
Basic Tools
SQL Server Management Studio is the principal tool for administering the Database Engine
and writing Transact-SQL code. It is hosted in the Visual Studio shell. It is not included in SQL
Server Express but is available as a separate download from Microsoft Download Center.
SQL Server Configuration Manager installs with both SQL Server and the client tools. It lets you
enable server protocols, configure protocol options such as TCP ports, configure server
services to start automatically, and configure client computers to connect in your preferred
manner. This tool configures the more advanced connectivity elements but does not enable
features.
Sample Database
The sample databases and samples are not included with SQL Server. Most of the examples that are
described in SQL Server Books Online use the AdventureWorks2012 sample database.
On the Start menu, point to All Programs, point to Microsoft SQL Server 2016, and then
click SQL Server Management Studio.
On the Start menu, point to All Programs, point to Microsoft SQL Server 2016, point
to Configuration Tools, and then click SQL Server Configuration Manager.
If you are connecting to SQL Server 2005 on Windows Vista or Windows Server 2008 (or more
recent), you may need to right-click Management Studio and then click Run as Administrator in
order to connect using your Administrator credentials. Starting in SQL Server 2008, setup adds
selected logins to SQL Server, so your Administrator credentials are not necessary.
2. In the Connect to Server dialog box, click Cancel.
https://msdn.microsoft.com/en-us/library/ms175043.aspx
Introduction to SQL
3. If Registered Servers is not displayed, on the View menu, click Registered Servers.
4. With Database Engine selected on the Registered Servers toolbar, expand Database
Engine, right-clickLocal Server Groups, point to Tasks, and then click Register Local
Servers. All instances of the Database Engine installed on the computer are displayed. The
default instance is unnamed and is shown as the computer name. A named instance displays
as the computer name followed by a backward slash (\) and then the name of the instance.
For SQL Server Express, the instance is named <computer_name>\sqlexpress unless the
name was changed during setup.
Introduction to SQL
This is basic information to get you started. SQL Server provides a rich security environment, and security is
obviously an important aspect of database operations.
https://msdn.microsoft.com/en-us/library/ms175043.aspx
Introduction to SQL
Enabling Protocols
To enhance security, SQL Server Express, Developer, and Evaluation install with only limited
network connectivity. Connections to the Database Engine can be made from tools that are
running on the same computer, but not from other computers. If you are planning to do your
development work on the same computer as the Database Engine, you do not have to
enable additional protocols. Management Studio will connect to the Database Engine by
using the shared memory protocol. This protocol is already enabled.
If you plan to connect to the Database Engine from another computer, you must enable a
protocol, such as TCP/IP.
You must restart the SQL Server service after you make changes to network protocols; however, this
is completed in the next task.
https://msdn.microsoft.com/en-us/library/ms175043.aspx
Introduction to SQL
Port number assignments are managed by the Internet Assigned Numbers Authority and are listed
athttp://www.iana.org. Port numbers should be assigned from numbers 49152 through 65535.
Opening ports in your firewall can leave your server exposed to malicious attacks. Be sure to understand
firewall systems before opening ports. For more information, see Security Considerations for a SQL Server
Installation.
After you configure the Database Engine to use a fixed port, follow the following instructions
to open that port in your Windows Firewall. (You do not have to configure a fixed port for the
default instance, because it is already fixed on TCP port 1433.)
Introduction to SQL
5. In the Action dialog box, select Allow the connection, and then click Next.
6. In the Profile dialog box, select any profiles that describe the computer connection
environment when you want to connect to the Database Engine, and then click Next.
7. In the Name dialog box, type a name and description for this rule, and then click Finish.
For more information about configuring the firewall including instructions for Windows Vista,
see Configure a Windows Firewall for Database Engine Access. For more information about the default
Windows firewall settings, and a description of the TCP ports that affect the Database Engine,
Analysis Services, Reporting Services, and Integration Services, see Configure the Windows Firewall
to Allow SQL Server Access.
If you omit tcp: from the Server name box, then the client will attempt all protocols that are
enabled, in the order specified in the client configuration.
4. In
the Authentication box,
click Connect.
confirm Window
Authentication,
and
then
https://msdn.microsoft.com/en-us/library/ms175043.aspx