SQL Server EM/Query Analyzer Access

Hello -- we have SQL Servers running in a Service Bureau environment.  How
clients frequently use applications at their sites to access our SQL Server.
Unfortunately, some of our clients are more sophisticated than others and
know about Enterprise Manager and Query Analyzer, which they can try and use
outside of our application... assuming they know a login/password into SQL.

For those clients that know our SQL Login/Password, and since our
application doesn't use application logins, is there a way I can block
EM/Query Analyzer access from our clients and keep it available for us
internally?  Obviously, I cannot block port 1433, but I was hoping I can
restrict the apps from being used externally.

Thanks

Hi,

No, you can't restrict a user from the usage of QUERY ANALYZER/ ENTERPRISE
MANAger if they have access to your network
with SQL Server Login and password. In this case ensure that the partcular
sql server login do not have more rights.



Thanks
Hari
SQL Server MVP

"dm4714" <spam@spam.net> wrote in message
news:eR$Pz7vYFHA.3188@TK2MSFTNGP09.phx.gbl...
> Hello -- we have SQL Servers running in a Service Bureau environment.  How
> clients frequently use applications at their sites to access our SQL
> Server. Unfortunately, some of our clients are more sophisticated than
> others and know about Enterprise Manager and Query Analyzer, which they
> can try and use outside of our application... assuming they know a
> login/password into SQL.
>
> For those clients that know our SQL Login/Password, and since our
> application doesn't use application logins, is there a way I can block
> EM/Query Analyzer access from our clients and keep it available for us
> internally?  Obviously, I cannot block port 1433, but I was hoping I can
> restrict the apps from being used externally.
>
> Thanks
>
>

For what it's worth, using SQL Profiler, you can trace the user id and
application name used when a connection is made, so you can know who is
connecting via EM or QA.

"dm4714" <spam@spam.net> wrote in message
news:eR$Pz7vYFHA.3188@TK2MSFTNGP09.phx.gbl...
> Hello -- we have SQL Servers running in a Service Bureau environment.  How
> clients frequently use applications at their sites to access our SQL
Server.
> Unfortunately, some of our clients are more sophisticated than others and
> know about Enterprise Manager and Query Analyzer, which they can try and
use
> outside of our application... assuming they know a login/password into
SQL.
>
> For those clients that know our SQL Login/Password, and since our
> application doesn't use application logins, is there a way I can block
> EM/Query Analyzer access from our clients and keep it available for us
> internally?  Obviously, I cannot block port 1433, but I was hoping I can
> restrict the apps from being used externally.
>
> Thanks
>
>

You cannot prevent them from coming in, but you can watch sysprocesses
automatically and kill the process when you see it.

--
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)

I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org

"dm4714" <spam@spam.net> wrote in message
news:eR$Pz7vYFHA.3188@TK2MSFTNGP09.phx.gbl...
> Hello -- we have SQL Servers running in a Service Bureau environment.  How
> clients frequently use applications at their sites to access our SQL
> Server. Unfortunately, some of our clients are more sophisticated than
> others and know about Enterprise Manager and Query Analyzer, which they
> can try and use outside of our application... assuming they know a
> login/password into SQL.
>
> For those clients that know our SQL Login/Password, and since our
> application doesn't use application logins, is there a way I can block
> EM/Query Analyzer access from our clients and keep it available for us
> internally?  Obviously, I cannot block port 1433, but I was hoping I can
> restrict the apps from being used externally.
>
> Thanks
>
>