MS03-031 Problems

From: Tim (timrichardson_at_nospam.com)
Date: 09/11/03

Next message: Otis Bricker: "Why use Windows Authentication?"
Previous message: Kalen Delaney: "Re: Sql Profiler trace file converted to a table"
Next in thread: Mateo: "Re: MS03-031 Problems"
Reply: Mateo: "Re: MS03-031 Problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 11 Sep 2003 13:12:57 -0700

I manage several SQL Servers (2000 Enterprise Edition
SP3a) on Windows Server 2000 SP4. Each server has a
default instance and two or more named instances
installed as well. These servers run in a Windows NT4
domain. Our clients log into this domain as well as a
Novel NDS domain. Our client workstations are either NT4
workstations managed by Novel Zenworks or unmanaged
Windows XP machines.

Our systems were recently audited and we were compelled
to apply all of the most recent patches. Unfortunately,
the cumulative patch correcting the Named Pipes
vulnerability (MS03-031) seems to have made connecting to
our SQL Servers rather difficult (and in one case
impossible). Client machines, running various
applications, began returning "SQL Server does not exist
or access denied errors" (similar to the ones described
in the Knowledge Base article KB823492).

Our SQL Service accounts are configured as domain users
(with permission sets like those described in KB283811).
I have found that if I configure the service accounts to
be members of the local adiministrator group, I can
connenct without difficulty. When I remove them from the
admin group, I get the error described above. This
problem does not mainfest itself on the one SQL Server
(SP3a) that I have that is not patched with MS03-031.

My question is what permissions do I need to add to my
domain user accounts to allow them to
create/maintian/utilize a named pipe connections with
this patch in this environment?

It is not an attractive option for me to run these
accounts as local administrators.

Thanks,

Tim

Next message: Otis Bricker: "Why use Windows Authentication?"
Previous message: Kalen Delaney: "Re: Sql Profiler trace file converted to a table"
Next in thread: Mateo: "Re: MS03-031 Problems"
Reply: Mateo: "Re: MS03-031 Problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

List SQL servers in a network
... Most of the solutions use SQLDMO to list all sql servers in the network like ... public static string[] GetAvailableSQLServers ... - this does not work with Windows XP (see SQLDMO documentation: ...
(microsoft.public.dotnet.general)
RE: Cross domain authentication in SQL 2005
... SQL Server Windows authentication works fine when the two domains trust each ... My concern is that if we add the SQL servers to domain B, ...
(microsoft.public.sqlserver.setup)
Re: Unable to detect USB ver Tape Drive on SQL Server 2000
... I did test it on two different SQL Servers (computers), one on Windows ... tape drive on Enterprise Manager. ...
(microsoft.public.sqlserver.setup)
Re: SQLDMO user stop server, windows user cant
... > I have an application using SQLDMO and C#. ... > will always use windows authentication to sql servers. ... Starting, stopping and pausing the server is a Windows function, not SQL ...
(microsoft.public.sqlserver.programming)
Re: MS03-031 Problems
... > I manage several SQL Servers (2000 Enterprise Edition ... Our client workstations are either NT4 ... > the cumulative patch correcting the Named Pipes ... > I have found that if I configure the service accounts to ...
(microsoft.public.sqlserver.security)