I need some creative and as bullet-proof as possible ideas on how to stop rogue SQL servers from being installed and running on my internal network.
- Any SQL Server 2000 or MSDE on Windows 2000, XP or 2003 (servers and workstations).
- Limited to options only available to work in a pure native mode Windows 2000 domain.
- Ideas involving hardware devices such as firewalls, IDS systems, router/switch/port controls, etc. are really not an option on this solution, but side suggestions are always welcome.
- Any effective control mechanisms for allowing/disallowing it in an easily manageable way and consideration of known apps that require MSDE are helpful.
- One tough issue is that there are developers that have local Admin rights and that should be considered.
- Any solution that involves controlling the SQL services in Group Policy 'may' only get partial points as this has some limitations and workarounds. BUT if you have a really creative or bullet-proof method that goes along with it, then you could ring in all the points.
I'm eagerly awaiting a security guru to answer this!