[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 481
  • Last Modified:

Ability to Apply Group Policy allowing access to SQL Enterprise management console

I have a group of users who must be able to access the SQL Enterprise Management Console from their own machines to see DBs on the network. I only want them to be able to see just this console and not be able to open any other mmc. I do not see a specific extension console to enable in the GPO. Is there any way to do this without openning the whole flood gate of mmc consoles. i want to keep the environment restricted from this. Please HELP!!

0
pterranova13
Asked:
pterranova13
1 Solution
 
oBdACommented:
Save the following (from and including "CLASS USER") as MMC-SQLSnapIn.adm (or whatever.adm), and import it into the group policy editor. You can then allow the SQL manager (you'll find the entry under "Additional Settings").
You might have to remove line breaks in the "MMC_Restrict_Explain" string.
Restrict_Run
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93792.mspx?mfr=true

CLASS USER

CATEGORY !!AdditionalSettings
 CATEGORY !!MMC
  CATEGORY !!MMC_RESTRICT
   POLICY "SQL Enterprise Manager"
    KEYNAME "Software\Policies\Microsoft\MMC\{00100100-1816-11d0-8EF5-00AA0062C58F}"
    EXPLAIN !!MMC_Restrict_Explain
    VALUENAME "Restrict_Run"
    VALUEON NUMERIC 0
    VALUEOFF NUMERIC 1
   END POLICY
  END CATEGORY
 END CATEGORY
END CATEGORY

[strings]
AdditionalSettings="Additional Settings"
MMC="Microsoft Management Console"
MMC_RESTRICT="Restricted/Permitted snap-ins"
MMC_Restrict_Explain="Permits or prohibits use of this snap-in.\n\nIf you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.\n\nIf this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.\n\n--  If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.\n\n    To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.\n\n--  If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.\n\n    To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear."
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now