[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 482
  • Last Modified:

Ability to Apply Group Policy allowing access to SQL Enterprise management console

I have a group of users who must be able to access the SQL Enterprise Management Console from their own machines to see DBs on the network. I only want them to be able to see just this console and not be able to open any other mmc. I do not see a specific extension console to enable in the GPO. Is there any way to do this without openning the whole flood gate of mmc consoles. i want to keep the environment restricted from this. Please HELP!!

0
pterranova13
Asked:
pterranova13
1 Solution
 
oBdACommented:
Save the following (from and including "CLASS USER") as MMC-SQLSnapIn.adm (or whatever.adm), and import it into the group policy editor. You can then allow the SQL manager (you'll find the entry under "Additional Settings").
You might have to remove line breaks in the "MMC_Restrict_Explain" string.
Restrict_Run
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93792.mspx?mfr=true

CLASS USER

CATEGORY !!AdditionalSettings
 CATEGORY !!MMC
  CATEGORY !!MMC_RESTRICT
   POLICY "SQL Enterprise Manager"
    KEYNAME "Software\Policies\Microsoft\MMC\{00100100-1816-11d0-8EF5-00AA0062C58F}"
    EXPLAIN !!MMC_Restrict_Explain
    VALUENAME "Restrict_Run"
    VALUEON NUMERIC 0
    VALUEOFF NUMERIC 1
   END POLICY
  END CATEGORY
 END CATEGORY
END CATEGORY

[strings]
AdditionalSettings="Additional Settings"
MMC="Microsoft Management Console"
MMC_RESTRICT="Restricted/Permitted snap-ins"
MMC_Restrict_Explain="Permits or prohibits use of this snap-in.\n\nIf you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.\n\nIf this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.\n\n--  If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.\n\n    To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.\n\n--  If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.\n\n    To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear."
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now