SQL Server 2000 Auditing

Email this Article

Printer-Friendly

View Reader Comments

[August 5, 2002]
SQL Server 2000 Auditing
By: John Howie
Feature
InstantDoc #25728
Web Exclusive from Windows IT Pro

DOWNLOAD THE CODE:

25728.zip

Tracking database activity

Microsoft has made each version of SQL Server more secure and easier to administer than the previous one. In August 2000, an independent testing facility found that SQL Server 2000 meets the US Department of Defense's C2 security requirements. (You can obtain more information about the C2 evaluation from Microsoft's Web site at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/prodtech/dbsql/sqlc2.asp.) If your company needs to meet C2 security standards or you need to audit usage of your SQL Server 2000 installation for other reasons, you'll find this discussion of auditing helpful.

Enabling Auditing
You're probably familiar with the Windows event logs—particularly the Security log—that reside in the \%systemroot%\system32\config folder. To view the logs, you run Event Viewer (eventvwr.exe).

During their installation process, many applications—including SQL Server 2000—register with the event-log subsystem. If you run instances of SQL Server 2000 in your network, you're familiar with the variety of log entries that describe SQL Server's startup, shutdown, and day-to-day operations (e.g., backups, server-side traces). What you might not be familiar with is SQL Server 2000's ability (not enabled by default) to audit login activity, including failed login attempts, to the Windows Application log. To configure this auditing, launch Enterprise Manager, select a database server, right-click Properties, go to the Security tab, and set your desired level of auditing, as Figure 1 shows. (If you intend to enable C2 auditing, I recommend that you don't audit to the Application log; otherwise, SQL Server will write audit information about user-login activity to two places simultaneously and unnecessarily degrade system performance.) After you change audit settings, you need to restart the database.

Even if you enable auditing to the Application log, you won't find details in the logs about user activity such as which tables users access, which queries users run, and which stored procedures users invoke. To enable SQL Server auditing to such a level, you must turn to the SQL Server software.

Although SQL Server 2000 can audit user actions, the feature isn't enabled by default; your DBA must activate it. DBAs have unrestricted access to databases on the database server and are responsible for database management. In many environments, the systems administrator or network administrator is also the DBA. By default, the Administrators group on the SQL Server 2000 machine has permission to log in to the database. The Administrators group is granted the System Administrators server role, which lets group members perform necessary database actions. Most security-conscious administrators remove the local Administrators group from database logins, especially when the database server system is a member of a domain. When a system joins a domain, the Domain Admins group becomes a member of the local Administrators group; therefore, members of the Domain Admins group are also DBAs. Before you remove the Administrators group from database logins, ensure that you've added another user account or group that has the System Administrators role. In SQL Server installations that use mixed-mode authentication, you should use the SQL Server account sa as the DBA account. With mixed-mode authentication, you can create SQL Server user accounts that are separate from Windows 2000 user accounts. However, if your site has a need for strict security, I don't recommend mixed-mode authentication.

The easiest way to enable auditing in SQL Server 2000 is to use the osql.exe command-line tool. You can even use this tool to enable auditing on remote SQL Server systems. If you used an account with DBA privileges on the target database server to log on to Windows, type

osql -S <servername> -E

where —S tells osql.exe to connect to a remote server and servername is the name of the database server or instance. The —E option tells osql.exe to use the credentials with which you logged on to Windows to establish a trusted database connection. If you didn't use an account with DBA privileges, you need to type

osql —S <servername>
—U <username> 
—P <password>

where —U tells osql.exe that the following argument is the username (username should be either sa or the name of an account with DBA privileges) and —P signals that the next argument is the password for the specified account. If you omit the —P option, the system will prompt you to type in your password.

Prev. page [1] 2 3 next page

You must log on before posting a comment.

If you don't have a username & password, please register now.

ADS BY GOOGLE SPONSORED LINKS

Microsoft® Tech•Ed EMEA 2008 Developers: Learn through hands-on experience with the latest tools and acquire skills to build more streamlined, scalable, and secure applications, Nov. 10-14, 2008 in Barcelona, Spain.

Order Your SharePoint Fundamentals CD!: Learn how to uncover rich information management capabilities with this free SharePoint CD.

Try Idera’s new SQL admin toolset!: 24 essential desktop tools for managing SQL Server for $495.

Evaluating Your Database Infrastructure: The wind of change is in the air for your corporate databases. SQL Server 2008 and other new technologies can mean it is possible to deploy more powerful and effective databases.

True High Availability for SQL Servers: SQL Server DBA’s must ensure that they have some form of protection in place. This seminar gives useful tips on HA and resources that are available for your disaster recovery planning.

Simplify your data management: Affordable multi-database query and design tool-- free trial!

Virtualization Congress Oct. 14-16: Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16 in London.

FEATURED LINKS

Coming This Fall - Deploying SharePoint - Live Event Series: Join SharePoint experts for best practices regarding infrastructure, design, forms configurations, and redundancy. Early Bird Price of $99!

SQL Server Magazine Connections Conference: Don’t miss the premier event for Microsoft developers and DBAs in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).

Find a new job on the all new IT Job Hound!: Search jobs, post your resume, and set up job e-mail alerts!

Virtualization 101 – Live Web Seminar Aug. 21: Get an introduction to all the uses of virtualization and the differences between hosted, hypervisor-based, and OS-level virtualization.

Master SharePoint with 3 eLearning Seminars!: Learn how to customize field types, create scheduled services, and go further with the Content Query Web Part with MVP Andrew Connell. Register today!

Virtualization for Mission-Critical BI with SQL Server: Join this Aug. 20th web seminar to learn a different approach to virtualization for BI-based application infrastructure. Ask questions of live experts!

Windows IT Pro Is Your Definitive Source for BI Tools: Our tools are BI-lateral (relating to both the front and back ends of BI). Build the best platforms and reports with help from SQL Server Magazine. Master data-delivery with solutions in Windows IT Pro. Choose the resource that's right for you.

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technical Resources Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home Windows Excavator SuperSite IT Job Hound ITTV

	Copyright © 2008 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

Search

Related Whitepapers

Related Events

Related eBooks

Related Essential Guides

Related Resources

vLabs Links

SQL Job Openings

ADS BY GOOGLE SPONSORED LINKS

FEATURED LINKS