syscurconfigs中的“允许远程访问"选项 [英] 'Allow remote access' option in syscurconfigs

问题描述

syscurconfigs中的允许远程访问"选项(从syscurconfigs中选择*)表明什么?
顾名思义，您可以启用或禁用与服务器的远程连接.

即使其值设置为零，我也可以从另一台计算机连接到本地服务器.
(我将其设置为零，重新启动了SQL服务.)

我进行了搜索，但找不到合适的解决方案

谢谢.

我尝试过的事情:

即使其值设置为零，我也可以从另一台计算机连接到本地服务器.
(我将其设置为零，然后重新启动了SQL服务.)

Hi,
Whats does ''Allow remote access'' option in syscurconfigs (select * from syscurconfigs) indicate?
As the name implies , you can enable or disable remote connections to your server.

Even if its value is set to zero, i can connect to my local server from another machine.
(I set it to zero, restarted SQL service.)

I searched for it but could not find a proper solution

Thanks.

What I have tried:

Even if its value is set to zero, i can connect to my local server from another machine.
(I set it to zero, restarted SQL service.)

推荐答案

Google找到了:

允许远程访问确定远程服务器上的用户是否可以访问此SQL Server.默认值为1，以允许SQL Server与Backup Server通信.

因此，它不会停止工作站访问，只能停止远程服务器.

Google found:

allow remote access determines whether users from remote servers can access this SQL Server. The default is 1, to allow SQL Server to communicate with Backup Server.

So it does not stop workstation access, only remote servers.

在
对于您的用户，除非您的用户通常连接到托管SQL Server实例的计算机/虚拟机以访问SQL Server，否则所有用户都是远程用户，应该这样做.除非您的SQL Server在可公开访问的网络上运行，否则让服务器接受所有传入的请求不会有什么危害/风险.无论如何，这些请求都必须经过身份验证和授权，以免您像通过随机连接一样.

如果您确实想将其锁定，以便只有特定的用户甚至可以尝试连接到SQL Server，则可以通过Windows防火墙使用高级安全设置"来进行连接.您可能已经配置了入站规则，以允许来自其他计算机的连接，因此只需通过限制访问仅限特定用户即可修改该规则.只需查找用户"选项卡，然后从那里添加授权用户(您只需要在常规"选项卡中要求安全连接)即可.如果您尚未配置入站规则，只需创建一个新规则并添加上述用户的限制.

同样，如果SQL Server在外部或Internet无法直接访问的公司网络中运行，则很少需要这种类型的锁定.如果您确实有一些高度敏感的数据，则此锁定可能不足

Found this on SQL Server 2012 Remote Access to Certain Users - Database Administrators Stack Exchange[^]

sp_configure ''remote access'', 1 doesn''t do what you think it does. The option name is misleading as it has nothing to do with allowing/disallowing users to access the server from a remote location, it''s server-to-server connections. There''s a ton of misinformation out there on this. Try it yourself, set the value to 0 then connect to the SQL Server from a different machine. So long as a network protocol is enabled and there are no firewall blocks, you will connect successfully.

As for your users, unless your users typically connect to the machine/vm where your SQL Server instance is hosted to access the SQL Server, all are remote users and that should be way. Unless your SQL Server is running on a network that is publicly accessible, there''s little harm/risk in letting the server accept all incoming requests. These requests have to be authenticated and authorized anyway so it''s not like you''re letting random connections through.

If you really want to lock it down so only specific users can even attempt to connect to SQL Server, you can do it via the Windows firewall with Advanced Security Settings. You''ve probably already configured an inbound rule to allow connections from other machines so just modify that rule by restricting access to specific users only. Just look for the Users tab and add the authorized users from there (you''ll need to require secure connections only in the General tab). If you haven''t yet configured an inbound rule, just create a new one and add the restrictions on users mentioned above.

Again, if the SQL Server is running in a corporate network not directly accessible by outsiders/the internet, this type of lockdown is rarely needed. If you really have some highly sensitive data in there then this lockdown is probably insufficient

这篇关于syscurconfigs中的“允许远程访问"选项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！