Best Damn Exchange, SQL and IIS Book Period (eBook)

Front Cover 1
The Best Damn Exchange, SQL and IIS Book Period 2
Copyright Page 4
Technical Editors 6
Contributing Authors 8
Contents 12
Chapter 1: Introducing Exchange Server 2007 35
Introduction 36
What Is Exchange Server 2007? 36
Exchange 2007 Themes 36
IT Pro Situation 36
Info Worker Situation 36
Organizationwide Situation 37
Architectural Goals with Exchange Server 2007 37
Scalability 37
Role-Based Deployment and Server Roles 37
Mailbox Server Role 39
Client Access Server Role 39
Hub Transport Server Role 40
Unified Messaging Server Role 40
Auto Attendant 41
Call Answering 41
Fax Receiving 41
Subscriber Access 41
Edge Transport Server Role 42
New Management Approach 42
EMC Console 42
Console Tree 43
Work Pane 43
Result Pane 43
Action Pane 44
Four New Work Centers 44
Organization Configuration Work Station 44
Exchange Server Best Practices Analyzer 45
Database Recovery Management 46
Database Troubleshooter 46
Mail Flow Troubleshooter 46
Message Tracking 46
Queue Viewer 46
Performance Monitor 46
Performance Troubleshooter 46
New Wizards 46
Exposed CMDlet Code 47
EMS 48
HA Improvements 49
LCR 50
CCR 50
Exchange Server 2007 Services 50
Exchange Server Permissions 52
Exchange Organization Administrators Group 52
Exchange Recipient Administrators Group 52
Exchange Server Administrators 52
Exchange View-Only Administrators Group 53
64-Bit Support Only 54
Active Directory-Based Routing Topology 54
De-emphasized Features 55
Discontinued Features 55
Architecture Features 55
Recipient-related Features 56
Mobile Features 56
Outlook Web Access Features 56
Public Folder Features 56
Protocol Features 56
Connector Features 57
HA Features 57
Exchange 5.5-related Features 57
APIs and Development Features 57
Tools and Management Features 57
Summary 58
Chapter 2: Installing Exchange Server 2007 59
Introduction 60
Exchange 2007 Server Editions and CAL Types 60
Standard Edition 60
Enterprise Edition 61
Exchange Server 2007 Client Access Licensing 61
Standard CAL 61
Enterprise CAL 61
Exchange 2007 Prerequisites 61
Hardware Requirements 63
Processor 63
Memory 63
Disk Space 63
Drives 64
Software Requirements 64
Operating System 64
File Format 64
Software Required 65
Required Windows Components 65
Mailbox Server 65
Client Access Server 65
Hub Transport Server 66
Edge Transport Server 66
Unified Messaging Server 67
Server Requirements 67
Active Directory Requirements 67
Preparing the Active Directory Schema 70
Preparing the Active Directory 72
Preparing Any Additional Active Directory Domains in a Forest 73
Installing Exchange 2007 Using the Setup Wizard 74
Installing Exchange 2007 Using Unattended Setup 87
Verifying the Installation of Exchange Server 2007 89
Licensing an Exchange 2007 Server 91
Finalizing Deployment of Exchange Server 2007 96
Adding and Removing Exchange 2007 Server Roles 98
Uninstalling Exchange Server 2007 104
Summary 106
Solutions Fast Track 106
Frequently Asked Questions 110
Chapter 3: Managing Recipients in Exchange 2007 113
Introduction 114
Managing Recipients Using the Exchange 2007 Management Console 114
Managing Mailboxes 116
Creating a User Mailbox 118
Manipulating Mailboxes in Exchange 2007 123
Moving a Mailbox 125
Enabling Unified Messaging for a Mailbox 130
Creating a Room or Equipment Mailbox 143
Creating a Linked Mailbox 145
Managing Distribution Groups 146
Creating a New Distribution Group 152
Creating a New Dynamic Distribution Group 155
Managing Mail Contacts and Mail Users 161
Creating a Mail Contact 163
Managing Disconnected Mailboxes 165
Managing Recipients in an Exchange Coexistence Environment 170
Managing Exchange 2000/2003 and 2007 Mailbox-Enabled User Objects in a Coexistence Environment 170
Managing Exchange 2000/2003 and 2007 Mail-Enabled Objects in a Coexistence Environment 171
The Recipient Update Service in a Coexistence Environment 171
Granting Access and/or SendAs Permissions to a Mailbox 171
Creating a Custom Recipient Management Console 174
Recipient Filtering in Exchange 2007 181
Summary 184
Solutions Fast Track 184
Frequently Asked Questions 187
Chapter 4: Managing the Exchange 2007 Mailbox Server Role 189
Introduction 190
Managing the Exchange 2007 Mailbox Server 190
Exchange 2007 Storage Groups 191
Local and Cluster Continuous Replication 192
Creating a New Storage Group 192
Moving a Storage Group 196
Removing a Storage Group 197
Managing Exchange 2007 Mailbox Databases 198
Saying Goodbye to the Streaming Media File (.STM) 198
What about Support for Single-Instance Storage? 199
New Size for Transaction Log Files 199
Creating a New Mailbox Database 200
Exchange 2007 Public Folder Databases 206
Creating a New Public Folder Database 206
Creating a Public Folder 210
Administering Public Folder Permission Settings 214
Managing Public Folder Replica Settings 222
Mail-Enabling a Public Folder 222
Moving a Mailbox or Public Folder Database 226
Removing a Mailbox or Public Folder Database 227
Managing Organizationwide Mailbox Server Configuration Settings 228
Address Lists 229
Managed Default Folders 237
Managed Custom Folders 243
Managed Folder Mailbox Policies 246
Offline Address Books 256
Creating a New Offline Address Book 260
Summary 266
Solutions Fast Track 266
Frequently Asked Questions 269
Chapter 5: Managing the Client Access Server 271
Introduction 272
Managing the Exchange 2007 Client Access Server 272
The AutoDiscover Service 273
The Availability Service 275
Client Access Servers and the SSL Certificate Dilemma 277
Managing Outlook Anywhere 283
Installing a Third-Party SSL Certificate 283
Adding the RPC over HTTP Proxy Component 289
Enabling Outlook Anywhere 290
Configuring the Outlook Client 292
Managing Outlook Web Access 2007 294
Configuring Outlook Web Access Server-Side 295
Outlook Web Access Client-Side Features 304
Mailbox Limit Notification 308
Open Other Mailbox 308
View Message Header 309
Creating Multiple Calendars 310
Meeting and Appointment Reminders 310
Change Password Option 311
Direct Link Access 312
Compose Messages in HTML 313
Junk E-Mail Lists 313
Improved Signature Editor 313
WebReady Document Viewing Feature (Open as Webpage) 314
Mark All as Read 315
Simplifying the URL to Outlook Web Access 316
Managing Exchange ActiveSync 320
Configuring the Exchange ActiveSync Virtual Directory 324
Configuring ActiveSync Policies 327
Assigning an Exchange ActiveSync Policy to a User 332
Managing Mobile Devices 334
Managing POP3/IMAP4 337
Enabling the POP3 and IMAP4 Services 338
Configuring the POP3 or IMAP4 Services 340
Limiting Access to the POP3 and IMAP4 Service 340
Summary 342
Solutions Fast Track 342
Frequently Asked Questions 346
Chapter 6: Managing the Hub Transport Server Role 349
Introduction 350
Message Transport and Routing Architecture in Exchange 2007 350
Managing the Hub Transport Server 352
Remote Domains 352
Creating a New Remote Domains Entry 356
Accepted Domains 358
Creating a New Accepted Domain 359
E-mail Address Policies 361
Creating a New E-mail Address Policy 363
Transport Rules 368
Journaling 373
Send Connectors 375
Configuring DNS Lookups 382
Configuring Outbound Message Limits 383
Receive Connectors 384
Creating a Receive Connector 385
Managing Message Size and Recipient Limits 388
Configuring Global Limits 388
Configuring Server Limits 389
Configuring Connector Limits 389
Send Connectors 389
Receive Connectors 389
Configuring Per-User Limits 390
Message Tracking with Exchange Server 2007 390
Using the Exchange 2007 Queue Viewer 393
Submission Queue 393
Mailbox Delivery Queue 393
Remote Delivery Queue 393
Poison Message Queue 394
Unreachable Queue 394
Introduction to the Exchange Mail Flow Troubleshooter Tool 396
Configuring the Hub Transport Server as an Internet-Facing Transport Server 397
Changing the SMTP Banner 401
Disabling the EdgeSync Service 402
Pointing the MX Record to the Hub Transport Server 403
Missed Features 404
Attachment Filter 404
Address Rewrite Agent 404
Summary 405
Solutions Fast Track 405
Frequently Asked Questions 409
Chapter 7: Managing the Edge Transport Server 411
Introduction 412
Deploying the Edge Transport Server Role 412
Prerequisites 414
Creating a DNS Suffix 414
Enabling Name Resolution Lookups between the Edge Transport and Hub Transport Servers Suffix 416
Configuring DNS Settings 420
Installing the ADAM Component 421
Installing .NET Framework 2.0 and Windows PowerShell 423
Saying Goodbye to the Windows SMTP and NNTP Protocol Stacks 423
Installing the Edge Transport Server Role 423
Verifying Deployment 426
Creating and Importing an Edge Subscription File 426
Verifying That the EdgeSync Service Works As Expected 433
Creating a Postmaster Mailbox 434
Manually Configuring the Required Connectors 436
Manually Configuring Accepted Domains 442
Configuring and Managing the Antispam Filtering Agents 444
Connection Filtering 446
Sender Filtering 451
Recipient Filtering 452
Sender ID Filtering 455
Content Filtering 459
Safelist Aggregation 462
Outlook E-mail Postmark Validation 465
Attachment Filtering 466
Sender Reputation 471
Antivirus Scanning 475
Outlook Junk E-Mail Filtering 476
Securing the Edge Server Using the Windows 2003 Security Configuration Wizard (SCW) 476
Pointing Your MX Records to the Edge Transport Server 486
Deploying Multiple Edge Transport Servers in the Organization 487
The Edge Transport Rules Agent 489
Creating Transport Rule 495
The Address Rewrite Agent 500
Monitoring the Edge Transport Server 502
Summary 503
Solutions Fast Track 503
Frequently Asked Questions 506
Chapter 8: High Availability for Exchange 2007 Mailbox Servers 507
Introduction 508
Managing the Local Continuous Replication Feature 509
Local Continuous Replication under the Hood 509
Enabling Local Continuous Replication on a Storage Group 511
Viewing the Status for a Local Continuous Replication Copy 517
Switching to the Passive Storage Group Copy When Disaster Strikes 520
Suspending Local Continuous Replication 525
Resuming Local Continuous Replication 527
Manually Seeding a Database Copy 528
Performing an Integrity Check of the Passive Copy Using Eseutil 529
Disabling Local Continuous Replication on a Storage Group 532
Local Continuous Replication Performance Objects and Counters 534
Managing a Cluster Continuous Replication-Based Setup 538
Prerequisites 539
Configuring the Network Interface for Each Node 541
Adding the Servers to the Active Directory Domain 546
Creating a Cluster Service Account 548
Creating and Configuring the Windows 2003 Server Cluster 551
Installing the Necessary Windows Components 566
Configuring the Majority Node Set Quorum with File Share Witness 567
Configuring the Transport Dumpster 574
Installing Exchange 2007 on the Active Node 575
Installing Exchange 2007 on the Passive Node 580
Testing the Functionality of the Clustered Mailbox Server 581
Viewing the Clustered Mailbox Server From Within the Exchange Management Console 583
Simulating a Failover from One Node to the Other 583
Backup Choices in a CCR Setup 585
Managing a Single Copy Cluster-Based Setup 586
Prerequisites 587
Configuring the Network Settings for each Network Interface 588
Creating the Shared Cluster Disks 588
Creating the Windows Server 2003 Cluster 593
Installing the Necessary Windows Components 596
Installing Exchange Server 2007 on the Active Node 597
Testing the Functionality of the Single Copy Cluster 599
Summary 602
Solutions Fast Track 602
Frequently Asked Questions 605
Chapter 9: Disaster Recovery with Exchange Server 2007 607
Introduction 608
Backing Up Exchange 2007 Using Windows 2003 Backup 608
Backing Up an Exchange 2007 Mailbox Server 608
Backing Up an Exchange 2007 Hub Transport Server 612
Backing Up an Exchange 2007 Client Access Server 613
Backing Up an Exchange 2007 Unified Messaging Server 616
Backing Up an Exchange 2007 Edge Transport Server 617
Restoring Exchange 2007 Storage Groups and Databases Using Windows 2003 Backup 617
Repairing a Corrupt or Damaged Exchange 2007 Database Using Eseutil 622
Restoring Mailbox Data Using the Recovery Storage Group Feature 628
Managing Recovery Storage Groups Using the Exchange Troubleshooting Assistant 629
Managing Recovery Storage Groups Using the Exchange Management Shell 639
Recovering an Exchange 2007 Server Using the RecoverServer Switch 642
Restoring and Configuring the Operating System 643
Installing Exchange 2007 Using the RecoverServer Switch 644
Recovering an Exchange 2007 Cluster Using the RecoverCMS Switch 646
Restoring Mailbox Databases Using the Improved Database Portability Feature 648
Summary 651
Solutions Fast Track 651
Frequently Asked Questions 655
Chapter 10: Transitioning from Exchange 2000 or 2003 to Exchange 2007 657
Introduction 658
Preparing the Environment for a Transition to Exchange Server 2007 658
Preparing the Active Directory Forest 658
Preparing the Legacy Exchange Organization 660
Suppressing Link State Updates 663
Extending the Active Directory 664
Prepare Legacy Exchange Permissions 664
Prepare Schema 665
Prepare AD 666
PrepareDomain and PrepareAllDomains 669
Preparing the Exchange 2007 Server 669
Exchange 2003 and Exchange 2007 Coexistence 671
Replicating Public Folders to Exchange 2007 672
Pointing Internet Clients to the Client Access Server 676
Moving Legacy Mailboxes to Exchange 2007 677
Redirecting Inbound Mail to the Exchange 2007 Server 680
Decommissioning the Legacy Exchange Server 683
Summary 689
Solutions Fast Track 689
Frequently Asked Questions 692
Chapter 11: Introduction to Exchange Server 2007 Unified Messaging 695
Introduction 696
What Is Exchange 2007 Unified Messaging? 696
Exchange 2007 Unified Messaging Features 698
Call Answering 698
Fax Receiving 699
Outlook Voice Access 699
The Unified Messaging Infrastructure 701
The Unified Messaging Mailbox Policies 705
Summary 708
Solutions Fast Track 708
Frequently Asked Questions 709
Chapter 12: Getting Started with IIS 7.0 711
Introduction 712
Inside the Changes in IIS 7.0 712
Installing IIS 6.0 713
Installing IIS 6.0 via the User Interface 715
Installing IIS 6.0 Using Unattended Installation 716
IIS 6.0 Core Server 718
HTTP.sys 718
Worker Processes 719
Web Service Administration and Monitoring 720
Inetinfo.exe 721
Where the Metabase Took Us ...and Fell Short 721
Administration: A Review 723
Troubleshooting Failed Requests with IIS 6.0 724
IIS 6.0 versus IIS 7.0: The Delta 726
Modular Core Server 726
Delegation: Less Is Often Better 729
Improved User Interface for Users, Partners, and Microsoft 730
WMI with Logical Layout, Strong Support for PowerShell 731
AppCmd: Swiss Army Knife for IIS Administrators and Developers 734
Diagnostics 101 734
Runtime State and Control API (RSCA) 735
FREB 735
Summary 737
Solutions Fast Track 737
Frequently Asked Questions 739
Chapter 13: Installation of IIS 7.0 741
Introduction 742
Install Types Available in IIS 7.0 742
Vista's Programs and Features 743
Longhorn's Server Manager 748
Installing with PKGMGR.EXE 759
Unattended Installation 762
Installation Feature Sets 767
The FTP Publishing Service 768
Web Management Tools 769
World Wide Web Services 771
IIS 7.0 Modules 772
The Runtime Core "Bits" 773
Application Development Features 774
Common HTTP Features 775
Health and Diagnostics 776
Performance Features 776
Security 777
Summary 778
Solutions Fast Track 778
Frequently Asked Questions 780
Chapter 14: The Extensible Core Server 781
Introduction 782
Understanding Development Advantages in IIS 7.0 782
Inside the Unified Pipeline 783
Extending IIS 7.0 with Native (CC++) Modules 785
Building Native Modules 785
Adding Native Modules to IIS 7.0 789
Using APPCMD.exe To Deploy Native Modules 790
Deploying Native Modules with IIS Manager 792
Manually Installing a Native Module 797
Enabling Managed Code (ASP.NET ) in IIS 7.0 797
iHttpModule Interface Support 798
Integrated Mode 804
Classic Mode 805
Summary 806
Solutions Fast Track 806
Frequently Asked Questions 808
Chapter 15: Get Started with IIS 7.0's Configuration 809
Introduction 810
Introducing ApplicationHost.config 810
XML 101: The Basics of Configuration in IIS 7.0 812
The System.ApplicationHost Section Group Purpose 818
Understanding system.webserver 820
The IIS Schema: Your Cheat Sheet for Success 823
What Is a Schema? 824
How to Read the Schema 824
Section Schema 824
Attribute Schema 824
Element Schema 826
Collection Schema 826
Enum Schema 826
Flags Schema 826
Enabling Delegated Administration in IIS 7.0 827
Delegation Basics 827
How It Works 828
Unlocking system.webServer Section Groups 828
Section and Attribute locking in IIS 7.0 829
Unlocking Configuration Sections 830
Summary 838
Solutions Fast Track 838
Frequently Asked Questions 839
Chapter 16: Administration of an IIS 7.0 Web Server 841
Introduction 842
Accomplishing Tasks Using IIS Manager 842
IIS Manager: Getting Started 843
The IIS Manager Overview 843
Adding Connections 847
Sorting IIS Manager 848
Accomplishing the Most Common Tasks Using IIS Manager 849
Creating Web Sites 850
Creating Virtual Directories 850
Creating Applications 851
Creating Application Pools 851
Changing Authentication Settings 852
Authentication in IIS 7.0 853
Enabling Basic Authentication 853
Enabling Windows Authentication 853
Enabling Digest Authentication 854
Enabling Forms Authentication 854
Viewing Worker Process Details 854
Changing Diagnostic Settings 855
Selecting Rules for Failed Request Tracing 855
Accessing Information Using AppCmd.exe 857
An Introduction to AppCmd.exe 858
Server Management Objects and Commands 859
Creating Web Sites 860
Creating Virtual Directories 860
Creating Application Pools 860
Managing Backups 861
Creating a Backup 862
Managing Existing Backups 862
Making Configuration Changes with AppCmd.exe 862
Modifying Sections Using AppCmd.exe 862
Modifying Attributes Using AppCmd.exe 864
Moving ASP.NET 2.0 Applications to IIS 7.0 Using AppCmd 865
Viewing IIS 7.0 Runtime Data Using AppCmd 865
Viewing Currently Executing Requests with AppCmd 865
Configuring and Using Trace Log Data with AppCmd 866
Enabling or Disabling Failed Request Tracing 866
Viewing Trace Log Files Using AppCmd 866
Writing Scripts Using the New WMI Provider 867
Getting Started with WMI 867
Starting Fresh with WMI in IIS 7.0 867
Creating Web Sites Using WMI 868
Creating Virtual Directories Using WMI 868
Using WMI to Create Application Pools 868
Setting Authentication Using WMI 869
Enabling Failed Request Tracing Using WMI 869
Managed Code Administration: Inside Microsoft.Web.Administration 870
The Microsoft.Web.Administration Object Model 870
Getting Started with MWA 871
Using C# Express to Create a Console Application 871
Accessing Runtime Information with MWA 873
Creating a Web Site Using MWA 873
Creating Virtual Directories Using MWA 875
Adding Application Pools Using MWA 875
Changing the Authentication Type for a Web Site Using MWA 877
Viewing Currently Executing Requests Using MWA 878
Summary 879
Solutions Fast Track 879
Frequently Asked Questions 881
Chapter 17: Troubleshooting 101: Diagnostics in IIS 7.0 883
Introduction 884
Using IIS 7.0's Custom Detailed Errors 884
Configuring Custom Error Messages 884
Configuring Custom Error Messages Using IIS Manager 886
< httpErrors>
Overriding for a Site 892
Understanding and Reading Custom Error Messages in IIS 7.0 894
Delegating Custom Errors 895
Custom Error Module 896
Inside IIS 7.0's Failed Request Tracing 899
Failed Request Tracing Architecture 899
Configuring IIS 7.0's Failed Request Tracing 899
Enable Tracing for IIS 7.0 900
Using IIS Manager 901
Centralized Tracing for ASP.NET and IIS 7.0 901
Modify the XML 907
Breakpoints: Extending IIS 7.0's Tracing 908
How Developers Extend Their Module to Support Failed Request Tracing 908
Create and Compile 910
Add Managed Module to IIS 7.0 912
Enabling Trace 913
Reality: Inside What Tracing Can't Do in IIS 7.0 915
Identifying That You Have a Memory Leak 916
Downloading Debug Diagnostics and Enable Leak Tracker 917
Capturing Memory Links 918
Summary 923
Solutions Fast Track 923
Frequently Asked Questions 924
Chapter 18: Putting It All Together 925
Introduction 926
Migrating to IIS 7.0 926
Migration Considerations 926
Upgrading Paths by OS Version 927
Upgrade versus Clean Install 928
Upgrade Steps 928
Detect and Gather 928
Image Copy and Unpacking 928
Restore Settings 930
After the Upgrade 930
Fitting and Finishing Work in IIS 7.0 930
Using Tracing to Isolate Your Server Features 931
Static HTML Requests 933
Classic ASP Requests 934
ISAPI-based Extension Requests 936
ASP.NET Requests 937
Centralizing Your Log File to Reduce Clutter 939
Getting a Backup of Your Configuration 940
The Developer's Call to Arms 940
Downloading the Native CC++ Starter Kit 941
Downloading the Managed Code Starter Kit 941
Building IIS Manager Extensions for Your Modules 941
Adding Tracing to Your Modules 941
Summary 942
Solutions Fast Track 942
Frequently Asked Questions 943
Chapter 19: Introduction to SQL Server Security 945
Introduction 946
Multifaceted SQL Server Security 946
Security: Why Worry About It? 946
The Principle of Least Access 947
Installing SQL Server 947
Features off by Default 950
Services off by Default 951
Microsoft's Baseline Security Analyzer 954
Building Security into Your Application 956
Managed Code 957
Summary 958
Solutions Fast Track 958
Frequently Asked Questions 960
Chapter 20: Surface Area Reduction 963
Introduction 964
SQL Server Surface Area 964
What Is Surface Area? 964
The Surface Area Configuration Tool 965
The Surface Area Configuration Tool GUI 965
The Surface Area Configuration for Services and Connections 969
Database Engine Service 972
Database Engine Remote Connections 972
Analysis Services Service 972
Analysis Services Remote Connections 972
Reporting Services Service 972
SQL Server Agent Service 973
Full-Text Search Service 973
Notification Services Instance Services 973
Integration Services Service 973
SQL Server Browser Service 973
The Surface Area Configuration for Features 974
Surface Area Configuration-Features 975
The Surface Area Configuration Tool Command Line Utility 976
Practical Applications for the Surface Area Configuration Tool 978
Scenario 1 979
Scenario 2: Auditing an Existing Installation 980
Scenario 3: Fixing an Issue 980
Summary 982
Solutions Fast Track 982
Frequently Asked Questions 983
Chapter 21: Roles 985
Introduction 986
Roles 986
Using Roles 986
Role Types 987
User-Defined Standard Roles 987
User-Defined Application Roles 988
Predefined Database Roles 988
Fixed Server Roles 991
Administering Roles 992
Situational Examples 996
Summary 998
Solutions Fast Track 998
Frequently Asked Questions 1000
Chapter 22: Authentication and Granular Access 1001
Introduction 1002
Understanding the SQL Server Authentication Modes 1002
Changing the Authentication Mode 1004
Finding the Authentication Mode by Using xp_loginconfig 1005
Finding the Authentication Mode in the Registry 1005
Endpoint Security 1006
Endpoint Authentication Types 1008
HTTP Endpoints 1008
Basic Authentication 1008
Digest Authentication 1009
NTLM Authentication 1009
Kerberos Authentication 1010
Integrated Authentication 1010
TCP Endpoints 1011
Negotiate Authentication 1012
Certificate Authentication 1012
Dedicated Administrator Connection 1013
Configuring Kerberos Support for Your SQL Server 1014
Basic Concepts of Kerberos Support 1015
SQL Server Service Account 1015
SQL Server TCP Port 1016
The SETSPN.EXE Utility 1017
Configuring Kerberos for an HTTP Endpoint 1018
Configuring Kerberos for a TCP Endpoint 1018
Extra Steps with Clustered Instances of SQL Server 1019
Auditing Authentication Attempts 1019
Understanding Granular Access 1020
Principals 1021
Securables 1021
Permissions 1022
CONTROL 1023
ALTER 1023
ALTER ANY 1024
TAKE OWNERSHIP 1024
IMPERSONATE 1024
CREATE 1024
VIEW DEFINITION 1024
BACKUP 1025
RESTORE 1025
Managing Granular Access 1025
Understanding Implied Permissions 1026
Assigning Permissions 1026
Summary 1029
Solutions Fast Track 1029
Frequently Asked Questions 1031
Chapter 23: Schemas 1033
Introduction 1034
Understanding Schemas 1034
The Schema as a Container 1034
Schemas in Previous SQL Server Versions 1036
Problems That Arise 1037
What about Your Security Perimeters? 1039
Schemas in SQL Server 2005 1040
Built-in Schemas 1040
Changes Due to the User-Schema Separation 1042
New Flexibility with Ownership 1042
Using Default Schemas 1042
Changes to the Functionality of Familiar Concepts 1043
Ownership Chaining 1043
Checking Permissions in an Ownership Chain 1043
Ownership Chains Gain Complexity in SQL Server 2005 1045
Upgrading Existing Servers to SQL Server 2005 1045
Designing Schemas 1046
Designing the Namespace 1046
Designing Schemas for Security 1047
Considering Security throughout the System Development Life Cycle 1047
Are You Rewriting Your SDLC Due to This New SQL Server Release Then? 1047
Managing Schemas 1048
Viewing Schema Information 1049
Using SQL Server Management Studio 1050
Using T-SQL 1050
Creating a Schema 1054
Using SQL Server Management Studio 1054
Using T-SQL 1058
Moving Objects 1059
Using SQL Server Management Studio 1059
Using T-SQL 1061
Dropping Schemas 1061
Using SQL Server Management Studio 1062
Using T-SQL 1063
Changing Ownership 1063
Using SQL Server Management Studio 1064
Using T-SQL 1064
Setting Permissions on Schemas 1065
Using SQL Server Management Studio 1066
Using T-SQL 1068
Setting the Default Schema for a User 1068
Using SQL Server Management Studio 1069
Using T-SQL 1069
Summary 1070
Solutions Fast Track 1070
Frequently Asked Questions 1072
Chapter 24: Password Policies 1075
Introduction 1076
Password Policies in SQL Server 2005 1076
Password Policies Explained 1076
Using the Group Policies Console 1076
Password Policies 1081
Account Lockout Policies 1085
Why Use Password Policies? 1086
Operating System Requirements 1087
Using Password Policies 1087
SQL Server Scenarios 1089
Scenario 1 1089
The Solution 1089
An Example 1089
Scenario 2 1091
The Solution 1091
Scenario 3 1093
The Solution 1093
Summary 1101
Solutions Fast Track 1101
Frequently Asked Questions 1102
Chapter 25: DDL Triggers 1103
Introduction 1104
DDL Triggers Explained 1104
Techniques in Older Versions of SQL Server 1105
Using SCHEMABINDING 1105
DDL Trigger Scope and Permissions 1106
Events and Event Groups 1106
DDL Triggers and Temporary Objects 1107
Multiple DDL Triggers 1107
Differences from DML Triggers 1108
Using CLR for DDL Triggers 1108
Implementing DDL Triggers 1108
Basic Syntax 1108
DDL Trigger Options 1110
ENCRYPTION 1110
EXECUTE AS 1111
Getting Event Information 1111
Using XQuery 1112
Important Techniques for DDL Triggers 1112
Rolling Back a DDL Statement 1113
Auditing DDL Statements 1113
Sending an E-mail Alert 1115
Managing DDL Triggers 1117
Impact of DDL Triggers on System Stored Procedures and SSMS 1117
Enabling and Disabling DDL Triggers 1117
Enabling and Disabling All the DDL Triggers of a Given Scope 1118
Getting Metadata on DDL Triggers 1119
Scenarios for Deploying DDL Triggers 1120
Preventing Endpoint Creation 1120
Preventing Database Ownership Changes 1121
Preventing DDL Changes to Objects 1121
Preventing DDL Changes Except During a Maintenance Window 1122
Auditing Login Creation/Deletion 1123
Auditing Changes to Specific Logins 1125
Auditing User Creation/Deletion 1126
Summary 1128
Solutions Fast Track 1128
Frequently Asked Questions 1130
Chapter 26: Data Encryption 1133
Introduction 1134
Data Encryption Explained 1134
Why Secure Data? 1136
Performing Encryption 1137
EFS Encryption 1137
Working with EFS Encrypted Data 1138
Hierarchal Encryption 1138
Using Keys to Encrypt Data 1143
Symmetric Key Encryption 1143
Asymmetric Encryption 1150
Using Certificates to Encrypt Data 1155
Using Pass Phrases to Encrypt Data 1160
Encrypting Stored Procedures, Functions, Views, and Triggers 1161
Working with Data Encrypted by Native SQL Server 2005 Encryption 1163
Indexing Encrypted Data 1163
Replicating Encrypted Data 1163
Symmetric Key Usage Tracking 1163
Replicating Encrypted Stored Procedures, Views, Functions and Triggers 1164
Using Endpoint Encryption 1164
Service Broker 1164
Transport Level Encryption 1164
Dialog Encryption 1165
Mirroring 1166
HTTP 1166
Third-Party Encryption 1167
Summary 1168
Solutions Fast Track 1168
Frequently Asked Questions 1169
Chapter 27: Reporting Services, Analysis Services, and Integration Services 1171
Introduction 1172
General SQL Server Best Security Practices 1172
Securing Reporting Services 1173
Architecture 1174
Role-Based Security 1174
Report Management 1176
SSL Data Encryption 1179
Administration 1180
Managing Service Accounts 1180
Default Accounts and Initial Configuration 1180
Setting Up Data Sources 1182
Providing Credentials for Data Sources 1182
Making Connections 1184
Installing Reporting Services 1185
Procedure to Install and Configure Reporting Services Using Default Security 1185
Using SQL Server 2005 Management Studio 1189
Performing Common Tasks Using SQL Server 2005 Management Studio 1189
Create a Role Assignment Using Management Studio 1190
Delete a Role Assignment Using Management Studio 1190
Modify a Role Assignment Using Management Studio 1190
Using the Report Server Web Service 1191
Example Code: Programmatic Report Deployment and Setting Policies 1191
Impersonating Users 1193
Filtering Data 1193
Hiding Data 1193
Securing Reporting Services in SharePoint Integrated Mode 1194
SSL Requirements 1194
Securing Analysis Services 1195
Architecture 1195
Understanding the Security Architecture of Analysis Services 1196
Supporting Unauthenticated Clients 1196
Modifying Encryption Settings 1196
Configuring the Logon Account 1196
Selecting an Appropriate Logon Account 1197
Securing an Instance of Analysis Services 1197
Configuring Access 1198
Securing Integration Services 1199
Architecture 1199
Protecting Packages 1199
Database Roles 1200
Storing Packages 1200
Package Configurations 1201
Integration Services Folders 1202
Package Files 1202
Digital Signatures 1202
Signing a Package with a Digital Signature 1202
Summary 1203
Solutions Fast Track 1203
Frequently Asked Questions 1205
Index 1207