3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode'

Information

Uses Windows Authentication to validate attempted connections.

Rationale:

Windows provides a more robust authentication mechanism than SQL Server authentication.

Solution

Perform either the GUI or T-SQL method shown:

GUI Method

Open SQL Server Management Studio.

Open the Object Explorer tab and connect to the target database instance.

Right click the instance name and select Properties.

Select the Security page from the left menu.

Set the Server authentication setting to Windows Authentication Mode.


T-SQL Method

Run the following T-SQL in a Query Window:

USE [master]
GO
EXEC xp_instance_regwrite N'HKEY_LOCAL_MACHINE', N'Software\Microsoft\MSSQLServer\MSSQLServer', N'LoginMode', REG_DWORD, 1
GO

Restart the SQL Server service for the change to take effect.

Default Value:

Windows Authentication Mode

References:

https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/server-properties-security-page

See Also

https://workbench.cisecurity.org/files/2837

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2, CSCv6|16.9, CSCv7|16.2

Plugin: MS_SQLDB

Control ID: 57b87fd714a3f4ae7c22bd792ec10598467feb36f02471825d39536568225e18