SQL4-00-016850 - SQL Server must have the Management Tools software component removed if it is unused.

Information

Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default or selected for installation by an administrator, may not be necessary to support essential organizational operations (e.g., key missions, functions).

Applications must adhere to the principles of least functionality by providing only essential capabilities. Unused and unnecessary SQL Server components increase the number of available attack vectors. By minimizing the services and applications installed on the system, the number of potential vulnerabilities is reduced.

Management Tools is an indispensable software component on any server running the SQL Server DBMS, if the database administrator logs on to the Windows server to do his/her work. However, it is also possible to use the management tools on a separate machine and still connect to SQL Server. If this approach is used and DBAs never need to use the Management Tools directly on the server, then the Management Tools software component must be removed from the server.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Either using the Start menu or via the command 'control.exe', open the Windows Control Panel. Open Programs and Features. Double-click on Microsoft SQL Server 2014. In the dialog box that appears, select Remove. Wait for the Remove wizard to appear.

Select the relevant SQL Server instance; click Next.

Select Management Tools - Basic and Management Tools - Complete; click Next.

Follow the remaining prompts, to remove Management Tools from SQL Server.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2014_Y24M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-213845r960963_rule, STIG-ID|SQL4-00-016850, STIG-Legacy|SV-82337, STIG-Legacy|V-67847, Vuln-ID|V-213845

Plugin: Windows

Control ID: 834885eb078ca31a351bccd29a97173ff50ab36400578fac6eea95fb1c439465