Windows Server 2012

1. Open Server Manager and click Manage > Add Roles and Features. Click Next.
2. Select Role-based or feature-based installation and click Next.
3. Select the appropriate server. The local server is selected by default. Click Next.
4. Enable Web Server (IIS) and click Next.
5. No additional features are necessary to install the Web Adaptor, so click Next.
6. On the Web Server Role (IIS) dialog box, click Next.
7. On the Select role services dialog box, verify that the web server components listed below are enabled. Click Next.
8. Verify that your settings are correct and click Install.
9. When the installation completes, click Close to exit the wizard.

Correr: gpedit.msc
Ir a Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation
Abrir - Encryption Oracle Remediation, escolher Enable, alterar Protection Level para Vulnerable e premir Apply.

A. Enabling Remote Connections on the Instance of SQL Server

First, you will ned to enable remote connections on the instance of SQL Server that you want to connect to from a remote computer.

1) Open & Login SQL Management Studio. Right-click on the server name in the Object Explorer and select “Properties” to access the Server Properties Window.

2) In the left pane of the Server Properties Window, select “Connections” and under “Remote Server Connections”, check the box next to “Allow remote connections to this server.” Click OK.

B. Configure SQL Server to Listen on Static Port

1) Open the SQL Server Configuration Manager and click on “SQL Server Services” in the left pane.

2) In the center, you will see a column that lists the Process ID for each running service. Look for the Process ID in the row for the SQL Server. Identify the port that the PID is listening on by typing the following into a command prompt: netstat -ano | find /i “PID-Number_of_SQL-Server”. In the example based on figure 3, you would type the following into the command prompt: netstat –ano | find /I “NUMBER”. For an example, please see Figure 4 below.

3) By default, the TCP/IP protocol is disabled and must be enabled. If you do not enable the TCP/IP protocol, there will be no results from the command executed in step 2. To enable the TCP/IP protocol, go to the SQL Server Configuration manager and click on “SQL Server Network Configuration”. Right click on the “TCP/IP” protocol and select “Enable”.

4) Restart the SQL Server service and identify the Process ID assigned to the SQL Service.

5) In the command prompt, execute the following command: netstate –ano | find /i “PROCESSID”. In the example below, the command would be: netstate –ano | find /i “NUMBER”. Results should be seen as below in Figure 7.

6) Return to the SQL Server Configuration Manager. Click on “SQL Server Network Configuration” in the left pane and right-click the “TCP/IP” protocol and select “Properties”. Go to the “IP Addresses” tab and scroll down to the IPALL section. Remove the value for TCP Dynamic Ports (leaving it blank) and enter the port 1433 for TCP port.

7) Restart the SQL Server Service, identify the new process ID assigned to the SQL service. In the command prompt, execute the following command: netstate – ano | find /i “3948”. Results should be displayed as shown in Figure 9 below.

8) The SQL Express is now configured to listen on standard port 1433.

C. Turn On the SQL Server Browser Service

1) Open the SQL Server Configuration Manager. Click on “SQL Server Services” in the left pane and right click on “SQL Server Browser Service” and click “Properties”.

2) In the SQL Server Browser Properties Window, click on the “Service” tab. Under the “Start Mode” option, change the start type to “Automatic”. Click “Apply”.

3) In the SQL Server Browser Properties Window, click on the “Log On” tab. Click the “Start” button to start the SQL Browser Service.

4) In the SQL Server Browser, confirm that the service is running as shown in figure 13.

Note: According to SQL Server Hardening best practices, the SQL Server Browser service should be disabled. This service is typically not required. The SQL Server Browser service responds to requests for SQL Server resources and redirects the caller to the correct port. Keeping the Browser service disabled will remove the redirector as an attack vector, helping to obscure the correct entry ways into your SQL Server components.

D. Configure the Firewall to Allow Network Traffic Related to SQL Server and the SQL Server Browser Service

In Windows Firewall, four exceptions must be configured to allow access to the SQL Server.

1) A port exception for TCP Port 1433. In the new Inbound Rule Wizard dialoag, use the following information to create a port exception:

Select “Port”
Select “TCP” and specify port “1433”
Allow the connection
Choose all three profiles (Domain, Private, and Public)
Name the rule “SQL – TCP 1433”

2) A port exception for UDP Port 1434. Click the New Inbound Rule Wizard dialog and use the following information to create another port exception:

Select “Port”
Select “UDP” and specify port “1434”
Allow the connection
Choose all three profiles (Domain, Private, and Public)
Name the rule “SQL – UDP 1434”

3) A program exception for exe. Click the New Inbound Rule Wizard dialog and use the following information to create a program exception:

Select “Program”
Click “Browse” to select “sqlserver.exe” in the following location:

C:\Program Files\Microsoft SQL Server\MSSQL11.\MSSQL\Binn\sqlservr.exe where is the name of your SQL instance.

Allow the connection
Choose all three profiles (Domain, Private, and Public)
Name the rule “SQl – Sqlservr.exe”

4) A program exception for exe. Click the New Inbound Rule Wizard dialog and use the following information to create another program exception:

Select “Program”
Click “Browse” to select sqlbrowser.exe. By default, it is located in the following location:

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

Allow the connection
Choose all three profiles (Domain, Private, and Public)
Name the rule “SQL – sqlbrowser.exe”