UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Analysis Services ad hoc data mining queries configuration option should be disabled if not required.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15183 DM6085-SQLServer9 SV-25466r1_rule DCFA-1 Medium
Description
SQL Server Ad Hoc distributed queries allow specific functions (OPENROWSET and OPENDATASOURCE) to connect to remote systems without those remote systems being defined within database. Access to unauthorized systems could lead to unauthorized activity in remote systems that could compromise the local database.
STIG Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide 2015-06-16

Details

Check Text ( C-13793r1_chk )
If Analysis Services is not deployed on the local host, this check is Not a Finding.

Note: To detect deployment, view Windows Services. If SQL Server Analysis Services ([instance name]) is not listed, then Analysis Services is not installed on this host.

From the SQL Server Management Studio GUI:

1. Connect to the Analysis Services instance
2. Right click on the Analysis Services instance
3. Select Properties
4. View the value listed for DataMining \ AllowAdHocOpenRowsetQueries

If value = 'true', this is a Finding.

The AllowAdHocOpenRowsetQueries value may also be viewed in the Analysis Services configuration file, msmdsrv.ini under XML tag:

[AllowAdHocOpenRowsetQueries]

The configuration file may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory.
Fix Text (F-14813r1_fix)
Set value for AllowAdHocOpenRowsetQueries to 'false'

From the SQL Server Management Studio GUI:

1. Connect to the Analysis Services instance
2. Right click on the Analysis Services instance
3. Select Properties
4. View the value listed for DataMining \ AllowAdHocOpenRowsetQueries
5. Select value = 'false'
6. Click OK