Linked server providers should not allow ad hoc access.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15187	DM6155-SQLServer9	SV-25494r1_rule	DCFA-1	Medium

Description
Ad hoc access allows undefined access to remote systems. Access to remote systems should be controlled to prevent untrusted data to be executed or uploaded to the local server.

STIG	Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide	2015-06-16

Details

Check Text ( C-13817r1_chk )
From the SQL Server Management Studio GUI: 1. Expand Database 2. Expand Server Objects 3. Expand Linked Servers 4. Expand Providers 5. For each Provider listed: a. Right click on Provider name b. Click Properties c. View Provider options If "Disallow adhoc access" is not enabled (checked) for all Providers, this is a Finding.

Fix Text (F-14837r1_fix)
Enable Disallow adhoc access for all linked servers. From the SQL Server Management Studio GUI: 1. Expand Database 2. Expand Server Objects 3. Expand Linked Servers 4. Expand Providers 5. For each Provider listed: a. Right click on Provider name b. Select Properties c. Click on the Enable check box for Name = Disallow adhoc access d. Click OK button Note: The procedure described above will disallow adhoc access for all linked servers that use the providers..

Fix Text (F-14837r1_fix)

Enable Disallow adhoc access for all linked servers.

From the SQL Server Management Studio GUI:

1. Expand Database
2. Expand Server Objects
3. Expand Linked Servers
4. Expand Providers
5. For each Provider listed:
a. Right click on Provider name
b. Select Properties
c. Click on the Enable check box for Name = Disallow adhoc access
d. Click OK button

Note: The procedure described above will disallow adhoc access for all linked servers that use the providers..