VERIFIED SOLUTION i

How to make Microsoft SQL Server more secure when being used with EngageOne Designer

Product Feature: Administration
Operating System: Windows
Database: MSSQL
Versions affected: 6.1 and later
 
By default EngageOne Designer will enable the following features in Microsoft SQL Server:

- xp_cmdshell 
- Ole Automation Procedures

If using EngageOne Designer version 6.1 or higher then it is possible to disable 'xp_cmdshell' as this is no longer required. This can be done by running the following SQL on the server:

Use Master
GO
EXEC master.dbo.sp_configure 'show advanced options', 1
RECONFIGURE WITH OVERRIDE
GO
EXEC master.dbo.sp_configure 'xp_cmdshell', 0
RECONFIGURE WITH OVERRIDE
GO
EXEC master.dbo.sp_configure 'show advanced options', 0
RECONFIGURE WITH OVERRIDE
GO

This will turn off 'xp_cmdshell'

Ole Automation Procedures is still required by the 'Repository Configuration Tool (RCT)' but can be disabled once EngageOne Designer is working and the RCT is no longer required. To disable this run the following command on the SQL server:

Use Master
GO
EXEC master.dbo.sp_configure 'show advanced options', 1
RECONFIGURE WITH OVERRIDE
GO
EXEC master.dbo.sp_configure 'Ole Automation Procedures', 0
RECONFIGURE WITH OVERRIDE
GO
EXEC master.dbo.sp_configure 'show advanced options', 0
RECONFIGURE WITH OVERRIDE
GO

If the RCT is needed again then re-enable 'Ole Automation Procedures' with the following SQL:

Use Master
GO
EXEC master.dbo.sp_configure 'show advanced options', 1
RECONFIGURE WITH OVERRIDE
GO
EXEC master.dbo.sp_configure 'Ole Automation Procedures', 1
RECONFIGURE WITH OVERRIDE
GO
EXEC master.dbo.sp_configure 'show advanced options', 0
RECONFIGURE WITH OVERRIDE
GO

 
UPDATED:  September 29, 2017