- 
                Notifications
    You must be signed in to change notification settings 
- Fork 11
Security Compliance
| Previous Non-English Versions Of SQL Server | FineBuild Components Inventory Next | 
|---|
FineBuild can help with compliance to common security standards, including Common Criteria, HIPAA and PCI.
The current version of SQL FineBuild does not yet give full compliance to any given standard. Further work is planned in this area.
The Security Compliance configuration will enforce the processing below. The items are listed in alphabetical order, not the order in which they are processed by SQL FineBuild.
| SQL Version | Parameter | Default Value | 
|---|---|---|
| SQL2019 | /SetupCompliance: | No | 
| SQL2017 | /SetupCompliance: | No | 
| SQL2016 | /SetupCompliance: | No | 
| SQL2014 | /SetupCompliance: | No | 
| SQL2012 | /SetupCompliance: | No | 
| SQL2008R2 | /SetupCompliance: | No | 
| SQL2008 | /SetupCompliance: | No | 
| SQL2005 | /SetupCompliance: | No | 
If the /SetupCompliance: parameter parameter has a value of YES, the following options are enforced:
| Item | Comment | 
|---|---|
| Configure AS Instance Security Properties | Configure Analysis Services Instance Security Properties | 
| Configure COM Security | Configure COM security for SSIS | 
| Configure Database Owner Account | Setup low-privilege account to own user databases | 
| Configure DBA Non-Sysadmin Group | Setup authorities for DBA non-Sysadmin Group | 
| Configure Old Accounts | Remove Redundant SQL Server Accounts | 
| Configure Reporting Services Administration Accounts | Configure Administration Accounts for Reporting Services | 
| Configure SA Account | Disable and optionally rename the sa Account | 
| Configure SQL Instance Security Properties | Configure auditing of SQL Logon activity | 
| Configure SQL Network Protocols | Configure custom ports for SQL Server | 
| Configure Standard Accounts | Setup accounts needed within SQL Server | 
| Configure Sysadmin Accounts | Setup authorities for sysadmin accounts | 
| Disable Install Login | See Reference Manual | 
| Install Access Based Enumeration (ABE) | Prevents users who do not have access to the server from discovering information about shares and other details for the server | 
| Setup Firewall Port Exceptions | Set Firewall Exceptions for SQL Server components | 
| Setup No Windows Global Access | Disable Windows Global Access to Server | 
| Setup No SSL v3 | Disable SSL v3 | 
| Setup No TCP NetBIOS | Disable NetBIOS over TCP | 
| Setup SPNs | Setup Service Principal Names for SQL Server services | 
| Setup TLS 1.2 | Enable TLS 1.2 | 
| Setup Windows Audit | Setup Windows Audit Options | 
The following items are disabled, except for a Workstation Build or a Client Tools Only Build
| Parameter | Value | 
|---|---|
| SetupSQLTools | No | 
Copyright FineBuild Team © 2016 - 2018. License and Acknowledgements
| Previous Non-English Versions Of SQL Server | Top | FineBuild Components Inventory Next | 
|---|
Key SQL FineBuild Links:
SQL FineBuild supports:
- All SQL Server versions from SQL 2019 through to SQL 2005
- Clustered, Non-Clustered and Core implementations of server operating systems
- Availability and Distributed Availability Groups
- 64-bit and (where relevant) 32-bit versions of Windows
The following Windows versions are supported:
- Windows 2022
- Windows 11
- Windows 2019
- Windows 2016
- Windows 10
- Windows 2012 R2
- Windows 8.1
- Windows 2012
- Windows 8
- Windows 2008 R2
- Windows 7
- Windows 2008
- Windows Vista
- Windows 2003
- Windows XP