Release Notes - bv-Control® for Microsoft® SQL Server v8.20
|Article:TECH113297|||||Created: 2006-01-14|||||Updated: 2010-09-06|||||Article URL http://www.symantec.com/docs/TECH113297|
Release Notes bv-Control® for Microsoft® SQL Server v8.20
bv-Control for Microsoft SQL Server application provides a security solution for the SQL Server enterprise. Using bv-Control for Microsoft SQL Server, security administrators and auditors can easily pinpoint database access permissions and review configuration and security analysis before users experience system downtime or security violations. This application provides full-featured, query-based capabilities allowing security administrators and auditors to easily build custom queries for issues specific to their SQL Server environments, and perform queries across multiple servers simultaneously. This application also performs auditing of SQL Server level events and Database level events.
The bv-Control for Microsoft SQL Server product has minimum system requirements for installation and use. Before installing bv-Control for Microsoft SQL Server, ensure that your system meets these requirements in addition to the system requirements for the BindView RMS® Console:
- Pentium® II 450 MHz
- 256 MB RAM
- 300 MB of free disk space
- Microsoft® Windows® 2000 SP3 (server or workstation), Windows XP® Professional SP1, or Windows Server™ 2003 or later
- SVGA monitor that supports 256 colors with the display set to 800 x 600 pixels or greater
- Microsoft® Internet Explorer v5.5 SP1 or later
- Microsoft® Outlook® 2000, Novell® GroupWise® v5.5, Lotus Notes® v5.0 or Lotus Domino (only required for e-mailing export files)
- Microsoft® Excel (required for Excel (using OLE) export files)
- Client for Microsoft® Networks
- Pentium III 800 MHz
- 1 GB RAM
- 500 MB of free disk space
- Microsoft Windows 2000 SP3 (server or workstation), Windows XP Professional SP1, or Windows Server 2003 or later
- Microsoft SQL Server v7.0 or 2000, Microsoft SQL Server Desktop Engine (MSDE) v1.0 or 2000, Microsoft SQL Server Standard Edition v7.0 or 2000, Microsoft SQL Server Enterprise Edition v7.0 or 2000, Microsoft SQL Server Personal Edition 2000, Microsoft SQL Server Developer Edition 2000
- Microsoft Internet Explorer v5.5 SP1 or later
- Microsoft Outlook 2000, Novell GroupWise v5.5, Lotus Notes v5.0 or Lotus Domino (only required for e-mailing export files)
- Microsoft Excel (required for Excel (using OLE) export files)
- Client for Microsoft Networks
You must have administrative rights to the computer that you will be using.
We recommend that you review the following notes before using bv-Control for Microsoft SQL Server with the BindView RMS Console:
- For Remote Desktop Installation, when installing the bv-Control for Microsoft SQL Server snap-in on a remote machine using Microsoft’s Remote Desktop Connection (RDC), the installation might fail if you map to the drive of the machine containing the installation files and run setup.exe. A workaround for this problem is to connect to the machine (containing the installation files) using the UNC (Universal Naming Convention) format: \\Computer name\Share name\<Path to the setup.exe file>
. Alternatively, you can copy the installation files on the remote machine where the snap-in must be installed, and then run setup.exe.
- If SQL Server object has a double quote (“) in its name, then the reports scoped to these objects will fail.
- Explicit permissions field for User Defined Functions and Database Roles data sources does not return the new permissions added in Microsoft SQL Server 2005.
- Effective permissions for User Defined Functions data source does not return the new permissions added in SQL Server 2005 and does not consider the hierarchical security model of Microsoft SQL Server 2005.
- Members field for Database Roles data source does not display the SQL User members for public role. This issue arises only for Microsoft SQL Server 2005.
- For Database Permissions and Database Role Permissions data sources, if you add All Fields from the Field Specification tab of the Query Builder, then the query fails to execute. You should choose specific folders or fields from the Field Specification tab of the Query Builder depending on the object type.
- If local SQL credentials have been specified for querying against a target, then group resolution of Windows groups is not performed, as no Windows credentials are available.
- If a domain is specified in FQDN format in the credentials database using Add Domain Credential and is subsequently specified as an Advanced Scope through All SQL Sever Instances in Domain, then the query might not report any data.
- For the msdb database, if you execute a query using the Database File data source, the File Growth field reports an incorrect value.
- If a query is scoped to the default scope, the query might remain in an outstanding state for a significant amount of time.
- If the password hashes are made available in a file for password analysis, the fields Password Empty?, Password Equal To, Password Last Changed, and Password Same As Login Name? in the Server Logins data source do not report correct values for server logins having a comma (,).
- After you have installed the Microsoft SQL Server Enterprise Manager, you will need to start the Microsoft SQL Server service before launching and using the bv-Control for Microsoft SQL Server application. If the Microsoft SQL Server service is not restarted, you will receive a critical failure message stating that the SQL server does not exist.
- For querying a Microsoft SQL server installed on a Windows XP SP2 machine, only Windows Authentication is supported.
- For fields requiring enumeration of Microsoft Windows group membership, if permissions are denied while enumerating group memberships, then the group name itself will be displayed in the members list.
- If a job is run multiple numbers of times and is subsequently modified, then the query reports incorrect values for the fields Last run date, Last run duration, Last run outcome, Last run retries, and Last run time in the Job Steps data source.
For the Auditing Feature
- Only Microsoft SQL Server 2000 Servers can be configured as Audit Data Repositories.
- If a database is configured for ‘Comprehensive’ auditing using backup transaction logs, and if a database table row has been updated after the backup of the transaction log was taken, then the old value\new value calculation will report incorrect values for that data row, as information on the most recent transactions on this row are not available.
- Auditing using backup transaction log files is supported up to a maximum file size of 2 GB per file.
- If SQL server instances are configured using IP address in the host name, then auditing using backup transaction log fails.
- Collection of audit events using transaction log fails if the configured database or table has a dot (.) or single quote (‘) in the name.
- Auditing fails for update operation on table columns having values greater than 4000 bytes.
- Auditing configured with Backup transaction log doesn't work if 'database-complete' option is selected while backing up the database.
- If you select auditing for create\update\delete events on either of tables, views or stored procedures, events for all three types of objects get audited.
- The auditing solution fails to audit tables having owners containing a dot (.) in their name.
- Auditing is not supported for columns of the following data types: image, ntext, sql_variant, and text.
- Auditing is not supported for uncommitted transactions.
- If multiple transaction log collection jobs are running at the same time, and if the transaction logs are of large size, then BVJobProcessor consumes significant amount of memory for processing these transaction logs. A work around to this problem is to schedule large transaction log collection jobs at separate times.
The following is a summary of the change history of bv-Control for Microsoft SQL Server v8.20:
- Introduced feature of auditing SQL Server and Database activity for Microsoft SQL Server 2000
- Extended Support for Microsoft SQL Server 2005
- Removed trust requirement for reporting against target SQL Server
You can audit user logins/logouts, permission changes, DDL, and DML events for your critical SQL Server installations
bv-Control for Microsoft SQL Server now supports Microsoft SQL Server 2005
There is no more Windows trust requirement between BindView Information Server and target SQL Server.
For more information about what's new in this release, please refer to the "What's New in This Release" topic in the bv-Control for Microsoft SQL Server Online Help.
Your BindView product CD contains the following documentation:
- Getting Started Guide - contains a high-level description on planning and deployment of bv-Control for Microsoft SQL Server, as well as evaluation scenarios and troubleshooting information.
- Quick Start Card - contains a high-level description of how to install and configure the product.
- Online Help - contains information on how to use the product. You can access the Online Help by clicking the Help button in any dialog, by right-clicking an item and selecting Help from the action menu, or by pressing the F1 key.
Note: Some documentation is presented in PDF format. You must have Adobe® Reader® installed to view the PDF files.
Copyright © 2006 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo , BindView, the BindView logo, bv-Control are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
Symantec Corporation 20330 Stevens Creek Blvd.
Cupertino, CA 95014
Article URL http://www.symantec.com/docs/TECH113297