Symantec Enterprise Security Manager Modules. Release Notes



Similar documents
Symantec Enterprise Security Manager Oracle Database Modules Release Notes. Version: 5.4

Symantec Enterprise Security Manager Modules for Sybase Adaptive Server Enterprise Release Notes 3.1.0

Symantec Mobile Management for Configuration Manager

Symantec Critical System Protection Agent Guide

Symantec Security Information Manager - Best Practices for Selective Backup and Restore

Symantec Virtual Machine Management 7.1 User Guide

Veritas Operations Manager LDom Capacity Management Add-on User's Guide 4.1

Veritas Operations Manager Package Anomaly Add-on User's Guide 4.1

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Symantec Client Firewall Policy Migration Guide

Symantec LiveUpdate Administrator. Getting Started Guide

Symantec Data Center Security: Server Advanced v6.0. Agent Guide

Backup Exec Cloud Storage for Nirvanix Installation Guide. Release 2.0

Symantec Enterprise Vault Technical Note

Symantec Protection Engine for Cloud Services 7.0 Release Notes

Symantec Critical System Protection Agent Event Viewer Guide

Veritas Cluster Server Getting Started Guide

Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide

Symantec Critical System Protection Configuration Monitoring Edition Release Notes

Symantec NetBackup Vault Operator's Guide

Symantec Endpoint Protection Shared Insight Cache User Guide

Symantec Mobile Management 7.2 MR1Quick-start Guide

Veritas Operations Manager Release Notes. 3.0 Rolling Patch 1

Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc

Veritas Cluster Server Library Management Pack Guide for Microsoft System Center Operations Manager 2007

Symantec Protection Center Enterprise 3.0. Release Notes

Symantec AntiVirus for Network Attached Storage Integration Guide

Symantec NetBackup OpenStorage Solutions Guide for Disk

Encryption. Administrator Guide

Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

PGP Desktop Version 10.2 for Mac OS X Maintenance Pack Release Notes

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note

PGP CAPS Activation Package

Symantec NetBackup Desktop and Laptop Option README. Release 6.1 MP7

Symantec NetBackup Backup, Archive, and Restore Getting Started Guide. Release 7.5

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide

Symantec NetBackup OpenStorage Solutions Guide for Disk

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Symantec ApplicationHA agent for Internet Information Services Configuration Guide

Symantec Enterprise Security Manager Patch Policy Release Notes

Symantec Management Platform Installation Guide. Version 7.0

Symantec Asset Management Suite 7.5 powered by Altiris technology User Guide

Symantec Critical System Protection Agent Event Viewer Guide

Symantec Event Collector for Kiwi Syslog Daemon version 3.7 Quick Reference

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide

Symantec Enterprise Vault

Symantec Enterprise Vault

Symantec Security Information Manager 4.8 Release Notes

PGP Desktop Version 10.2 for Windows Maintenance Pack Release Notes

Symantec Secure Proxy Administration Guide

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Symantec Enterprise Vault

Symantec Storage Foundation and High Availability Solutions Microsoft Clustering Solutions Guide for Microsoft SQL Server

Symantec Endpoint Protection Integration Component 7.5 Release Notes

Symantec System Recovery 2013 Management Solution Administrator's Guide

Configuring Symantec AntiVirus for NetApp Storage system

Symantec NetBackup Clustered Master Server Administrator's Guide

Symantec ESM agent for IBM AS/400

Symantec Enterprise Security Manager Agent for Linux PPC 64 Release Notes

Veritas Storage Foundation and High Availability Solutions Getting Started Guide

Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide

Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide

Symantec NetBackup for Enterprise Vault Agent Administrator's Guide

Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Symantec Protection for SharePoint Servers Implementation Guide

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Enterprise Vault

Symantec Enterprise Vault

Symantec Encryption Desktop Version 10.3 for Windows Maintenance Pack Release Notes

Symantec Response Assessment module Installation Guide. Version 9.0

Symantec NetBackup for Lotus Notes Administrator's Guide

Veritas Operations Manager Advanced 5.0 HSCL Pack 1 Release Notes

Symantec Enterprise Vault. Upgrading to Enterprise Vault

Altiris Asset Management Suite 7.1 from Symantec User Guide

Symantec Backup Exec Management Plug-in for VMware User's Guide

Symantec NetBackup PureDisk Deduplication Option Guide

Symantec Protection for SharePoint Servers Getting Started Guide

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide

Symantec ApplicationHA 6.1 Generic Agent Configuration Guide - AIX on IBM PowerVM

Symantec NetBackup for DB2 Administrator's Guide

Symantec NetBackup AdvancedDisk Storage Solutions Guide. Release 7.5

Altiris Patch Management Solution for Windows 7.1 from Symantec User Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Symantec ESM Agent For IBM iseries AS/400

Symantec NetBackup for Microsoft SQL Server Administrator's Guide

Symantec NetBackup Plug-in for VMware vcenter Guide. Release 7.6

Altiris Monitor Solution for Servers 7.5 from Symantec User Guide

Symantec NetBackup Clustered Master Server Administrator's Guide

Veritas Dynamic Multi-Pathing for Windows Release Notes

Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide

Symantec System Recovery 2011 Management Solution Administrator's Guide

Veritas Storage Foundation Scalable File Server Replication Guide 5.5

Virtual Business Service Availability User's Guide. Veritas Operations Manager 5.0

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide

Symantec Backup Exec 2010 R2. Quick Installation Guide

Enabling Windows Management Instrumentation Guide

Transcription:

Symantec Enterprise Security Manager Modules for MS SQL Server Databases Release Notes Release 4.1 for Symantec ESM 9.0.x and 10.0 For Windows 2000/2008 and Windows Server 2003

Symantec Enterprise Security Manager Modules for MS SQL Server Databases Release Notes The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version: 4.1 Legal Notice Copyright 2010 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, ActiveAdmin, BindView, bv-control, and LiveUpdate are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com

Technical Support Contacting Technical Support Symantec Technical Support maintains support centers globally. Technical Support s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec s support offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and/or Web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services For information about Symantec s support offerings, you can visit our Web site at the following URL: www.symantec.com/business/support/ All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy. Customers with a current support agreement may access Technical Support information at the following URL: www.symantec.com/business/support/ Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: Product release level

Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes Licensing and registration Customer service If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/business/support/ Customer service information is available at the following URL: www.symantec.com/business/support/ Customer Service is available to assist with non-technical questions, such as the following types of issues: Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and support contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs or manuals

Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows: Asia-Pacific and Japan Europe, Middle-East, and Africa North America and Latin America customercare_apac@symantec.com semea@symantec.com supportsolutions@symantec.com

What's new This document includes the following topics: What's new New support New password management for SQL login accounts New options added for silent configuration New checks New messages New template Enhancements Resolved issues Known issues What's new This release includes the following features and enhancements: New platform support New MS SQL version support New cluster support New silent configuration options New password management for SQL login accounts Four new options added for silent configuration

8 What's new New support Ten new checks in the SQL Server Configuration module One new check in the SQL Server Auditing module One new check in the SQL Server Password Strength module One new check in the SQL Server Discovery module One new message added for all the SQL Server modules One new template in the SQL Server Auditing module New support This release of Symantec ESM Modules for MS SQL Server database supports the following: New Platform support: Windows 2003 R2 (x86 and x64) Windows 2008 R2 (x64) New MS SQL version support: MS SQL 2008 R2 New cluster support: Windows 2003 (x86, x64) with MS SQL 2005, 2008, 2008 R2 Windows 2008 (x64) with MS SQL 2005, 2008, 2008 R2 New password management for SQL login accounts This release of Symantec ESM Modules for MS SQL Server database adds password management for SQL login accounts. The password management for SQL login accounts lets you do the following: Specify a period for the password to change at random. Specify the length of the passsword. Specify the special characters that you want to use to create the password. New options added for silent configuration This release of Symantec ESM Modules for MS SQL Server database adds the following new options for silent configuration:

What's new New checks 9 MSSQLSetup -sv MSSQLSetup -sof MSSQLSetup -sif MSSQLSetup sif all MSSQLSetup sof all Skip connection validation. Export the existing configuration records of the local cluster instances to an output file. Import the configuration records of the local cluster instances from the input file. Import all the server configuration records. Export all the server configuration records. New checks This release of Symantec ESM Modules for MS SQL Server database adds the following new checks in the SQL Server modules: Table 1-1 gives a list of the new checks that are added to the SQL Server modules. Table 1-1 Module name, check name, and description Module name SQL Server Auditing Check name SQL Server trace events Check description This check reports the events specified in the template, that are either not being captured by any active SQL trace or any active SQL traces that are specified within the template.

10 What's new New checks Table 1-1 Module name, check name, and description (continued) Module name SQL Server Configuration Check name Replication filter Replication Agent account Analysis Service SAC features Reporting Service SAC features ForceEncryption should be enabled SQL Server SSL certificate with FQDN name Windows authentication for linked server SQL Server property SQL Server cluster nodes Publication Access List (PAL) Check description This check reports the publications that do not use filters to protect data. This check verifies whether the Replication Agent uses a Windows account instead of a SQL server agent account. This check reports on the surface area configuration (SAC) features of Analysis Services that are detected on the host system. This check reports on the surface area configuration (SAC) features of Reporting Services that are detected on the host system. This check verifies whether the ForceEncryption setting is enabled for the SQL Server. This check verifies whether the Friendly name property of the SSL certificate that is configured for the SQL Server contains the FQDN name of the server. This check operates only in the host-based mode. This check verifies if the linked and the local servers are configured to use Windows authentication mode. This check reports the server properties that are specified in the template. If the SQL Server is a clustered server, then the check reports all the nodes within the SQL Server cluster setup. This check reports the SQL server publication access list accounts for the published databases. Use the name list to include or exclude the accounts for this check to report on.

What's new New messages 11 Table 1-1 Module name, check name, and description (continued) Module name SQL Server Discovery SQL Server Password Strength Check name Password management configuration parameters Hide guessed password details Check description Enable this check to configure the password management configuration parameters on the ESM agents. Use the name list to specify the values for the supported configuration parameters. When you enable this check, the security checks no longer display the details of the guessed password. New messages SQL Server modules For more information on the new checks, see the Symantec Enterprise Security Manager Modules for MS SQL Server Databases User Guide. This release of Symantec ESM Modules for MS SQL Server database adds the following new messages in the SQL Server module: A new message has been added to the SQL Server modules. The module reports this message if the cluster node on which the ESM agent is installed, is not the active node running the configured SQL Server instance. Table 1-2 lists the new message for the SQL Server modules. Table 1-2 New message for the SQL Server modules Message String ID ESM_CLUSTER_NOT_ ON_ACTIVENODE Message Title Cluster instance not on active node Message Severity green-0 New template The check also reports, SQL query failure if the user does not have any of the required privileges. This release of Symantec ESM Modules for MS SQL Server database adds a new template in the SQL Server Auditing module.

12 What's new Enhancements Enhancements The SQL Server trace events check uses the SQL Server Trace Events template to report the events specified in the template, that are either not being captured by any active SQL trace or any active SQL traces that are specified within the template. The SQL Server Trace Events has a default.mse extension. For more information on the new template, see the Symantec Enterprise Security Manager Checks and Templates Reference 10.0. This release enhances the following modules: Installation and configuration (Windows 2008 and 2003 x86 and x64) Earlier, when the MSSQLSetup.exe was run by a user without the admin right privileges, the MSSQLSetup.exe reported an error, This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information. Now, the MSSQLSetup.exe has been enhanced to be run only by an administrator. On Windows 2008, if the MSSQLSetup.exe is run by a user who does not have admin rights, then the user is prompted to enter admin credentials in the secure desktop mode. If the credentials provided by the user are correct, then the MSSQLSetup.exe is executed, else the setup reports an access denied error. On Windows 2003, if the MSSQLSetup.exe is run by a user who does not have admin rights, then MSSQLSetup.exe stops after it reports, Onlyuserswithfulladministrative privileges can run this program. If you are using the Run As option to invoke the application, then make sure that you are not running the program with restricted access.

What's new Resolved issues 13 MSSQLSetup.exe The following options have been enhanced for the MSSQLSetup.exe : -i -I List the MS SQL Server instance and local cluster instances that are installed the ESM agent computer. List the MS SQL Server instance and local cluster instances that are installed on the ESM agent computer. MSSQLSetup.exe SQL Server Discovery module SQL Server Objects module SQL Server Password Strength The MSSQLSetup.exe has been enhanced to report the virtual server name or the virtual IP address along with the instance name. The module has been enhanced to detect the new cluster instances that are present on the ESM agent computer. The SQL Server Object Permissions template has been enhanced to support wildcard character * and? in the Object field. A new Include/exclude name list has been added to the Monitor password age check. Use the name list to specify the logon names that should be included or excluded from this check. Resolved issues This release resolves the following issues: MSSQLSetup.exe SQL Server Objects The program no longer reports, Connection with server failed when you use a domain user account to connect to the local SQL server. The Guest access to databases check has now been modified to verify the connect privileges of the guest user on each database. This enhancement is applicable on MS SQL servers 2005 or later.

14 What's new Known issues SQL Server Objects The Object permissions check has been modified to correctly report the prohibited permissions. In the SQL Server Object Permissions template, if you select Prohibited value in the Required field and specify ALL or ALL+ New values in the Column field, then the check reports correct results. Known issues The following issues are known in the Password management functionality: The password management feature is enabled for the SQL server instances The password management feature is enabled on a multi-node SQL cluster On agent A1, you configure SQL instance S1 to scan with SQL user U1 and password P1. On agent A2, you use the same SQL instance S1 to scan with SQL user U1 and password P1. During the policy run on agent A1, the module updates the password for U1 with a random password, and saves the password in the configuration file. When the policy is run on agent A2, the module fails to report on SQL instance S1 as the password is changed for the SQL user U1. On Node 1 of the cluster, you configure SQL instance S1 to scan with SQL user U1 and password P1. On Node 2 of the cluster, you use the same SQL instance S1 to scan with SQL user U1 and password P1. During the policy run on Node 1, the module updates the password for U1 with a random password, and saves the password in the configuration file. During a failover scenario, the policy runs on Node 2, but it fails to report on S1 as the password for user U1 has changed when the first policy run was performed on SQL cluster Node 1. Following is the workaround: You can configure a clustered instance on two nodes using two different SQL login accounts to avoid the password identification/management conflict.

What's new Known issues 15 The password management feature is enabled for the SQL server instances that are configured to run using a generic user account On agent A1, multiple SQL server instances S1, S2, and S3 are running and are configured to use generic credentials. You have enabled the password management for generic credentials. During the policy run, the module overwrites the server record that is present in the configuration file with an actual user name and password and saves this information in the configuration file. Now, if you run the SQL Discovery module and SQL server instance S2 is down, then SQL Discovery module reports S2 as an unreachable instance and the server record of S2 is deleted from the configuration file. When the S2 server is up, the SQL Discovery module re-discovers it and uses the generic credentials to update the configuration record however, the module is unable to connect to the server S2 as the password of server S2 was last updated with a random password. Following is the workaround: Manually reset the password on the server 'S2' with generic credentials. Run the SQL Discovery module and then use either a Snapshot Update or a Correction feature to add the configuration record of the detected server in the configuration file. In a failover cluster the database instance shifts to a different node In a failover cluster, after the database instance shifts to a different node, the policy run ends with a connection failure error due to invalid credentials. Following is the workaround: You must export the ESM MS SQL module s configuration file of the failed node to the failover node or manually reset and re-configure the ESM MS SQL module with the new password information. For more information on the parameters in the mssqlenv.dat file, see the Symantec Enterprise Security Manager Modules for MS SQL Server Databases User Guide.

16 What's new Known issues

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information