Uninstall excess tooling and/or remove unnecessary roles from the underlying operating system.
SQL Server offers various configuration options, some of them can be controlled by the
sp_configure stored procedure
There are a number of CIS recommendations that should not be implemented on Synergetic environments. These are:
|2.2||Ensure 'CLR Enabled' Server Configuration Option is set to '0'||Required for underlying logic|
|2.9||Ensure 'Trustworthy' Database Property is set to 'Off'||Required for CLR access|
|2.11||Ensure SQL Server is configured to use non-standard ports|
Not supported for default instances . May have issue with changing port on default instance as Synergetic config does not allow supplying of port number in the configuration file. However, this would works okay for named instances using the SQL Browser Service but then CIS 2.12 could not be performed to 'hide' the instance.
|2.14||Ensure the 'sa' Login Account has been renamed||Synergetic has dependencies on DB owner matching the user that created the CLRs, which is normally ‘sa’ and set the DB owner to dbo (which is linked to sa).|
|2.17||Ensure no login exists with the name 'sa'||As above, ‘sa’ user is required but can be disabled|
|3.1||Ensure 'Server Authentication' Property is set to 'Windows |
|Synergetic requires mixed mode - normal staff and admin user accounts can all use Windows Auth but the application has internal SQL user accounts (zSynergetic_*) managed by the patch process and used for each application|
|3.4||Ensure SQL Authentication is not used in contained databases||As above, Synergetic uses contained users for the zSynergetic* application user accounts|
|6.2||Ensure 'CLR Assembly Permission Set' is set to 'SAFE_ACCESS' |
for All CLR Assemblies
Current Synergetic CLR settings are defined as follows: