This project has moved and is read-only. For the latest updates, please go here.

Previous Non-English Versions Of SQL Server FineBuild Components Inventory Next

Security Compliance

FineBuild can help with compliance to common security standards, including Common Criteria, HIPAA and PCI.

The current version of SQL FineBuild does not yet give full compliance to any given standard. Further work is planned in this area.

FineBuild Security Compliance

The Security Compliance configuration will enforce the processing below. The items are listed in alphabetical order, not the order in which they are processed by SQL FineBuild.

Parameter Build SQL2005 SQL2008 SQL2008 R2 SQL2012 SQL2014 SQL2016 SQL2017
SetupCompliance any No No No No No No No

If the /SetupCompliance: parameter parameter has a value of YES, the following options are enforced:
Item Comment
Configure AS Instance Security Properties Configure Analysis Services Instance Security Properties
Configure COM Security Configure COM security for SSIS
Configure Database Owner Account Setup low-privilege account to own user databases
Configure DBA Non-Sysadmin Group Setup authorities for DBA non-Sysadmin Group
Configure Old Accounts Remove Redundant SQL Server Accounts
Configure Reporting Services Administration Accounts Configure Administration Accounts for Reporting Services
Configure SA Account Disable and optionally rename the sa Account
Configure SQL Instance Security Properties Configure auditing of SQL Logon activity
Configure SQL Network Protocols Configure custom ports for SQL Server
Configure Standard Accounts Setup accounts needed within SQL Server
Configure Sysadmin Accounts Setup authorities for sysadmin accounts
Disable Install Login See Reference Manual
Install Access Based Enumeration (ABE) Prevents users who do not have access to the server from discovering information about shares and other details for the server
Setup Firewall Port Exceptions Set Firewall Exceptions for SQL Server components
Setup No Windows Global Access Disable Windows Global Access to Server
Setup No SSL v3 Disable SSL v3
Setup No TCP NetBIOS Disable NetBIOS over TCP
Setup SPNs Setup Service Principal Names for SQL Server services
Setup TLS 1.2 Enable TLS 1.2
Setup Windows Audit Setup Windows Audit Options

The following items are disabled, except for a Workstation Build or a Client Tools Only Build
Parameter Value
SetupSQLTools NO

Copyright FineBuild Team © 2016 - 2017. License and Acknowledgements
Previous Non-English Versions Of SQL Server Top FineBuild Components Inventory Next

Last edited Mar 20, 2017 at 3:01 PM by EdVassie, version 4