Server Configuration Page
The Server Configuration page (see Figure 13) is one of the more important pages within this installation wizard.
Figure 13. Server Configuration page
A service account can be built-in, like the
Network Service account, or it can be a Windows User account. One thing
to keep in mind is that whatever account is used for these services,
that account has a high privilege. If you are not using Windows 7 or
Windows Server 2008, you should refrain from using the built-in system
accounts and instead use a regular domain user account.
The reason is that if your SQL Server instance
is compromised and the attackers gain access to the sysadmin account,
they are effectively running as whatever user is listed as the SQL
Server service account. If you have only a single domain user account
for SQL Server and a different one for other services, it would be much
more difficult for attackers to obtain information from the other
services. Similarly, if SQL Server is running under the Local System
built-in account, that account has access to everything on the server.
Thus, if your server is compromised and you are running under Local
System, your whole server could be exposed to the attacker. If you are
using Windows 7 or Windows Server 2008, you can use the Network Service
account because it is more secure and easier to administrate than a
domain account. The Service Accounts grid allows the user to specify a
built-in account or a user account to use for each of the services that
will be installed.
The Startup Type drop-down
options are Automatic, Manual, or Disabled. This setting determines the
state of the service upon a server reboot. Automatic means this service
will be automatically started when the operating system starts. Manual
means that an administrator will have to explicitly start the service.
Disabled means that the service will not be available. A best practice
is to set services that you know you will not use to either Manual or
Disabled. By stopping or disabling a service, you are reducing the
surface area for attack.
Next to the Service Accounts tab is the
Collation tab. Collation is all about language support for SQL Server. A
collation setting defines how SQL Server sorts and compares characters
that are stored in non-Unicode data types. Image what should happen if
you issued the statement SELECT * FROM Customers where State='MA'
and your state column data within the table was stored in lowercase, as in ma
.
Depending on which collation you were using, this query should either
return all the rows as expected or return nothing. The result depends on
if the collation was case insensitive or case sensitive.
Database Engine Configuration Page
The Database Engine Configuration page (see Figure 14) contains important security-related parameters that need to be addressed.
Figure 14. Database Engine Configuration page
This page in the wizard has
three tabs: Account Provisioning, Data Directories, and FILESTREAM. The
Account Provisioning tab allows you to define the kind of authentication
mode SQL Server will support. If you select just Windows Authentication
mode, only Windows users can connect to SQL Server. This situation is
problematic if you can’t use Active Directory or the local user store in
Windows. The other option in this case is Mixed Mode. In mixed mode,
you can still have Windows-authenticated users connect, but you could
also have a user credential that exists only within SQL Server. These
kinds of principals are called SQL logins.
SQL logins are very helpful in heterogeneous
environments when you have non-Microsoft clients connecting to SQL
Server. SQL Server authenticated accounts are easier to set up and use.
When SQL Server is installed, a few accounts are
created before anyone connects to SQL Server. The SA account is the
system administrator account and has access to everything within SQL
Server. This is the highest privileged account, and its credentials
should be protected. This tab allows you to enter a password for the SA
account; be sure to provide a complex one.
The “Specify SQL Server administrators” list box
contains all the users that you want to give system administrator
access. For some customers, Windows administrator users who install SQL
Server are not necessarily those who will manage it. In this case, the
Windows administrators would simply add whomever the DBA will be in the
“Specify SQL Server accounts” list box. For the purposes of our
evaluation of SQL Server, just click the Add Current User button, and
your Windows User account will be added as an administrator.
The Data Directories page (see Figure 15) within this wizard page is where you can specify the default folder paths of various databases within SQL Server.
Figure 15. Data Directories tab on the Database Engine Configuration Wizard page
In this example, all of the
directories are on the local C drive. For demonstration purposes, this
is fine, but on a production system, it’s best to spread different
database files on different physical hard drives. This is important for
user databases but is equally important for a system database called
tempdb, which is SQL Server’s scratch pad and is used by the server to
sort data in queries and perform many other data-intensive operations.
Thus, it is good to put tempdb on its own physical disk if possible.
The FILESTREAM tab is used to enable the
Filestream feature, which allows users to exceed the 2-GB storage limit
by placing the data on the file system. The Filestream feature manages
the integrity of the file and ensures that no one can directly affect
the data on the file system. As an added bonus, if you back up the
database, the files stored and managed by the Filestream feature will
also be included in the backup. You do not need to enable the Filestream
feature at this time. If you want to enable it after you install SQL
Server, you can do so using the SQL Server Configuration Manager.
Error and Usage Reporting Page
This page displays two options. The first option
is to opt in to send error information to Microsoft. The other option
is to send feature usage information anonymously to Microsoft. Although
some may be hesitant to do this because they fear sending sensitive
information over the Internet, this issue isn’t a concern, because these
options do not send raw data. Rather, these options will send error
codes and feature usage to Microsoft anonymously. This data is extremely
valuable to the SQL Server product team because it can answer questions
like “how often is this feature used?” In the end, by enabling these
options, you will indirectly improve the user experience of the product.
Installation Rules Page
The Installation Rules page will perform another
system configuration check, but this time, using yet a different set of
rules. You specify parameters such as whether the WMI service is on and
whether the file system is NTFS. There are no user-customizable actions
on this page.
Ready to Install Page
The Ready to Install page (see Figure 16) is the page you have probably been waiting for. It gives a detailed summary of what Setup plans to do.
Figure 16. Ready to Install page
At this point, you could click the Install
button and have the Setup application start performing the install, or
you could obtain the installation script by locating the file at the
bottom of the page. The “Configuration file path” setting points to a
configuration file that is automatically created based on your
selections on the previous wizard pages. If you wanted to perform a
silent or remote install, you could now use this configuration file.
If you are following along with this
installation, you can click the Install button now. This action will
start the install process. The duration of installation depends on how
many options you selected to be installed and what kind of platform you
are installing onto. When Setup is complete, you will be presented with
the Complete page. Here, you will find a link to the setup log file. If
bad things happened in the setup and it failed, the setup summary log
file is the first place to go to look into what might be wrong. If you
ever call Microsoft product support for any installation issues, finding
and sending this log will be one of the first tasks you will be asked
to do. The Complete page (see Figure 17) shows the location of the setup log files.
Figure 17. Complete page