外围应用配置器Surface Area Configuration

适用对象: yesSQL ServeryesAzure SQL 数据库noAzure SQL 数据仓库no并行数据仓库APPLIES TO: yesSQL Server noAzure SQL Database noAzure SQL Data Warehouse noParallel Data Warehouse

在新安装的 SQL ServerSQL Server的默认配置中,许多功能并未启用。In the default configuration of new installations of SQL ServerSQL Server, many features are not enabled. SQL ServerSQL Server 只是有选择地安装和启动关键服务和功能,以最大限度地减少可能受到恶意用户攻击的功能数。selectively installs and starts only key services and features, to minimize the number of features that can be attacked by a malicious user. 系统管理员可以在安装时更改这些设置,也可以有选择地启用或禁用运行中的 SQL ServerSQL Server实例的功能。A system administrator can change these defaults at installation time and also selectively enable or disable features of a running instance of SQL ServerSQL Server. 此外,如果从其他计算机进行连接,则在配置协议之前某些组件可能不可用。Additionally, some components may not be available when connecting from other computers until protocols are configured.

备注

与新安装不同,升级期间不会关闭任何现有服务或功能;但在升级完成后可应用其他外围应用配置器选项。Unlike new installations, no existing services or features are turned off during an upgrade, but additional surface area configuration options can be applied after the upgrade is completed.

协议、连接和启动选项Protocols, Connection, and Startup Options

使用 SQL ServerSQL Server 配置管理器可以启动和停止服务,配置启动选项,以及启用协议和其他连接选项。Use SQL ServerSQL Server Configuration Manager to start and stop services, configure the startup options, and enable protocols and other connection options.

启动 SQL Server 配置管理器To start SQL Server Configuration Manager

  1. “开始” 菜单中,依次指向 “所有程序”Microsoft SQL Server 2017Microsoft SQL Server 2017“配置工具” ,然后单击 “SQL Server 配置管理器”On the Start menu, point to All Programs, point to Microsoft SQL Server 2017Microsoft SQL Server 2017, point to Configuration Tools, and then click SQL Server Configuration Manager.

    • 使用 “SQL Server 服务” 区域可以启动组件并配置自动启动选项。Use the SQL Server Services area to start components and configure the automatic starting options.

    • 使用“SQL Server 网络配置” 区域可以启用连接协议和连接选项(如,TCP/IP 固定端口或强制加密)。Use the SQL Server Network Configuration area to enable connection protocols, and connection options such as fixed TCP/IP ports, or forcing encryption.

有关详细信息,请参阅 SQL Server Configuration ManagerFor more information, see SQL Server Configuration Manager. 此外,远程连接还取决于是否对防火墙进行了正确配置。Remote connectivity can also depend upon the correct configuration of a firewall. 有关详细信息,请参阅 配置 Windows 防火墙以允许 SQL Server 访问For more information, see Configure the Windows Firewall to Allow SQL Server Access.

启用和禁用功能Enabling and Disabling Features

可以使用 SQL ServerSQL Server 中的方面来配置启用和禁用 SQL Server Management StudioSQL Server Management Studio功能。Enabling and disabling SQL ServerSQL Server features can be configured using facets in SQL Server Management StudioSQL Server Management Studio.

使用方面配置外围应用To configure surface area using facets

  1. Management StudioManagement Studio 中,连接到 SQL ServerSQL Server 的组件。In Management StudioManagement Studio connect to a component of SQL ServerSQL Server.

  2. 在对象资源管理器中,右键单击服务器,然后单击“方面” 。In Object Explorer, right-click the server, and then click Facets.

  3. 在“查看方面” 对话框中,展开“方面” 列表,然后选择相应的“外围应用配置器” 方面(“外围应用配置器” 、“Analysis Services 的外围应用配置器” 或“Reporting Services 的外围应用配置器” )。In the View Facets dialog box, expand the Facet list, and select the appropriate Surface Area Configuration facet (Surface Area Configuration, Surface Area Configuration for Analysis Services, or Surface Area Configuration for Reporting Services).

  4. “方面属性” 区域,选择要用于每个属性的值。In the Facet properties area, select the values that you want for each property.

  5. 单击“确定”。 Click OK.

若要定期检查某个方面的配置,请使用基于策略的管理。To periodically check the configuration of a facet, use Policy-Based Management. 有关基于策略的管理的详细信息,请参阅 使用基于策略的管理来管理服务器For more information about Policy-Based Management, see Administer Servers by Using Policy-Based Management.

也可以使用 sp_configure 存储过程来设置 数据库引擎Database Engine 选项。You can also set 数据库引擎Database Engine options using the sp_configure stored procedure. 有关详细信息,请参阅 服务器配置选项 (SQL Server)版本的组合自动配置的最大工作线程数。For more information, see Server Configuration Options (SQL Server).

若要更改 EnableIntegrated Security SSRSSSRS属性,请使用 SQL Server Management StudioSQL Server Management Studio中的属性设置。To change the EnableIntegrated Security property of SSRSSSRS, use the property settings in SQL Server Management StudioSQL Server Management Studio. 若要更改“预定事件和报表传递” 属性和“Web 服务和 HTTP 访问” 属性,请编辑 RSReportServer.config 配置文件。To change the Schedule events and report delivery property and the Web service and HTTP access property, edit the RSReportServer.config configuration file.

命令提示符选项Command-prompt Options

使用 Invoke-PolicyEvaluationSQL ServerSQL Server PowerShell cmdlet 可以调用外围应用配置器策略。Use the Invoke-PolicyEvaluationSQL ServerSQL Server PowerShell cmdlet to invoke Surface Area Configuration Policies. 有关详细信息,请参阅 使用数据库引擎 cmdletsFor more information, see Use the Database Engine cmdlets.

SOAP 和 Service Broker 端点SOAP and Service Broker Endpoints

若要关闭端点,请使用基于策略的管理。To turn endpoints off, use Policy-Based Management. 若要创建和更改端点的属性,可使用 CREATE ENDPOINT (Transact-SQL)ALTER ENDPOINT (Transact-SQL)To create and alter the properties of endpoints, use CREATE ENDPOINT (Transact-SQL) and ALTER ENDPOINT (Transact-SQL).

SQL Server 数据库引擎和 Azure SQL Database 的安全中心Security Center for SQL Server Database Engine and Azure SQL Database

sp_configure (Transact-SQL)sp_configure (Transact-SQL)