Skip to main content

Posts

Showing posts from February, 2009

Ad hoc access to OLE DB provider has been denied

Using post SP2 SQL 7 (+ 2000 etc) attempting to access an OLEDB data source using OPENROWSET can produce the slightly spurious error:

Ad hoc access to OLE DB provider 'MSDASQL' has been denied. You must access this provider through a linked server.

In usual Microsoft style the message doesn't really mean what it says. From SQL 7 SP2 onwards MS by default blocked ad hoc query access with OLEDB. As the message suggests you could setup a linked server but that can be a real pain. Alternatively if you need ad hoc access server wide you could turn on ad hoc access for the SQL server you are using, explained in MS speak here:

http://support.microsoft.com/default.aspx?kbid=266008

Ah, but it's not that simple. A little more witchcraft is required. The following registry settings can be used to enable ad hoc access:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Providers] "DisallowAdhocAccess"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Pr…

Command line shut down or restart

Quite frequently all PCs in our office have to be restarted for various updates, configuration changes etc. We also have a policy of all PCs being turned off overnight and have become a little draconian in enforcing this - the electricity bills are huge otherwise!

A local or remote shut down or restart can be triggered using the command line.

shutdown [-i -l -s -r -a] [-f] [-m \\computername] [-t xx] [-c "comment"] [-d up:xx:yy]

No args Display this message (same as -?)
-i Display GUI interface, must be the first option
-l Log off (cannot be used with -m option)
-s Shutdown the computer
-r Shutdown and restart the computer
-a Abort a system shutdown
-m \\computername Remote computer to shutdown/restart/abort
-t xx Set timeout for shutdown to xx seconds
-c "comment" Shutdown comment (maximum of 127 characters)
-f Forces running applications to close without warning
-d [u] [p]:xx:yy The reason code for the shutdown
u is the user code
p is a planned shutdown code
xx is the …

Disable SSLv2 in IIS 6 for PCI Compliance

Anyone working on PCI Compliance will know the restrictions placed on IIS. The recommendations are only common sense but remarkably few companies have implemented them.

SSLv2
SSLv2 has always been full of holes and there is now very little need for it to be enabled on any server. Almost no clients require it and if it is enabled it is potentially a serious security problem.

Open Registry Editor.
Select HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
On the Edit menu select New then DWORD Value
Name the new value Enabled
Ensure the value is set to 0
Restart the server


Full details on disabling SSLv2 can be found in the following MS knowledge base article:
http://support.microsoft.com/kb/187498

Cryptographic Algorithms
If the scan for PCI compliance has picked up SSLv2 then it will almost certainly have warned about a number of weak algorithms (http://support.microsoft.com/kb/245030)

The following list need to be disabled to ensure the only Cip…

CFDOCUMENT Font Issues - Type 1

This has been reported many times but there are a number of issues with CFDOCUMENT and embedding fonts in PDFs - in particular in MX7. One client required a PDF to use the Dax font and had initially provided Type 1 fonts, these of courses didn't work as ColdFusion didn't recognise them. TrueType TTF fonts were then provided but still didn't work despite the fonts being installed in the system fonts folder and being correctly referenced by the font family name in the page CSS.

The core issue is that CFDOCUMENT will attempt to use the first version of a font with a matching font-family name - regardless of it's type. Our system had Type 1 and TrueType versions of Dax installed but CFDOCUMENT always tried to use the Type 1 version. The only way to resolve the issue was to completely remove the Type 1 version, the output now works perfectly!