Good day everyone. First time posting, so be gentle :) I've been asked to look at removing SSMS from my production servers, as an audit action item. The concern is that the auditors do not want any development tools available in production, with SSMS being one of the examples they gave. I've gone back and forth on whether I want to actually do this or not. On one hand, SSMS is important if the server goes to hell, it gives me a tool on the box to work with to do restores, or poke around in the server if things are crashing. It's a security blanket for when Very Bad Things happen. On the other hand...physical access to the server means that anyone with a bit of knowledge can give themselves SA access to the server using SSMS (I'm not going to outline how, that would be crazy, but it can be done). I realize physical access is usually game over anyway, but keeping someone out of SSMS would at least ensure that transparent data encryption cannot be turned off, and the attacker would still have to deal with encrypted data files and backups. I'm thinking that, if I have the servers set up with remote access to the DAC, I should be OK to remove it. But what are the risks at that point? What I'm wondering is what other production DBAs have done with this. Is it a bigger risk to remove SSMS from production, or to leave it there? Thanks!
I supported the SQL infrastructure for a very large bank in the US. We kept SSMS on all production servers. It is an admin tool, not a development tool. BIDS and SQL Server Data Tools is a development tool. Yes you could remove it and enable remote DAC, but why put yourself at risk. The same users who you would be preventing from using SSMS would still have the ability to get around SSMS not being on the server. Honestly to me it sounds like a wasted effort and an auditor that is over zealous. It just seems like a big wasted effort. If your servers are properly behind firewalls and locked down it is a moot point.