SqlServerDsc
SqlServerDsc copied to clipboard
SqlSecureConnection: Should support the property HideInstance
The HideInstance is not supported in any resource yet, suggest adding it to either SqlServerSecureConnection or a another more suitable resource.
HideInstance is a property in the DB instances network properties and found via SQL Server Configuration Manager, see sample code:
## apply surface area configuration control 2.12
$WmiObject = @{
ComputerName = $SQLServer.NetName
Namespace = "root\Microsoft\SqlServer\ComputerManagement$($SQLServer.VersionMajor)"
Class = "ServerSettingsGeneralFlag"
Filter = "FlagName = 'HideInstance'"
}
$HideInstance = Get-WmiObject @WmiObject
if ($HideInstance.FlagValue -eq $false) {
Write-Verbose "Setting HideInstance to True."
$HideInstance.SetValue($true) | Out-Null
Write-Verbose "HideInstance set to True"
}
## apply surface area configuration control 8.2
$WmiObject = @{
ComputerName = $SQLServer.NetName
Namespace = "root\Microsoft\SqlServer\ComputerManagement$($SQLServer.VersionMajor)"
Class = "ServerSettingsGeneralFlag"
Filter = "FlagName = 'ForceEncryption'"
}
$ForceEncryption = Get-WmiObject @WmiObject
if ($ForceEncryption.FlagValue -eq $false) {
Write-Verbose "Setting ForceEncryption to True."
$ForceEncryption.SetValue($true) | Out-Null
Write-Verbose "ForceEncryption set to True"
}
Note $SQLServer is the SMO object
However this would only be half a solution as some client may wish to apply the certificate with this option.
Originally posted by @SQLHorizons in https://github.com/dsccommunity/SqlServerDsc/issues/1161#issuecomment-423769834
Agree this should be added to SqlServerDsc
. In the meantime If you want to do this with DSC you can use Registry
/ xRegistry
to achieve it.
xRegistry 'SqlSetHideInstance' {
Key = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\$($Node.SqlMajorVersion).$($Node.SqlInstanceName)\MSSQLServer\SuperSocketNetLib"
ValueName = 'HideInstance'
ValueType = 'DWord'
ValueData = '1'
Force = $true
}