ࡱ>  g2ɀ\p Sain, Joe Ba==-x`c/8X@"1Arial1Arial1 Arial1 Arial1Arial1Arial1 Arial1Arial1Arial1Arial1Arial1Arial1Calibri1 Calibri1Calibri14Calibri1 Calibri1Calibri1Arial1Calibri1,>Calibri1>Calibri1>Calibri1 Arial1>Calibri14Calibri1<Calibri1?Calibri1h>Cambria1Calibri1Calibri1>Arial1Arial1Arial1Arial1 Arial"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_)"Yes";"Yes";"No""True";"True";"False""On";"On";"Off"],[$ -2]\ #,##0.00_);[Red]\([$ -2]\ #,##0.00\)                                                                      ff + ) , *      P  P         `              a    (|@ @    (|@ @  |@ @   (x  (| (t (p (p  X |@ @ !|@ @    8@ @ )|@ @ )|@ @ )|@ @  (8@ @ )|@ @  ")|@ @  #)|@ @  $(x@ @  (x@ @   (p- |@ @ - (|@ @ - h@ @ - (|@ @ - |@ @ - H- (x |@   h@ @  (|@ @  H ||e }A} 00_)ef[$ -}A} 00_)ef[$ -}A} 00_)ef[$ -}A} 00_)ef[$ -}A} 00_)ef[$ -}A} 00_)ef [$ -}A} 00_)L[$ -}A} 00_)L[$ -}A} 00_)L[$ -}A} 00_)L[$ -}A} 00_)L[$ -}A} 00_)L [$ -}A} 00_)23[$ -}A} 00_)23[$ -}A} 00_)23[$ -}A} 00_)23[$ -}A}  00_)23[$ -}A}! 00_)23 [$ -}A}" 00_)[$ -}A}# 00_)[$ -}A}$ 00_)[$ -}A}% 00_)[$ -}A}& 00_)[$ -}A}' 00_) [$ -}A}( 00_)[$ -}}) }00_)[$ -##0.  }}* 00_)[$ -???##0.??? ??? ???}-}/ 00_)}(}0  00_)}A}1 a00_)[$ -}A}2 00_)[$ -}A}3 00_)?[$ -}A}4 00_)23[$ -}-}5 00_)}(}6  00_)}}7 ??v00_)̙[$ -##0.  }A}8 }00_)[$ -}A}9 e00_)[$ -}x};00_)[$##  }}< ???00_)[$???## ???  ??? ???}-}> 00_)}U}? 00_)[$## }-}@ 00_)}<}B 00_)[$}(}D00_)}(}E00_)}x}F00_)[$## ??? ???}d}G00_)[$ ## ??? }d}H00_)[$ ## ??? }x}I00_)[$## ??? ???}d}J00_)[$ ## ??? }<}M  h00_)[$}(}Q00_)}(}S00_)}(}T 00_)}<}U 00_)[$}<}V """00_)[$}(}W00_)}x}Y|00_)[$## ??? ???}(}Z|00_)}(}[|00_)}(}\|00_)}(}]|00_)}(}^|00_)}(}_|00_)}x}`00_)[$## ??? ???}<}a00_)[$}(}b00_)}(}c00_)}(}d00_) 20% - Accent1M 20% - Accent1 ef % 20% - Accent2M" 20% - Accent2 ef % 20% - Accent3M& 20% - Accent3 ef % 20% - Accent4M* 20% - Accent4 ef % 20% - Accent5M. 20% - Accent5 ef % 20% - Accent6M2 20% - Accent6  ef % 40% - Accent1M 40% - Accent1 L % 40% - Accent2M# 40% - Accent2 L渷 % 40% - Accent3M' 40% - Accent3 L % 40% - Accent4M+ 40% - Accent4 L % 40% - Accent5M/ 40% - Accent5 L % 40% - Accent6M3 40% - Accent6  Lմ % 60% - Accent1M 60% - Accent1 23 % 60% - Accent2M$ 60% - Accent2 23ږ % 60% - Accent3M( 60% - Accent3 23כ % 60% - Accent4M, 60% - Accent4 23 % 60% - Accent5M0 60% - Accent5 23 %! 60% - Accent6M4 60% - Accent6  23 % "Accent1AAccent1 O % #Accent2A!Accent2 PM % $Accent3A%Accent3 Y % %Accent4A)Accent4 d % &Accent5A-Accent5 K % 'Accent6A1Accent6  F %(Bad9Bad  %) Calculation Calculation  }% * Check Cell Check Cell  %????????? ???+ Comma,( Comma [0]-&Currency.. Currency [0]/Explanatory TextG5Explanatory Text %0 F Followed Hyperlink   1Good;Good  a%2 Heading 1G Heading 1 I}%O3 Heading 2G Heading 2 I}%?4 Heading 3G Heading 3 I}%235 Heading 49 Heading 4 I}%64 Hyperlink   7InputuInput ̙ ??v% 8 Linked CellK Linked Cell }% 9NeutralANeutral  e%"Normal: Normal 10 2 ;Noteb Note   <OutputwOutput  ???%????????? ???=$Percent >Title1Title I}% ?TotalMTotal %OO@ Warning Text? Warning Text %XTableStyleMedium2PivotStyleLight168"""T3ffff̙̙3f3fff3f3f33333f33333\` MS SQL 2005 (1) ALTER DATABASE((1) set of audits (2) list of permissons(1) database name Rule ID: V0002458 Rule Title: Permissions on system tables should be restricted to authorized accounts. STIG ID: DM1749 Severity: CAT II Class: UnclassRule ID: V0015644 Rule Title: Attempts to bypass access controls should be audited. STIG ID: DG0141 Severity: CAT II Class: UnclassRule ID: V0015651 Rule Title: Remote DBMS administration should be documented and authorized or disabled. STIG ID: DG0157 Severity: CAT II Class: Unclass%(1) EXEC SP_CONFIGURE (2) RECONFIGURERule ID: V0015645 Rule Title: Changes to configuration options should be audited. STIG ID: DG0142 Severity CAT II Class: UnclassRule ID: V0003823 Rule Title: Custom and GOTS application source code stored in the database should be protected with encryption or encoding. STIG ID: DG0091 Severity: CAT III Class: UnclassRule ID: V0015197 Rule Title: Dedicated accounts should be designated for SQL Server Agent proxies. STIG ID: DM6140 Severity: CAT II Class: Unclass(1) ALTER SYMMETRIC KEY|Rule ID: V0015638 Rule Title: DBMS default account names should be changed. STIG ID: DG0131 Severity: CAT III Class: Unclass(1) ALTER LOGIN Rule ID: V0003835 Rule Title: The SQL Server service should use a least-privileged local or domain user account STIG ID: DM0924 Severity: CAT II Class: UnclassCCE IDRule ID: V0015194 Rule Title: Only authorized accounts should be assigned to one or more Analysis Services database roles. STIG ID: DM6109 Severity: CAT II Class: UnclassRule ID: V0015148 Rule Title: DBMS network communications should comply with PPS usage restrictions. STIG ID: DG0152 Severity: CAT II Class: UnclassRule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: UnclassRule ID: V0015203 Rule Title: Reporting Services Windows Integrated Security should be disabled. STIG ID: DM6122 Severity: CAT II Class: UnclassRule ID: V0015168 Rule Title: Symmetric keys should use a master key, certificate, or asymmetric key to encrypt the key. STIG ID: DM6183 Severity: CATII Class: UnclassRule ID: V0015187 Rule Title: Linked server providers should not allow ad hoc access. STIG ID: DM6155 Severity: CAT II Class: UnclassRule ID: V0015608 Rule Title: Access to DBMS software files and directories should not be granted to unauthorized users. STIG ID: DG0009 Severity: CAT II Class: UnclassEThe Analysis Services server role should be configured appropriately DBMS settings to clear residual data from memory, data objects or files, or other storage locations should be configured appropriately.(1) ALTER PROCEDURERule ID: V0015210 Rule Title: The Agent XPs option should be set to disabled if not required. STIG ID: DM6198 Severity: CAT II Class: UnclassRule ID: V0015137 Rule Title: Error log retention shoud be set to meet log retention policy. STIG ID: DM3930 Severity: CAT II Class: Unclass;(1) '[proxy name]' (2) set of permissons (3) group of users(1) ALTER MASTER KEYRule ID: V0015153 Rule Title: DBMS account passwords should be set to expire every 60 days or more frequently. STIG ID: DG0125 Severity: CAT II Class: Unclass?Passwords for DBMS default accounts should be set appropriately4(1) user name (2) WITH CHECK_EXPIRATION [ ON | OFF ]Rule ID: V0002463 Rule Title: DDL permissions should be granted only to authorized accounts. STIG ID: DM1760 Severity: CAT II Class: UnclassCCE Parameters(1) EXEC SP_CONFIGURE Rule ID: V0002464 Rule Title: Execute stored procedures at startup, if enabled, should have a custom audit trace defined. STIG ID: DM1761 Severity: CAT II Class: Unclass>XML Web Services endpoints should be configured appropriately Rule ID: V0015188 Rule Title: Analysis Services Required Protection Level should be set to 1. STIG ID: DM6101 Severity: CAT I Class:UnclassORequired auditing parameters for database auditing should be set appropriately Rule ID: V0002426 Rule Title: C2 Audit mode should be enabled or custom audit traces defined. STIG ID: DG0510 Severity: CAT II Class: UnclassRule ID: V0015181 Rule Title: Analysis Services user-defined COM functions should be disabled if not required. STIG ID: DM6099 Severity: CAT II Class: UnclassRule ID: V0015161 Rule Title: The Database Master Key should be encrypted by the Service Master Key where required. STIG ID: DM6179 Severity: CATII Class: UnclassRule ID: V0015124 Rule Title: The Named Pipes network protocol should be documented and approved if enabled. STIG ID: DM6015 Severity: CAT II Class: UnclassPAnalysis Services Required Protection Levels should be configured appropriately (1) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ MSSQL.[#] \ MSSQLServer \ SuperSocketNetLib \ IPAll \ TCPDynamicPorts (2) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ MSSQL.[#] \ MSSQLServer \ SuperSocketNetLib \ IPAll \ TcpPortRule ID: V0015202 Rule Title: Use of Command Language Runtime objects should be disabled if not required. STIG ID: DM6123 Severity: CAT III Class: UnclassRule ID: V0002488 Rule Title: SQL Server Agent CmdExec or ActiveScripting jobs should be restricted to sysadmins. STIG ID: DM3763 Severity: CAT II Class: Unclass (1) EXEC SP_CONFIGURERule ID: V0015142 Rule Title: Asymmetric keys should use DoD PKI Certificates and be protected in accordance with NIST (unclassified data) or NSA (classified data) approved key management and processes. STIG ID: DG0166 Severity: CAT II Class: Unclass+(1) account creation (2) list of privelegesC(1) SP_ENUM_PROXY_FOR_SUBSYSTEM (2) EXEC SP_REVOKE_LOGIN_FROM_PROXY\(1) msmdsrv.ini (2) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SqlProgramDir(1) ALTER LOGINRule ID: V0015648 Rule Title: Access to the DBMS should be restricted to static, default network ports. STIG ID: DG0151 Severity: CAT II Class: UnclassRule ID: V0003335 Rule Title: SQL Mail, SQL Mail Extended Stored Procedures (XPs) and Database Mail XPs are required and enabled. STIG ID DM0900 Severity: CAT II Class: UnclassRule ID: V0015125 Rule Title: Only authorized users should be assigned permissions to SQL Server Agent proxies. STIG ID: DM6045 Severity: CAT II Class: Unclass"(1) defined by the object's DACL -(1) database_name (2) database_snapshot_nameRule ID: V0015199 Rule Title: Reporting Services Web service requests and HTTP access should be disabled if not required. STIG ID: DM6120 Severity: CAT III Class: UnclassRule ID: V0015609 Rule Title: Default demonstration and sample database objects and applications should be removed. STIG ID: DG0014 Severity: CAT II Class: Unclass3(1) show advanced options (2) default trace enabledRule ID: V0015183 Rule Title: The Analysis Services ad hoc data mining queries configuration option should be disabled if not required. STIG ID: DM6085 Severity: CAT II Class: UnclassOAuditing attempts to bypass access controls should be configured appropriately.'(1) username (2) WITH NAME = [new name]{Rule ID: V0015180 Rule Title: Analysis Services permissions to data sources STIG ID: DM6193 Severity: CAT II Class: UnclassPAccess to registry exended stored procedures should be configured appropriately.Rule ID: V0002500 Rule Title: Trace Rollover should be enabled for audit traces that have a maximum trace file size. STIG ID: DM5267 Severity: CAT II Class: Unclass#(1) sp_control_dbmasterkey_password=SQL Server authentication should be configured appropriately.LAccess to Analysis Services data sources should be configured appropriately.(1) EXEC XP_LOGINCONFIG (1) list of rolesEDBMS account passwords expiration should be configured appropriately Rule ID: V0015152 Rule Title: DBMS login accounts require passwords to meet complexity requirements. STIG ID: DG0079 Severity: CAT II Class: UnclassRule ID: V0015176 Rule Title: SQL Server event forwarding, if enabled, should be operational. STIG ID: DM6030 Severity: CAT II Class: UnclassRule ID: V0015654 Rule Title: DBMS symmetric keys should be protected in accordance with NSA or NIST-approve< d key management technology or processes. STIG ID: DG0138 Severity: CAT II Class: UnclassqDefault demonstration and sample database objects and applications should be available or removed as appropriate.Rule ID: V0015635 Rule Title: DBMS default accounts should be assigned custom passwords. STIG ID: DG0128 Severity: CAT I Class: Unclass(1) REVOKE / GRANTRule ID: V0015182 Rule Title: Replication snapshot folders should be protected from unauthorized access. STIG ID: DM6075 Severity: CAT II Class: UnclassRule ID: V0015607 Rule Title: Application objects should be owned by accounts authorized for ownership. STIG ID: DG0008 Severity: CAT II Class: Unclass(1) DROP DATABASERule ID: V0002473 Rule Title: Registry extended stored procedures should be restricted to sysadmin access. STIG ID: DM2119 Severity: CAT II Class: Unclass(1) EXEC SP_TRACE_SETSTATUSRule ID: V0015211 Title: The SMO and DMO SPs option should be set to disabled if not required. STIG ID: DM6199 Severity: CAT II Class: UnclassRule ID: V0015193 Rule Title: The Analysis Services server role should be restricted to authorized users. STIG ID: DM6108 Severity: CAT II Class: UnclassRule ID: V0015646 Rule Title: Audit records should contain required information. STIG ID: DG0145 Severity: CAT II Class: Unclass?http://msdn.microsoft.com/en-us/library/ms186265(v=sql.90).aspxRule ID: V0015107 Rule Title: DBMS privileges to restore database data or other DBMS configurations, features or objects should be restricted to authorized DBMS accounts. STIG ID: DG0063 Severity: CAT II Class: UnclassRule ID: V0015184 Rule Title: Analysis Services Anonymous Connections should be disabled. STIG ID: DM6086 Severity: CAT II Class: UnclassRule ID: V0015173 Rule Title: Database TRUSTWORTHY status should be authorized and documented or set to off. STIG ID: DM6195 Severity: CAT II Class: Unclass (1) ALTER LOGIN (2) CHECK_POLICYRule ID: V0015166 Rule Title: Database Engine Ad Hoc distributed queries should be disabled. STIG ID: DM6160 Severity: CAT II Class: UnclasskRule ID: V0015172 Rule Title: Object permissions should not be assigned to PUBLIC or GUEST. STIG ID: DM6196/(1) username (2) WITH PASSWORD [ new password ]Rule ID: V0015204 Rule Title: Analysis Services Links to Objects should be disabled if not required. STIG ID: DM6087 Severity: CAT II Class: Unclass (1) TraceID(1) CREATE / DROP ENDPOINT(1) REVOKE / GRANT CONTROLRule ID: V0015162 Rule Title: Database Master Key passwords should not be stored in credentials within the database. STIG ID: DM6180 Severity: CATII Class: Unclass3(1) list of permissions/roles (2) group of accountsRule ID: V0005683 Rule Title: Application object owner accounts should be disabled when not performing installation or maintenance actions. STIG ID: DG0004 Severity: CAT II Class: UnclassRule ID: V0015614 Rule Title: The DBMS should be configured to clear residual data from memory, data objects and files, and other storage locations. STIG ID: DG0084 Severity: CAT III Class: UnclassRule ID: V0015206 Rule Title: Only authorized XML Web Service endpoints should be configured on the server STIG ID: DM6126 Severity: CAT II Class: Unclass0(1) SP_DROPSRVROLEMEMBER (2) SP_ADDSRVROLEMEMBERRule ID: V0015159 Rule Title: The Database Master key encryption password should meet DoD password complexity requirements. STIG ID: DM6175 Severity: CAT II Class: Unclass Rule ID: V0015198 Rule Title: The Web Assistant procedures configuration option should be disabled if not required. STIG ID: DM6130 Severity: CAT II Class: UnclassxRule ID: V0015643 Rule Title: Access to DBMS security should be audited. STIG ID: DG0140 Severity: CAT II Class: UnclassRule ID: V0002487 Rule Title: SQL Server authentication mode should be set to Windows authentication mode or Mixed mode. STIG ID: DM3566 Severity: CAT II Class: Unclass(1) server agent proxies@Fixed server roll membership should be configured appropriately.Rule ID: V0015178 Rule Title: Replication databases should have authorized db_owner role members. The replication monitor role should have authorized members. STIG ID: DM6070 Severity: CAT II Class: Unclass/(1) @traceid (2) @eventid (3) @columnid (4) @on(1) Analysis Services Database@(1) show advanced options (2) common criteria compliance enabledRule ID: V0002461 Rule Title: Extended stored procedure xp_cmdshell should be restricted to authorized accounts. STIG ID: DM1758 Severity: CAT I Class: Unclass(1) enable/disableRule ID: V0003336 Rule Title: SQL Server Agent email notification usage if enabled should be documented and approved by the IAO. STIG ID: DM0901 Severity: CAT II Class: Unclass?http://msdn.microsoft.com/en-us/library/ms186937(v=sql.90).aspx.(1) object owners (2) defined by objects DACLRule ID; V0002472 Rule Title: OLE Automation extended stored procedures should be restricted to sysadmin access STIG ID: DM2095 Severity: CAT II Class: Unclass(1) EXEC SP_TRACE_SETEVENTRule ID: V0003838 Rule Title: SQL Server registry keys should be properly secured. STIG ID: DM0927 Severity: CAT II Class: UnclassQAccess to DBMS software files and directories should be configured appropriately.Rule ID: V0015205 Rule Title: Reporting Services scheduled events and report delivery should be disabled if not required. STIG ID: DM6121 Severity: CAT III Class: UnclassRule ID: V0002427 Rule Title: Fixed Server roles should have only authorized users or groups assigned as members STIG ID: DG0510 Severity: CAT II Class: UnclassRule ID: V0005685 Rule Title: Required auditing parameters for database auditing should be set. STIG ID: DG0029 Severity: CAT II Class: UnclassRule ID: V0002485 Rule Title: Remote access should be disabled if not authorized. STIG ID: DM2142 Severity: CAT II Class: UnclassHRemote DBMS administration should be enabled or disabled as appropriate.(1) @loginname (2) @rolename:Audit records contents should be configured appropriately.Rule ID: V0015190 Rule Title: Analysis Services Security Package List should be disabled if not required. STIG ID: DM6103 Severity: CAT II Class: UnclassRule ID: V0015186 Rule Title: Analysis Services Links From Objects should be disabled if not required STIG ID: DM 6088 Severity: CAT II Class: UnclassTThe port which Sql Server Analysis Services uses should be configured appropriately.(1) [ 0 | port number ]AThe ports which the DBMS uses should be configured appropriately.BAccess to ActiveScripting jobs should be configured appropriately.FAccess to SQL Server Agent CmdExec should be configured appropriately.#(1) EXEC SP_REVOKE_LOGIN_FROM_PROXY"(1) '[login name]' (2) @proxy_nameKDISA STIG SQL 2005 DB Version 8, Release 1.7 Benchmark Date: 27 August 2010LDISA STIG SQL 2005 INS Version 8, Release 1.7 Benchmark Date: 27 August 2010%(1) set of accounts (2) database name#(1) list of users (2) database name6(1) CREATE (2) ALTER (3) DROP (1) REVOKE/GRANT CONTROL5The built-in 'sa' account should be correctly named. CThe Database Mail XPs should be enabled or disabled as appropriate.From the SQL Server Management Studio GUI: 1. Right click on SQL Server Agent 2. Select Properties 3. Select Alert System 4. Check or uncheck the "Enable Mail profile.QAccess extended stored procedure xp_cmdshell should be configured appropriately =The xp_cmdshell should be enabled or disabled as appropriate.(1) enabled/disabled(1) user/role (2) Grant/Revoke0(1) database name (2) SET TRUSTWORTHY [on | off](1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) ComUdfEnabled or From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Feature \ ComUdfEnabled 5. Select value = 'true or false' 6. Click OK (1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) LinkFromOtherInstanceEnabled or From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. R< ight click on the Analysis Services instance 3. Select Properties 4. View the value listed for Feature \ LinkFromOtherInstanceEnabled 5. Select value = 'true or false' 6. Click Ok.(1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) LinkToOtherInstanceEnabled or From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Feature \ LinkToOtherInstanceEnabled 5. Select value = 'true or false' 6. Click OK(1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) RequireClientAuthentication or From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Security \ RequireClientAuthentication 5. Select value = 'true or false' 6. Click OK@Replication snapshot folders should be configured appropriately.dFrom the SQL Server Configuration Manager GUI: 1. Expand SQL Server 2005 Network Configuration 2. Repeat for each instance: a. Select Protocols for [instance name] b. Double-click Named Pipes. c. Select Yes or No as the value. d. Click OK 3. Click OK (acknowledge change won't take place until next restart) 4. Exit the SQL Server Configuration Manager GUI$(1) encryption option (2) key option%(1) enabled/disabled (2) xp_cmdshellFrom the SQL Server Management Studio GUI: 1. Connect/expand SQL Server 2. Expand Databases 3. Expand System databases 4. Expand Master 5. Expand Programmability 6. Expand Extended Stored Procedures 7. Expand System Extended Stored Procedures 8. Locate and select each of the Registry extended stored procedures listed in the Check section 9. Right click on the extended stored procedure 10. Select Properties 11. Click on the Permissions page 12. Select each user or role and select or deselect the Grant (and With Grant if checked) permissions from all users, database roles and public except from SYSADMINs and authorized roles when permitted 13. Click OK7Error log retention should be configured appropriately.(1) database name @The SMO and DMO XPs options should be configured appropriately :The Agent XPs options should be configured appropriately ?Ad Hoc distributed queries should be configured appropriately VThe Web Assistant procedures configuration option should be configured appropriately ECommand Language Runtime objects should be configured appropriately \Reporting Services Windows Integrated Security accounts should be configured appropriately TReporting Services Web service requests and HTTP should be configured appropriately QAnalysis Services user-defined COM functions should be configured appropriately JAnalysis Services Links to Objects is should be configured appropriately TAd hoc data mining queries configuration option should be configured appropriately @SQL Server event forwarding should be configured appropriately ANamed Pipes network protocol should be configured appropriately. 4Trace rollover should be configured appropriately. 2Remote access should be configured appropriately KOLE Automation extended stored procedures should configured appropriately. ;SQL Server Agent Email should be configured appropriately 5C2 Audit records should be configured appropriately  (1) enable/disable * (1) SMO and DMO XPs (2) enabled/disabled ! (1) Agent XPs (2) enable/disable(1) tag level values (1) enable/disable ~(1) enable/disable (2) trace_id (3) trace_file (4) max_file_size (5) stop_time (6) max_rollover_files (2) value query (remove)(1) ALTER MASTER KEY ePermissions using the WITH GRANT OPTION for a specified database should be configured appropriately iThe Database Master key encryption password for a specified database should be configured appropriately UThe Database Master Key for the specified database should be encrypted appropriately.jStorage of the database master key password for a speicifed database should be configured appropriately. ZProtection of symmetric keys for a specified database should be configured appropriately lObject permissions assigned to PUBLIC or GUEST for a specified database should be configured appropriately. DBMS privileges to restore database data or other DBMS configurations, features or objects in a specified database should be configured appropriately./(1) remote admin connections (2) enable/disable$(1) enable/disable (2) c2 audit mode (1) enabled/disabled? The SQL Mail XPs should be enabled or disabled as appropriate.3 (1) 'scan for startup procs' (2) enabled/disabled (1) local account5(1) EXEC SP_DROPROLEMEMBER (2) EXEC SP_ADDROLEMEMBER 1(1) enable/disable (2) 'Web Assistant procedures'XDatabase TRUSTWORTHY status for a specific database should be configured appropriately O"Disallow adhoc access" for linked servers should be configured appropriately \The permissions of the SQL Server Agent proxy accounts should be configured appropriately. c The db_owner role members for a specified replication database should be configured appropriately.8 From the SQL Server Management Studio GUI: 1. Expand Database 2. Expand Server Objects 3. Expand Linked Servers 4. Expand Providers 5. For each Provider listed: a. Right click on Provider name b. Select Properties c. Click on do not click the Enable check box for Name = Disallow adhoc access d. Click OK buttonS The "scan for startup procs" setting should be enabled or disabled as appropriate.-(1) set of accounts (2) list of permissions Rule ID: V0003727 Rule Title: Database applications should be restricted from using static DDL statements to modify the application schema for a specified database. STIG ID: DG0015 Severity: CAT II Class: UnclassK(1) list of permissons (2) [object] (3) [public or guest] (4) dtaabase name_ Application object owner accounts for a specified database should be configured appropriately.i Application object owner accounts for a specified database should be enabled or disabled as appropriate.Database application permissions allowing DDL statements to modify the application schema for a specified database should be configured appropriately.x Custom and GOTS application source code for a specified databased should be encrypted or not encrypted as appropriate. f Access to manage the database master key for a specified database should be configured appropriately.YPermissions on system tables for a specified database should be configured appropriately cDDL permissions for a specified database and specified account should be configured appropriately C The default audit trace option should be configured appropriately.= SQL Server Agent proxies should be configured appropriately.f Reporting Services scheduled events and report delivery should be enabled or disabled as appropriate.< From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Expand the Analysis Services instance 3. Expand Databases 4. Repeat for each database: a. Click on each database role b. Open the member list c. Select any unauthorized users d. Click or unclick the Remove button e. Click OK From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. Select the Security page 5. Select any unauthorized user to remove 6. Click or do not click the Remove button 7. Click OKS The SQL Server Service for a specified instance should be configure appropriately.S Analysis Services Links From Objects should be enabled or disabled as appropriate. From Surface Area Configuration for Features: 1. Connect to the Report Services instance 2. Expand the instance 3. Expand Report Services 4. Select Web Service Requests and HTTP Access 5. Click on or do not click on Enable Web Service Requests and HTTP access check box 6. Click OK From Surface Area Configuration for Features: 1. Connect to the Report Services instance 2. Exp< and the instance 3. Expand Report Services 4. Select Scheduled events and report delivery 5. Click or do not click on the Scheduled events and report delivery check box 6. Click OK From Surface Area Configuration for Features: 1. Connect to the Report Services instance 2. Expand the instance 3. Expand Report Services 4. Select Windows Integrated Security 5. Click on or do not click on Windows Integrated Security check box 6. Click OK'(1) net user /add@(1) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ MSSQL.# \MSSQLServer \ NumErrorLogs (2) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ Instance Names \ SQL\[instance name] or From the SQL Server Management Studio GUI: 1. Connect to and expand the SQL Server instance 2. Expand Management 3. Right-click on SQL Server Logs 4. Select Configure 5. Under the General Page, select or deselect Limit the number of error logs before they are recycled 6. Enter the number of error log files determined for the SQL Server instance 7. Click OK From Windows Explorer: 1. Administrators/DBAs: assign appropriate permission 2. Snapshot Agents: assign appropriate permission 3. Merge, Subscription, and Distribution agents: assign appropriate permission(1) msmdsrv.ini (2) [install dir] \ MSSQL.[#] \ OLAP \ Config directory. From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Security \ SecurityPackageList 5. Select value and delete or do not delete all unauthorized packages from the list 6. Click OK1(1) Sql Server Management Studio GUI \ Analysis Services Instance From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Port 5. Set value to IAO-approved value 6. Click OK (1)From the query prompt: USE [database name] SELECT DISTINCT u.name FROM sysusers u, sysobjects o WHERE u.uid = o.uid AND u.uid NOT IN ('1', '3', '4')x(1) USE [database name] SELECT USER_NAME(uid), name, crdate FROM sysobjects WHERE uid NOT IN (1, 3, 4)(1) member/not member(2) REVOKE / GRANT EXECUTE WHKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ Instance Names \RS \VHKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \MSSearch \\HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \SQLServerAgent \(1) granted/revokedCOwnership of the asymmetric keys should be configured appropriatelyDEncryption of the asymmetric keys should be configured appropriatelyYAuditing of unauthorized access to the asymmetric keys should be configured appropriately(1) HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Sever \ MSSQL.[#] \SQLServerAgent \ AlertForwardingServer or From the SQL Server Management Studio GUI: 1. Expand instance 2. Right-click on SQL Server Agent 3. Select Properties 4. Select the Advanced page 5. Click or do not click on Forward events to a different server check box 6. Click the OK button to save and close(1) audit/not audit(1) list of permissons (2) set of accounts (3) database nameZ DBMS login account password complexity requirements should be configured appropriately (1) EXEC SP_TRACE_CREATE [ @traceid = ] trace_id OUTPUT , [ @options = ] option_value , [ @tracefile = ] 'trace_file' [ , [ @maxfilesize = ] max_file_size ] [ , [ @stoptime = ] 'stop_time' ] [ , [ @filecount = ] 'max_rollover_files' ]5(1) database_name (2) db_owner' (3) '[account name]'F(1) Use the SQL command to assign permissions to the appropriate rolesKAccess to the ErrorLogFile should be audited or not audited as appropriate.T(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\SQLServerAgent\ErrorLogFilePAccess to the SQLPath directory should be audited or not audited as appropriate.N(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\{INSTANCE NAME}\Setup\SQLPathYAccess to the BackupDirectory directory should be audited or not audited as appropriate.U(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1 \MSSQLServer\BackupDirectory\Access to the FullTextDefaultPath directory should be audited or not audited as appropriate.Y(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1 \MSSQLServer\FullTextDefaultPathU(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Replication\WorkingDirectoryYAccess to the WorkingDirectory directory should be audited or not audited as appropriate.SAccess to the SQLBinRoot directory should be audited or not audited as appropriate.TAccess to the SQLDataRoot directory should be audited or not audited as appropriate.VAccess to the SQLProgramDir directory should be audited or not audited as appropriate.PAccess to the DataDir directory should be audited or not audited as appropriate.M(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\SQLProgramDirTHKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\SQLServerAgent\WorkingDirectoryK (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SQLDataRootJ (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SQLBinRootG (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SQLPathM (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SQLProgramDirG (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\DataDirJ (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\SQLBinRootH (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\SQLPathHKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1\SQLServerAgent\SQLServer2005SQLServerADHelperUser$[instance name]HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ Instance Names \RS \SQLServer2005ReportServerUser$[instancename] CCE-19557-8 CCE-19528-9 CCE-19358-1 CCE-19972-9 CCE-19571-9 CCE-19853-1 CCE-19878-8 CCE-19148-6 CCE-19173-4 CCE-19159-3 CCE-19789-7 CCE-19832-5 CCE-19670-9 CCE-19922-4 CCE-20019-6 CCE-19613-9 CCE-19862-2 CCE-19872-1 CCE-19877-0 CCE-19778-0 CCE-19947-1 CCE-19787-1 CCE-19842-4 CCE-19439-9 CCE-19990-1 CCE-19676-6 CCE-19962-0 CCE-20011-3 CCE-19080-1 CCE-19817-6 CCE-19511-5 CCE-19779-8 CCE-20001-4 CCE-19336-7 CCE-19762-4 CCE-19575-0 CCE-19873-9 CCE-19959-6 CCE-19837-4 CCE-19748-3 CCE-19916-6 CCE-19827-5 CCE-19950-5 CCE-19813-5 CCE-19741-8 CCE-19891-1 CCE-19453-0 CCE-19727-7 CCE-19808-5 CCE-19866-3 CCE-19577-6 CCE-19785-5 CCE-19640-2 CCE-19879-6 CCE-19560-2 CCE-19703-8 CCE-19802-8 CCE-20033-7 CCE-19418-3 CCE-19318-5 CCE-19302-9 CCE-19923-2 CCE-19738-4 CCE-19852-3 CCE-19494-4 CCE-19254-2 CCE-19325-0 CCE-19776-4 CCE-19356-5 CCE-19896-0 CCE-19967-9 CCE-19976-0 CCE-19172-6 CCE-20018-8 CCE-19786-3 CCE-19936-4 CCE-19839-0 CCE-19320-1 CCE-19771-5 CCE-19237-7 CCE-19244-3 CCE-20000-6 CCE-19744-2 CCE-19561-0 CCE-19897-8 CCE-19298-9 CCE-20032-9 CCE-19964-6 CCE-19664-2 CCE-19859-8 CCE-19876-2 CCE-19858-0 CCE-19974-5 CCE-19800-2 CCE-19844-0 CCE-19662-6 CCE-19756-6 CCE-19893-7 CCE-19484-5 CCE-19965-3 CCE-19868-9 CCE-19805-1 CCE-19455-5 CCE-19443-1 CCE-19882-0 CCE-19552-9 CCE-19944-8NAccess to the DefaultLog file should be audited or not audited as appropriate.KAccess to the ErrorDumpDir should be audited or not audited as appropriate.I(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\CPE\ErrorDumpDirO(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer\DefaultLogKThe SQL Server Database Service account should be configured appropriately.@The SQL Server Agent account should be configured appropriately.AThe Analysis Services account should be configured appropriately.DThe Integration Services account should be configured appropriately.BThe Reporting Services account should be configured appropriately.<EThe Notification Services account should be configured appropriately.BThe SQL Server Browser account should be configured appropriately.RThe SQL Server Active Directory Helper account should be configured appropriately.:The SQL Writer account should be configured appropriately.TThe SQL Server MSSearch registry key permissions should be configured appropriately.QThe SQL Server Agent registry key permissions should be configured appropriately.VThe SQLServerADHelperUser registry key permissions should be configured appropriately.NThe SQL Server RS registry key permissions should be configured appropriately.@The Full Text Search account should be configured appropriately._ The SQLServer2005ReportServerUser registry key permissions should be configured appropriately.W(1) Configure the SQL Server Database Service account via the Computer Management Tool.T(1) Configure the SQL Server Agent Service account via the Computer Management Tool.M(1) Configure the Analysis Services account via the Computer Management Tool.P(1) Configure the Integration Services account via the Computer Management Tool.N(1) Configure the Reporting Services account via the Computer Management Tool.Q(1) Configure the Notification Services account via the Computer Management Tool.L(1) Configure the Full Text Search account via the Computer Management Tool.N(1) Configure the SQL Server Browser account via the Computer Management Tool.^(1) Configure the SQL Server Active Directory Helper account via the Computer Management Tool.F(1) Configure the SQL Writer account via the Computer Management Tool.&(1) EXEC SP_CONFIGURE (2) RECONFIGUREMAnalysis Services Security Package List should be configured appropriately "(1) enable/disable (3) clr_enabled6(1) login_name (2) enable/disable (3) default_database"U(1) [procedure name] (2) WITH ENCRYPTION (3) Custom/GOTS procedures (4) Database Name)G(1) list of permissons (2) [object] (3) [user name] (4) [database name]4>(1) set of accounts (2) list of permissions (3) database name-Rule ID: V0002498 Rule Title : Permissions using the WITH GRANT OPTION should be granted only to DBA or application administrator accounts. STIG ID: DM5144 Severity: CAT II Class: UnclassL(1) | (2) password (3) database name.l(1) key_name (2) ENCRYPTION (3) [certificate | password | symmetric key | asymmetric key] (4) Database name[ (1) login name (2) on/off ~(1) EXEC XP_LOGINCONFIG From the SQL Server Management Studio GUI: 1. Navigate to the SQL Server instance name 2. Right-click on it 3. Select Properties 4. Select Security tab or page 5. Review Login Auditing selection 6. Select "Failed logins only" or "Both failed and successful logins" from the Login Auditing section 7. Apply changes 8. Exit the SQL Server Management Studio GUI  (1) on/off(1) user (2) xp_cmdshell  (1) revoke/grant  ((1) remote access', (2) enabled/disabled (1) 'login mode' (2) number (1) number of error logs (1) enable/disable ^(1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) AllowAdHocOpenRowsetQueries or From the SQL Server 2005 Surface Area Configuration GUI: 1. Click on Surface Area config for features 2. Expand Analysis Services 3. Select Ad Hoc Data Mining Queries 4. Enable or disable as necessary MAnalysis Services Anonymous Connections should be configured appropriately L  (1) list of packages  (1) usernames]Analysis Services database roles should be configured appropriately for a specified server. \3 (1) database name (2) database roles (3) usernames (1) enable/disable2 (1) ad hoc distributed queries (2) enable/disable CCE Technical MechanismsCCE DescriptionMicrosoft Online DocumentationLast modified: 2013-02-11Version: 5.201302148 F;>$"C EI H_MSQgTVFZ ^gaX @e i~ko!rsDvq~ >y ֆ<wF -D AX(*A !zZqʳ:Q1jø/'ʽ kc f^ccB g2ɀ  n  dMbP?_*+%&?'?(?)?M\\MBPS3\3M232A-HPS od,,LetterPRIV0''''X, \KhC%MSCXSMTJHHP Universal Printing PS (v5.2)HPDocUISUITrueESPRITSupportedTrueHPOrientationHPOrientationPortraitHPSmartDuplexSinglePageJobTrueHPSmartDuplexOddPageJobTrueHPOrientRotate180FalsePostScriptCustomPageSizeFalseDuplexNoneHPReverseOrderForFold_StitchTrueHPBestGlossDefaultInputSlot*UseFormTrayTableHPDuplicateJobNameOverrideSWFWPageSizeLETTERPageRegionLeadingEdgeMediaTypeAUTOHPMediaTypeTreeviewPopupTrueCollateFalseJCLHPPrintOnBothSidesManuallyFalseJCLEconomodeFalseOutputBinAutoStapleLocationNonePunchingNoneTextAsBlackFalseAlternateLetterHeadFalseJCLResolution600dpiJCLPrintQualityNoneJCLFastRes1bppHPConsumerCustomPaperTruePrintQualityGroupPQGroup_2JRHDInstalledJRHDOffHPNUseDiffFirstPageChoiceTrueHPPageExceptionsFileHPCPE112HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPEnableRAWSpoolingTrueHPDocPropResourceDataHPCabFileNameRGBColorNoCmdCMYKInksNoCmdJRConstraintsJRCHDFullHPColorSmartAutomaticHPColorSmart_ColorOptions_EdgeControlNoCmdHPColorSmart_ColorOptions_HalftoneNoCmdHPColorModeCOLOR_MODEHPColorSmart_Text_NeutralGraysNoCmdHPColorSmart_Text_HalftoneNoCmdHPColorSmart_Text_RGBColorNoCmdHPColorSmart_Graphics_NeutralGraysNoCmdHPColorSmart_Graphics_HalftoneNoCmdHPColorSmart_Graphics_RGBColorNoCmdHPColorSmart_Photo_NeutralGraysNoCmdHPColorSmart_Photo_HalftoneNoCmdHPColorSmart_Photo_RGBColorNoCmdHPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNT_GROUPNAMEHPBornOnDateHPBODHPJobByJobOverrideJBJOHPJobAccWoPinTruePSAlignmentFileHPCLS112HPSmartHubInet_SID_263_BID_514_HID_265HPColorAsGrayFalseCNOutputNoneCNStapleNoneCNOffsetFalseCNPunchingNoneCNFoldingNoneIUPHxMkA e/.dk i6[,&4Io WTGxP0E}fKg7Q0,iYҙ? (+Z]a*&5eUX6l`P;^;DڏN: Dт?eZ i7+|fXjBUz^䚔GV'ܔ0sEFjx$ԖVv`v_TBzX"}?\kqAƉ;pF;u{^B^~,jN؁"oU6n"2}+ېO82ƿfF8RBVP2ʌšErr*M?d"{5X7l+j֜qsA+d,eJ[(ATXƒ+ғMeQ]iI϶Sxs%, /톐Ta0t)BT\_,ҙws܎SwgoTXKoO>WhB!B!$F')%oVx" d,,??&U} m C} $X} X} )X} A} >_} :_} .d} $nJJK     F GHHIYY`F GHHIYY` L L L! LM Z Z a N O P P4D [e \b N O P PD [P \b N O P PD ] \b N O P PD [ \b N O P PbD [K \b N V Q QwB [0 \b N W Q Qw B [0 \b N V Q Qw B [0 \b N O P PN D [ \b N O P P D [ \b N O P PN D [ \b N  O P PD [i\ cv N! O R RD [) \b N" O P PCD [c \b N# O P P D [ \b N$ O O PND [] \b N% P{ P P8 D\ [b N& PL P9 PQ D\ [;b N' P& P` PS D\ [~b N( O P Q D\ [Xb N) P P P[ D\ [Ib N* P Pr P/ D\ [fb N+ PH P P D\ [b N, P P^ P D\ [Mb N- P P? P4 D\ [ b N. S P O D\ [kb N/ S P OD\[b N0 S O OD\[b N1 S O OD\[bD l..l^^^^^^^^^^^h^^^^^^^^^^^^^^JJ !"#$%&'()*+, -./ 0123456789:;<=>? N2 S O O D\[b !N3 !S !O !O!D\[b "N4 "S "O "O"D\[b #N5 #S #O #O #D\[b $N6 $S $O $O $D\[b %N7 %S %O %O%D\[b &N8 &S &O &O&D\[b 'N9 'S 'O 'O 'D\[b (N: (S  (O (O(D\[b )N; )S )O )O)D\[b *N< *S *O *O*D\[b +N= +S +O +O +D\[b ,N> ,P> ,P ,P ,D\ ,[,b -N? -O -P< -P" -D\ -[-b .N@ .P .Pp .Py .D\ .[V .cW /NA /P /P /O /D\ /[5/b 0NB 0P 0P 0P, 0D\ 0[0b 1NC 1P 1O 1P" 1D\ 1[1b 2ND 2Pn 2O 2Ph 2D\ 2[}2b 3NE 3P 3O 3P 3D\ 3['3b 4NF 4O 4Pt 4P 4D\ 4[64b 5NG 5O 5Ot 5O 5D\ 5[65b 6NH 6P 6O 6O 6D\ 6[u6b 7NI 7S 7P 7R 7D\ 7[7b 8NJ 8S 8P 8R 8D\ 8[8b 9NK 9S 9P 9R 9D\ 9[9b :NL :S :P :R :D\ :[:b ;NM ;S ;P ;R ;D\ ;[;b <NN <S <P <R <D\ <[<b =NO =S =P =R =D\ =[=b >NP >S >P >R >D\ >[>b ?NQ ?S ?P ?R ?D\ ?[?bDT lJJJJJJJJJJJJ^^b^^^^^^^^^^^^^^^^@ABCDEFGHIJKLMNOP@QRS T UVW X Y Z [ \] ^ _  @NR @S @P @R @D\ @[@b ANS AS AO AP AD\ A[ Ab BNT BS BP BP BD\ B[zBb CNU CS CP CP CD\ C[zCb DNV DS DP DP DD\ D[zDb ENW ES EP EP ED\ E[zEb FNX FS FP FP FD\ F[zFb GNY GP GP GP/ GD\ G[sGb HNZ HP HP HP HD\ H[sHb IN[ IO IO IOID\[b JN\ JO JO JP JD\ J[#Jb KN] KP KO KO KD\ K[xKb LN^ LPA LR LR LD\ L[RLb MN_ MP MP MP MD\ M[Mb NN` NPD NP NPF ND\ N[lNb ONa OP OP OP OD\ O[.Ob PNb PP PP PP PD\ P[.Pb QNc QP QP QO QD\ Q[Qb RNd RP RO RO RD\ R[BRb SNe SP SP SR SD\ S[*Sb TNf TP TP TO TD\ T[JTb UNg UO UP UP2 UD\ U[7Ub VNh VP VPd VO VD\ V[OVb WNi WP WPt WT WD\ W[=Wb XNj XP XPt XO XD\ X[YXb YNk YP YPt YO YE\ Y^_Yb ZNl ZO ZPt ZO ZE\ Z^Zb [Nm [P [P [O [E\ [^([b \Nn \P+ \P \P3 \E\ \^%\b ]No ]P ]P ]O ]E\ ]^]b ^Np ^P ^P ^O ^E\ ^^U^b _Nq _P _P _O _E\ _^_bD,l^^^^^^^^^J^^^^^^^^^^^^^^^^^^^^^` abcdefgh ijklm `Nr `P `P `O `E\ `^:`b aNs aO aP aO aE\ a^|ab bNt bP bP bO bE\ b^bb cNu cP cP cP cE\ c^-cb dNv dP$ dPt dPa dE\ d^gdb eNw eO eO eO eD\ e[oeb fNx fP fP fP fE\ f^jfb gNy gO gP1 gPm gE\ g^ gb hNz hO hPt hO hE\ h^hb iN{ iP iP iP" iE\ i^\ib jN| jPE jPG jPq jE\ j^@jb kN} kO kP kP kE\ k^Zkb lN~ lQ lP lP" lE\ l^lb mN mU mP mP" mE\ m^Tmb <^^^^^^^^^^^^^>@<dA $ggD Oh+'0@H\p  Jeff Ito Sain, JoeMicrosoft Excel@C3Y@=K՜.+,0HP X`hp x   MS SQL 2005  Worksheets  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry F=WorkbookSummaryInformation(DocumentSummaryInformation8