Skip to content

Ensure 'Ole Automation Procedures' Server Configuration Option is disabled

Description

The Ole Automation Procedures option controls whether OLE Automation objects can be instantiated within Transact-SQL batches. These are extended stored procedures that allow SQL Server users to execute functions external to SQL Server.

Rationale

Enabling this option will increase the attack surface of SQL Server and allow users to execute functions in the security context of SQL Server.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { checkServerSetting } = module
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'Ole Automation Procedures' is set to 0
 */
function validate(databaseSettings) {
    const success = checkServerSetting(databaseSettings, 'Ole Automation Procedures', "0")

    return {
        success,
    }
}

validate(databaseSettings)