Contents Index Operating system installation Creating a database

SQL Anywhere Studio Security Guide
  Installation

Adaptive Server Anywhere software installation


This page describes operation of Adaptive Server Anywhere in a manner equivalent to a C2-security-certified configuration. It does not provide general-purpose information on the topic.

Next, you have to install Adaptive Server Anywhere in a C2-compliant manner. For C2 compliance you must use Adaptive Server Anywhere version 7.0.0, English only, without any EBFs (express bug fixes), in a standalone environment. Most of this book describes how to operate the current version of the software, but this section refers specifically to the C2-certified release.

To install Adaptive Server Anywhere 7.0.0

  1. Log in to Windows NT as administrator.

  2. Download the Adaptive Server Anywhere C2 patch from www.sybase.com/developer.

  3. Run ASAC2Patch.exe and save the files into the default directory (C:\ASAC2Patch).

    ASAC2Patch.exe is a self-extracting archive.

    For information on this patch, see The Adaptive Server Anywhere C2 patch.

  4. Open a command prompt window.

    The Adaptive Server Anywhere installation includes MDAC (Microsoft Data Access Components). The MDAC installation replaces some Windows NT system DLLs which are part of the Windows NT TCB (trusted computing base). To avoid this, you must first make copies of these DLLs, and then replace them after the Adaptive Server Anywhere installation. The Adaptive Server Anywhere C2 Patch includes three batch files to facilitate this procedure.

    The first batch file creates a temporary directory and copies fourteen .dll files and one .exe file from the C:\winnt\system32 directory. To run the first batch file, enter the following commands at the command prompt:

    C:
    cd \ASAC2Patch
    mdac1
    exit
  5. Install the Adaptive Server Anywhere 7.0.0 software, using the following guidelines:

  6. Reboot your machine after the installation is complete.

  7. Log in to Windows NT as an administrator.

  8. Install the Adaptive Server Anywhere C2 patch according to the directions in readme.txt (located in C:\ASAC2Patch).

    You do not need to reboot the machine after this step.

  9. Set permissions on the software directory as follows:

  10. Create a folder for the database and transaction log files. For example, you may create a folder C:\Databases. In the remainder of this document, this folder is referred to as the C2 database folder. Set the permissions on this folder as follows:

  11. Create a folder under C:\ called ASTMP for the engine to use as temporary storage space. Set the same permissions as for the Databases folder in the previous step.

  12. Set the System environment variable ASTMP to the temporary folder just created by right-clicking the My Computer icon, and choosing Properties. Click the Environment tab. In the Upper listbox, click any entry. Change the Variable entry to ASTMP, and change the Value entry to C:\ASTMP. Click Set, and then click OK.

  13. The second batch file contained in the Adaptive Server Anywhere C2 Patch copies the .dll and .exe files from the temporary directory created by mdac1.bat into the C:\winnt\system32 directory. To run the second batch file, from the Start menu, choose Programs > Command Prompt. At the command prompt, enter the following commands:

    C:
    cd \ASAC2Patch
    mdac2
    exit
  14. When putting Windows NT into the certified configuration, several registry keys are deleted. During Adaptive Server Anywhere installation, two of these keys are re-created. For Windows NT to remain in its certified configuration, these keys must be deleted again. Use regedt32.exe to delete the following registry keys:

    Key HKEY_LOCAL_MACHINE\SOFTWARE
    Subkey Microsoft\OS/2 Subsystem for Windows NT
    Entry delete all subkeys
    Key HKEY_LOCAL_MACHINE\SYSTEM
    Subkey CurrentControlSet\Control\Session Manager\Environment
    Entry Os2LibPath
    Value delete entry
  15. You must also ensure that these files have the correct permissions as shown below:

    Files C2-Level Permissions
    BOOT.INI, NTDETECT.COM, NTLDR Administrators: Full Control SYSTEM: Full Control
  16. Close all open windows and reboot your machine.

    You must reboot your machine for the Service Control Manager to read changes to system environment variables.

  17. Log in to Windows NT as administrator.

  18. The third batch file contained in the Adaptive Server Anywhere C2 Patch cleans up the temporary directory created by mdac1.bat. To run the third batch file, open a command prompt window. At the command prompt, enter the following commands:

    C:
    cd \ASAC2Patch
    mdac3
    exit

Contents Index Operating system installation Creating a database