How do I block SQL Server Management Studio from accessing internet sites?
Let me set the stage. I'm sitting behind a Bluecoat proxy server at work. We have a management policy forbidding us to access the internet using a privileged account. And I need to use a privileged account to run SSMS to perform database administration.
So to perform database administration, I "runas" SSMS with my privileged account. I suspect SSMS is opening a connection to a microsoft.com site for unknown reasons. The Bluecoat proxy server sees this unauthorized internet connection, gets mad at me for violating company policy, and blocks internet access to my IP address for the next hour.
I'm aware that SSMS checks for updates by default at startup. I've turned that off. Something else is going on.
Best Answer
Instead of fully impersonating your privileged account, start SSMS with
runas /netonly. That will cause the SSMS Windows process to run as your logged-on account, and only use the privileged account credentials when accessing domain resources using NTLM authentication.Http requests to internet resources will not use NTLM for resources outside of your trusted domain.
Alternatively you can configure the credentials in the Windows Credential Manager.
This is the same technique used to connect using Windows Integrated Authentication to a SQL Server from a machine not joined to a domain trusted by the SQL Server's domain. See eg: https://www.mssqltips.com/sqlservertip/3250/connect-to-sql-servers-in-another-domain-using-windows-authentication/