Wednesday, September 25, 2019

SQL Server CEIP service

Very recently, by monitoring SQL Server activity found that some service creates Extended Events and then drop them.
The user, who run these traces is "SQLTELEMETRY" and an application is "SQL Server CEIP service (MSSQLSERVER)"

Usually I missed that, because I look at running tasks only when there is a problem and if any running task does not generates any extra CPU activity and does not cause any current issues I just ignore it while hunting for the real problem.
But recently I've started monitoring DDL events activity and one of the servers showed me that "CEIP service for Sql server" produces a lot of DDL event on a regular base.

I do not like any extra noise in my environment and started to hunt that issue.
That Microsoft article describes how "How the Customer Experience Improvement Program (CEIP) helps Microsoft identify ways to make our software better." 

In other words that service collects information within your SQL Server and sends it to Microsoft. Even though Microsoft claims that it does not collect and send passwords and certificates it still admits that some Customer Content can be sent to Microsoft.
That means if you have any PII - Personal Identifiable Information, which can be Social Security Numbers, Dates of Birth, Names, addresses, Credit Card numbers, financial information can easily be transferred outside of your server and being unprotected.

How have you got that scary service? 

Whoever installed SQL Server on that box once allowed that service to exist and send data to Microsoft.

How to stop/disable that service?

The Books Online article describes how you can turn sending that information to Microsoft off, but as paranoid DBA I'd prefer to disable the service completely.
You can find it in the list of services on the server:

Just open it, stop and select "Disabled" in the "Startup Type"

And keep your customers' data protected.



No comments:

Post a Comment