Summary: ProductFeedback about Microsoft SQL Server and MSDE

Allow MSDE Nested MSI Installation

Bootstrappers are a hack, not a solution!
* Can't use merge modules because they cannot be independently patched by Microsoft
* Not allowed to use nested MSI installations
* MSDE installation has it's own bootstrapper that makes automated deployment over domains tricky
* Bootstrappers do not allow you to uninstall the custom MSDE instance during uninstallation of the "parent" app
* Cannot advertise or publish app installations that require MSDE - bootstrappers cannot be advertised or published using intellimirror!
* Just because Windows Installer is missing some critical feature to make this work is not an excuse. Go camp in front of their offices or bribe them into adding the features to Windows Installer that will make MSDE installations a little more sane!

Automatically start MSDE after installation

After installing an MSDE instance the server is not started, yet the service is set to "automatic". This requires either the app developer to be sneaky and write some custom code to manually start the server the first time, or be lazy and require the user to reboot. Why isn't the service started after the initial install if it's already set to automatic?

Deploy SQL Server updates over Windows Update / Microsoft Update

It's been a few years since SQL Slammer and I've yet to see any automatic SQL Server updates.

Encrypt (or at least hash!) SQL Server Authentication

Microsoft SQL Server username & password authentication is sent (almost) as plain text over the internet. It is mentioned in many, many places that this authentication mode is not recommended for this very reason. However, there are still way too many situations where a SQL Server must be run outside of a domain. Standalone web servers? Accounts for automated data processing tasks? ASP.NET authentication? VPN or Internet traffic without forcing the poor home user to join a domain? Contractors who work at 10 companies and cant be changing their domain every 3 hours? Both Oracle and DB2 supports Username & Password authentication. You won't rip out the feature for security reasons because too many people would scream, yet you won't fix this issue because you only recommend domain logins. ARGH.

Actually, Windows Authentication dosn't require domains. -- Yuhong Bao

Remove Service Manager from MSDE by default

Is there any reason why end users need a non-functioning Service Manager app in their system tray when an application is installed that uses it's own MSDE instance?

Well, I don't think this should be done for security reasons. -- Yuhong Bao

Servers show in list when network protocols disabled

Try installing MSDE with "DisableNetworkProtocols=1" set, or manually go to your SQL Server and remove all network protocols so that the only available communication method is shared memory. These "network disabled" installs still show in the server browse list! The last thing a person wants is the SQL Server list being cluttered with two dozen local app installs that use MSDE. The worst part is they are completely inaccessible over the network - why are they shown?

Add an Includes MSDE logo

Add an Includes SQL Server Express logo and encourage software vendors to put it on any product that includes SQL Server Express so that everybody is aware of that. Also, on the Windows Marketplace and the Windows Server Catalog, show this logo on any product that includes SQL Server Express.
I'm sure most of the SQL Servers that are infected with the Slammer worm are actually MSDE installations that the users isn't aware of. -- Yuhong Bao