2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


The clr enabled option specifies whether user assemblies can be run by SQL Server.


Enabling use of CLR assemblies widens the attack surface of SQL Server and puts it at risk from both inadvertent and malicious assemblies.


If CLR assemblies are in use, applications may need to be rearchitected to eliminate their usage before disabling this setting. Alternatively, some organizations may allow this setting to be enabled 1 for assemblies created with the SAFE permission set, but disallow assemblies created with the riskier UNSAFE and EXTERNAL_ACCESS permission sets. To find user-created assemblies, run the following query in all databases, replacing <database_name> with each database name:

USE [<database_name>]


SELECT name AS Assembly_Name, permission_set_desc

FROM sys.assemblies

WHERE is_user_defined = 1;



Run the following T-SQL command:

EXECUTE sp_configure 'clr enabled', 0;

Default Value:

By default, this option is disabled (0).

See Also