If you're unsure about any remaining hosts and you want 100% accuracy on the SQL Server version information, then you can either log into the SQL Server instance and issue the 'select @@version' command or use Windows Explorer to view the version information of the sqlservr.exe file on the target machine. These are the most time-consuming, but also the most accurate, of all the version identification methods. Note, too, that you must...
be able to log into the SQL Server instances to get this information. For rogue installations, developer machines, or test labs this can be difficult to do sometimes, so the ssnetlib version may be the only information you can get.
In the next installment in our series on SQL Server patch deployment, we'll look at what to do next to get those service packs and hotfixes installed on the instances we've identified and assessed.
HOW TO PATCH SQL SERVER, PART 1
Step 1: Map your network
Step 2: Perform an active scan
Step 3: Check for SQL registrations
Step 4: Probe remote services
Step 5: Probe for SSNetlib.dll versions
Step 6: Directly request version information
Go to: How to patch SQL Servers, part 2
ABOUT THE AUTHOR:
Chip Andrews is the director of research and development for Special Ops Security Inc. and the founder of the SQLSecurity.com Web site, which focuses on Microsoft SQL Server security topics and issues. He is also the author of SQL Server Security.