Deploying a .Net 4.6.1 Web-Application

to Windows Server 2016 Datacentre with

SQL Server 2012 Express

1) While installing SQL Express, change the user who starts the server from MSSQLServerXXX to NT AUTHORITY\SYSTEM by clicking on Browse, entering SYSTEM in the text box and clicking on Check User. 

Otherwise the DB server won't start at the end due to insufficient permissions and the setup will fail.

2) Choose Windows Authentication during the SQL Server installation since it is more secure. This way the sa user is not enabled by default and removes a well known attack surface.

3) During installation as "handle" error might be faced. The database log is at C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Log. A common problem faced is of "security.dll not found". For this SSL 3.0 and TLS 1.0 has to be enabled and after the server is installed it has to be patched and the former disabled.

Enable them by going to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\ through regedit and entering a value of fffffff for DisabledByDefault

4)  Create a specific login using Security > Login > New User, select SQL Authentication and give him/her a password. Disable Enforce Password Policy to disable Password Expired messages.

5) Create a specific database user linked to this login by expanding the restored application database,

    clicking on Security > User > New User. 

6) Grant common permissions on the database to him/her using the command

     use <db name>

     grant all on <table name> to <user name>