SQL Server Security Tips

• Assigning DBA Rights in SQL Server
• Can I stop a System Admin from enabling SQL Server xp_cmdshell?
• Different ways to secure the SQL Server SA Login
• Identify Local Administrators on a SQL Server box using PowerShell
• Secure and disable the SQL Server SA Account
• Security Issues with the SQL Server BUILTIN Administrators Group
• When not to use the sa password in SQL Server applications
• When was the last time the SQL Server sa password changed?
• Who is logging in as the sa login in SQL Server?

• ASP.NET Security for SQL Server
• Reflect on SQL Server Security Considerations After Recent Breaches

• Backdoor to Elevate SQL Server Security Privileges
• SQL Server Security Vulnerability Assessment Tool in SSMS 17.4

• Exporting and Importing SQL Server Always Encrypted Certificates for Client Access

• Protecting SQL Server from Ransomware
• SQL Server Security Checklist

• Running SQL Server Databases in the Amazon Cloud: Q & A

• How to configure SSL encryption in SQL Server
• How to troubleshoot SSL encryption issues in SQL Server
• Is disabling xp_cmdshell in SQL Server really secure?
• Using Kerberos Configuration Manager for SPNs Validation

• How to Connect to a SQL Server Named Instance

• Breaking ownership chaining within a schema in SQL Server
• Dynamic SQL and Ownership Chaining in SQL Server
• Options for cross database access within SQL Server
• Ownership chaining in SQL Server security feature or security risk
• Understanding Cross Database Ownership Chaining in SQL Server

• Data cleanup in SQL Server becomes more important with GDPR
• Solving forget me requests for GDPR in SQL Server
• SQL Server Functions to Mask Confidential Data using CLR or PowerShell

• SQL Server Data Masking with DbDefence
• SQL Server Dynamic Data Masking Discovery and Implementation
• SQL Server Static Data Masking Example

• Database level permissions for SQL Server 2005 and 2008
• Giving and removing permissions in SQL Server
• Implicit Permissions Due to Ownership Chaining or Scopes in SQL Server
• SQL Server Database Guest User Account
• Windows Groups to Support SQL Server 2005 Application Security

• Implicit Permissions Due to SQL Server Database Roles
• Nesting Database Roles in SQL Server
• Retrieving SQL Server Fixed Database Roles for Disaster Recovery
• SQL Server Database Users to Roles Mapping Report
• The Power of the SQL Server Database Owner
• Understanding SQL Server fixed database roles

• Application Database Security Design - Part 1 - Authentication for SQL Server

• Review Minimum SQL Server Security Practices

• How to Enable Secondary Decryption of SQL Server Symmetric Keys
• Securing and protecting SQL Server data, log and backup files with TDE
• SQL Server Transparent Data Encryption (TDE) Performance Comparison
• Understanding the importance of key length with the SQL Server asymmetric encryption algorithms
• Understanding the SQL Server HASHBYTES hashing algorithms
• Understanding the SQL Server Symmetric Encryption Algorithms
• Using Views to Expose Encrypted Data in SQL Server

• Creating a SQL Server proxy account to run xp_cmdshell
• How do I secure a SQL Server extended stored procedure?
• Replace xp_cmdshell command line use with SQL Server Agent

• Accessing the Windows File System from SQL Server
• Auditing Critical Windows Files and Folders for SQL Server
• Retaining File Information for ETL Security Analysis

• SQL Server Security Functions

• SQL Server 2005 Installation Log File Security Vulnerabilities

• Best Practices to Secure the SQL Server sa Account
• Clone a SQL Server login and password to a new server
• Cloning a SQL Server Login with all permissions using PowerShell
• Find All Failed SQL Server Logins
• Find Embedded SQL Server Logins in Jobs, Linked Servers or SSISDB
• Getting Sysadmin Access to SQL Server When Locked Out
• Grant User Access to All SQL Server Databases
• How to Create SQL Server Logins with PowerShell
• Inventory SQL Logins on a SQL Server with PowerShell
• Map between SQL Server SIDs and Windows SIDs
• Prevent and Log Certain SQL Server Login Attempts
• Quickly Find Failed SQL Server Logins Using the Windows Event Log

• Migrate SQL Server Logins with PowerShell
• Migrate the Correct Logins with a SQL Server Database

• Automated way to get all port information for SQL Server instances
• Configure Windows Firewall to Work with SQL Server
• Creating a Kerberos Delegation Table for SQL Server Access
• Get SQL Server SPN information for all servers using PowerShell
• Network communications mechanisms for SQL Server
• Protecting the SQL Server Backup folder
• Register a SPN for SQL Server Authentication with Kerberos
• Resource Based Kerberos Constrained Delegation
• Script to Check and Auto Generate SPNs for SQL Server
• Understanding When SQL Server Kerberos Delegation is Needed
• Using nmap to scan for SQL Servers on a network

• Alerts and Notifications for SQL Server Login, Database User and Role Membership Changes
• Automated WMI Alerts for SQL Server Login Property Changes
• Get Alerts for Specific SQL Server Login Failed Events

• How to Assign Ownership to Various Database Objects using ALTER Authorization T-SQL Statement
• Options for hiding SQL Server code
• Understanding SQL Server Ownership Chaining

• Implementing SQL Server Security with Stored Procedures and Views
• Practice of Using Privileged Accounts to Access SQL Server

• Add a Salt with the SQL Server HASHBYTES Function
• Encrypt and Decrypt Passwords in SQL Server with PowerShell
• Encrypting passwords for use with Python and SQL Server
• Generating A Password in SQL Server with T-SQL from Random Characters
• Generating a Password in T-SQL from a Table of Words
• How to configure password enforcement options for standard SQL Server logins
• How to Unlock a SQL Login Without Resetting the Password
• Identify blank and weak passwords for SQL Server logins
• Simple SQL Server Function to Generate Random 8 Character Password
• Storing passwords in SQL Server – things to know to keep the data secure
• Tracking Login Password Changes in SQL Server
• Using PowerShell to Audit for Blank SA Passwords

• Application Database Security Design Part 2 - Multiple Levels of Access to SQL Server
• Blocking SQL Server db_datareader, db_datawriter, and db_owner Permissions
• Compare SQL permissions using SQL Server Data Tools
• Determining Permission Issues for a SQL Server Object
• Extend the REVERT statement using the WITH COOKIE clause in SQL Server
• Filtering SQL Server Columns Using Column Level Permissions
• Grant Truncate Table Permissions in SQL Server without ALTER Table
• How come I can create SQL Server objects but not access these objects
• How to Clone a SQL Server Login, Part 1 of 3
• How to Clone a SQL Server Login, Part 2 of 3
• How to Clone a SQL Server Login, Part 3 of 3
• How to use module signing for SQL Server security
• Identifying the Tie Between Logins and Users
• Implementing SQL Server Row and Cell Level Security
• Issues Determining an Individual SQL Server User's Permissions
• Retrieving SQL Server Permissions for Disaster Recovery
• SQL Server EXECUTE AS
• SQL Server nested securable permissions
• SQL Server Permissions Granted to All Users By Default
• SQL Server Permissions List for Read and Write Access for all Databases
• Understanding and dealing with orphaned users in a SQL Server database
• Understanding GRANT, DENY, and REVOKE in SQL Server
• Understanding How A User Gets Database Access in SQL Server
• Verify the databases a SQL Server login can see - and why

• PCI Best Practices Guide for SQL Server DBAs
• SQL Server PCI DSS Security Patching Checklist

• Is your SQL Server environment ready for GDPR?

• SQL Server separation of duties

• Protect Confidential SQL Server Data Q and A
• SQL Server Security Community Questions on Windows, Server Level, Database, Roles and more

• How does GDPR impact your SQL Server Recovery Plans

• List SQL Server Login and User Permissions with fn_my_permissions

• Performance Impact of SQL Server 2016 Row-Level Security

• Default Schema for Windows Group in SQL Server
• Script to Set the SQL Server Database Default Schema For All Users

• Script out SQL Server Credentials and Proxies
• Script to determine permissions in SQL Server 2005
• Script to Drop All Orphaned SQL Server Database Users
• Script to drop SQL Server login and all owned objects using PowerShell
• Script to move all objects to a new schema for SQL Server
• SQL Server security report to show sysadmins and database owners

• Hiding instances of SQL Server 2005
• How to check SQL Server Authentication Mode using T SQL and SSMS
• Identify SQL Server 2005 Standard Login Settings
• Meltdown and Spectre Vulnerabilities Impact on SQL Server
• Potential Security Exploit Using CONTROL SERVER Permissions in SQL Server
• Server level permissions for SQL Server 2005 and SQL Server 2008
• Skip-2.0 Malware Impacts SQL Server - Should I Be Worried?
• SQL Servers Assessment for the Meltdown and Spectre Vulnerabilities

• Creating a SQL Server 2012 User Defined Server Level Role
• Identifying SQL Server logins with overlapping server roles
• SQL Server User Defined Server Roles
• Tighten SQL Server security with custom server and database roles
• Understanding SQL Server fixed server roles

• How to Create Secure SQL Server Service Accounts
• How to determine service related privileges for Sql Server service account
• SQL Server Service Account Privileges
• Understanding how SQL Server handles Service Isolation
• Using Group Managed Service Accounts with SQL Server
• Using Managed Service Accounts with SQL Server
• Why System Account is a bad idea for SQL Server Service Account

• Enabling xp_cmdshell in SQL Server
• Extended Protection available in SQL Server 2008 R2
• Get Started with SQL Server xp_cmdshell
• How to eliminate SQL Server security issue caused by sp_replwritetovarbin
• New Security Catalog Views in SQL Server 2005 and SQL 2008

• How to Setup Row Level Security for SQL Server

• Protect and Mask Sensitive SQL Server Data for Development and Test Environments

• Cannot make a role a member of itself error in SQL Server
• Correct the SQL Server Authentication Mode in the Windows Registry
• Different Ways to Find SQL Server Orphaned Users
• Get Back into SQL Server After You've Locked Yourself Out
• How to connect to SQL Server if you are completely locked out
• More on Recovering Access to a SQL Server Instance
• Recover access to a SQL Server instance
• Security issues when using aliased users in SQL Server
• SQL Server 7.0 to 2005 Security Vulnerabilities Could Allow Elevation of Login Privileges
• SQL Server errors with drop login and drop user
• SQL Server Login Failure Error 18456, Severity 14, State 10
• SQL Server Login Issue With Default Database
• Steps to Drop an Orphan SQL Server User when it owns a Schema or Role
• Suspect SQL Server 2000 Database (Part 1 of 2)
• Unable to see a SQL Server table
• Why Can't I Set a Default SQL Server Schema for My Windows Group Login?
• Windows cannot access the specified device, path or file error

• Filtering Columns in SQL Server Using Views
• Grant limited permissions to create SQL Server views in another schema Part 1
• Grant limited permissions to create SQL Server views in another schema Part 2

• SQL Server Windows Authentication with Users and Groups