Detecting Locked or Expired Logins
SQL Server logins can be configured to use password policies enforced by Windows. These policies include determining when passwords expire, how many invalid passwords can be entered before lock-out, etc. The T-SQL code in this…
Auditing Login Events with Service Broker
Perhaps one of the most important aspects of running a secure SQL Server is auditing login events – essentially capturing who’s logging in, and who’s attempting to login. Being aware of who’s logging in, and…
dbo – Database Owner
In SQL Server, the dbo or Database Owner is a server-level principal that has full access to the owned database. Microsoft’s best practices recommend creating a discrete user, either an Active Directory domain user or…
Filesystem security for TDE Keys and Certificates
What is TDE, and why is filesystem security important? Transparent Database Encryption, or TDE, is used to encrypt an entire database. The encryption is “transparent” since once the database is loaded by SQL Server, anyone…
Cannot use Certificate because its Private Key is not Present
Introduction Transparent Database Encryption, or TDE as it’s colloquially known, is a great solution for data security “at rest”. That is, data is encrypted on-disk, preventing someone with a copy of the database files from…
BULK INSERT, Kerberos, and Delegation
Pesky Kerberos and BULK INSERT The T-SQL commands, BULK INSERT and OPENROWSET(…), offer great ways to import data from a file into a table in SQL Server. However, getting BULK INSERT Kerberos security setup correctly…