Category: Security

  • Grant VIEW SERVER STATE in SQL Server

    VIEW SERVER STATE is the permission that unlocks most server-level DMVs and DMFs. If someone can’t run basic instance health checks and keeps hitting permission errors, this is usually why. It gives visibility into what is happening on the box right now: active sessions, running requests, waits, connection details, and plan cache level query stats.…

  • Working with SQL Server Database Master Keys

    SQL Server uses an encryption hierarchy to protect secrets such as credentials, asymmetric keys and certificates. At the database level, that hierarchy is anchored by the database master key (DMK). Because all other encrypted objects depend on it, losing access to the DMK can render those objects unusable. This post walks through how to: It also…

  • Script: List Sysadmin Role Members

    This script returns all logins that are members of the sysadmin fixed server role. It includes login type, whether the login is disabled, and default database information. This is commonly used during security reviews, onboarding and offboarding checks, and when validating privileged access in production environments. The Script Example Output The result set shows one…

  • Script: Check xp_cmdshell, CLR & Database Mail Configuration

    This script checks whether xp_cmdshell, CLR integration (including CLR strict security), and Database Mail are enabled on the instance. These features expand SQL Server’s capabilities beyond pure database operations. While commonly used, they increase surface area and should be intentionally configured. This script is useful during security reviews, environment validation, or when inheriting a server.…

  • Script: SQL Server User & Permissions Audit

    This script audits SQL Server users and permissions across all databases on an instance. It consolidates server-level logins, database users, Windows groups, and role memberships into a single result set. It is useful during security reviews, access audits, migrations, or when validating permissions after changes. The Script Example Output The result set shows consolidated role…