Tag: SQL Server Security

  • Creating SQL Logins on an Availability Group (AG) Environment

    In an Availability Group, the databases fail over. Your SQL logins do not. For Windows domain logins, the SID is owned by AD, so you just create the login on each replica and it syncs up. For SQL logins, the SID is generated inside SQL Server. If the SID differs between replicas, the database user…

  • Grant VIEW SERVER STATE in SQL Server

    VIEW SERVER STATE is the permission that unlocks most server-level DMVs and DMFs. If someone can’t run basic instance health checks and keeps hitting permission errors, this is usually why. It gives visibility into what is happening on the box right now: active sessions, running requests, waits, connection details, and plan cache level query stats.…

  • Working with SQL Server Database Master Keys

    SQL Server uses an encryption hierarchy to protect secrets such as credentials, asymmetric keys and certificates. At the database level, that hierarchy is anchored by the database master key (DMK). Because all other encrypted objects depend on it, losing access to the DMK can render those objects unusable. This post walks through how to: It also…

  • Check SQL Server Connection Encryption and Protocol

    Modern SQL Server environments often use encrypted connections by default, but that does not always mean what people think it means. When troubleshooting connectivity problems, certificate errors, performance questions, or unexpected client behaviour, DBAs usually need to answer one very specific question: What protocol and encryption is this connection actually using right now? This post…

  • SSMS Certificate Chain Not Trusted Error (Trust Server Certificate Fix)

    If you’ve recently upgraded SQL Server Management Studio and suddenly can’t connect to SQL Server, you may see an SSL or certificate error during login. This commonly appears after upgrading to newer SSMS versions and is caused by a change in how SSMS handles encryption by default. The good news: this is usually quick to…

  • Script: List Sysadmin Role Members

    This script returns all logins that are members of the sysadmin fixed server role. It includes login type, whether the login is disabled, and default database information. This is commonly used during security reviews, onboarding and offboarding checks, and when validating privileged access in production environments. The Script Example Output The result set shows one…

  • Script: Check xp_cmdshell, CLR & Database Mail Configuration

    This script checks whether xp_cmdshell, CLR integration (including CLR strict security), and Database Mail are enabled on the instance. These features expand SQL Server’s capabilities beyond pure database operations. While commonly used, they increase surface area and should be intentionally configured. This script is useful during security reviews, environment validation, or when inheriting a server.…

  • Script: SQL Server User & Permissions Audit

    This script audits SQL Server users and permissions across all databases on an instance. It consolidates server-level logins, database users, Windows groups, and role memberships into a single result set. It is useful during security reviews, access audits, migrations, or when validating permissions after changes. The Script Example Output The result set shows consolidated role…

Blog Categories

Latest Posts

Blog Tags

Always On Availability Groups (4) Database Backups & Recovery (10) Database Maintenance (7) DBA Tools (29) Performance Troubleshooting (9) PowerShell (4) Query Behaviour (4) Schema Changes (1) SQL Agent (1) SQL Interview Questions (1) SQL Scripts (25) SQL Server Administration (9) SQL Server Configuration (7) SQL Server Errors (5) SQL Server High Availability (4) SQL Server Internals (4) SQL Server Management Studio (SSMS) (7) SQL Server Monitoring (10) SQL Server Networking (9) SQL Server Replication (1) SQL Server Security (8) SQL Server Versions (2) Storage and Capacity (14) T-SQL (9) Transaction Logs (8) Troubleshooting (14) Windows Server (4)