Generates a list of ALL Users and their database Roles for all Databases (Or for a specific user).  Read more...

If you are bound by HIPAA regulations, you may have more auditing in your future. If you're not, perhaps you should still pay attention to the criteria being used for auditing.  Read more...

I've been charged with coming up with a quick solution to audit login changes on my SQL Servers. However, there's no budget so I'm going to have to come up with basic scripts and the like to do the work. Is this tip we cover a solution for you to audit login changes.  Read more...

This script will return all permissions on the server.  Read more...

A script to reveal which logins have access to your sql server via windows groups.   Read more...

I have been tasked with auditing security on my SQL Server. However, this needs to be a somewhat automated process as I don't want to have to rely on taking screenshots every month to satisfy our auditors. What tables and/or views should I be using and what's the best way to extract the information out of them?  Read more...

If your company needs to go through a SOX (Sarbanes–Oxley) audit or any security audit, the DBA has to provide security information to them. If you have purchased third party tools to provide this information that is great. If you don't have third party tools and need to go through many servers to provide this information it can be a hassle and very time consuming. So I put together a script to generate a report that I could just review. The script generates a report of all elevated level accounts and any possible security holes.  Read more...

The first of this three part series on SQL Server Security Auditing focuses on the SQL Server itself and addressing any of its security vulnerabilities.  Read more...

I re-cycle my SQL Server log every night using sp_cycle_errorlog. However, before I do, I would like to capture all of the failed logins recorded. I have auditing turned on for failed logins, but I want to make sure that I capture those events into a table so I can report on. How can I do this?  Read more...

This is spurred on by a comment a pen tester made. He was referring to a particular technology and said something to the effect of, "What do you expect? It's 30 year-old technology." I was stunned when the comment was relayed to me. My response...  Read more...

How do you protect and monitor your databases? Auditing is one way, but Steve Jones thinks this subsystem in SQL Server needs to mature.  Read more...

How do you protect and monitor your databases? Auditing is one way, but Steve Jones thinks this subsystem in SQL Server needs to mature.  Read more...

How do you protect and monitor your databases? Auditing is one way, but Steve Jones thinks this subsystem in SQL Server needs to mature.  Read more...

How do you protect and monitor your databases? Auditing is one way, but Steve Jones thinks this subsystem in SQL Server needs to mature.  Read more...

This article shows the steps to analyze SQL Server logins and permissions to ensure that there are no logins and users that exist who are have unnecessary access  Read more...

Brian Kelley looks at auditing in this article about SQL Server 2008 and the enhancements made in this version. The new Audit Object allows you to more easily determine what is happening on your SQL Server instance.  Read more...

Generates a list of ALL Users and their database Roles for all Databases (Or for a specific user).  Read more...

Longtime SQL Server guru David Poole brings us a look at one of the thorny problems a DBA faces: tracking down illicit users.  Read more...