Another article has published over at MSSQLTips.com. This one covers how to identify what stored procedures are set to run when SQL Server starts up as well as what jobs are set to run when SQL Server Agent comes online. An attacker could use both of these places to embed code to regain… Read more

I was trying to acquire a license for a product I was trying to look at using a free program. Now, because the organization is providing the license for free, I expect some strings to be attached. Want me email? Yup, how else would you send me the license? You… Read more

So I went to present at Charleston PASS on Thursday night and of course I had my standard contact information on my slides. This included the web site I have (had) as my brochure site: truthsolutions.com (it's not up, so no link). I hadn't checked it in a while because… Read more

Every security awareness presentation makes the warning about opening attachments or clicking on links in emails when you don't know the sender or aren't 100% positive that the sender intended to send the email. Yet, despite this general warning, we all typically do it. For instance, if you're on Twitter and… Read more

My first article of 2012 has published over at MSSQLTips.com. This one covers the basic technique for using PowerShell to audit for a server role across multiple SQL Servers. It is assumed you have appropriate rights on those servers. You can read the article here:

Auditing sysadmin on multiple servers… Read more

I will be presenting on SQL Server security on January 19th in Charleston, SC. You can find the details at the Charleston PASS website. I'm looking forward to it.

Both my wife and I graduated from colleges in Charleston. I'm a graduate of The Citadel and my wife graduated… Read more

I have been renewed as an MVP for SQL Server. This is my 4th award. It's humbling to receive the award each time, as many other MVPs have expressed. If you're wondering how to become an MVP, then Paul Randal's post (blog | twitter) from 2009 is probably the… Read more

On January 10, 2012, Midlands PASS is pleased to welcome back PowerShell expert and teacher, Ed Wilson (blog | twitter), and his lovely wife Teresa.

Whether you haven't learned what PowerShell is yet or you're an expert yourself, you're sure to learn something from Ed as he… Read more

I saw the following post from Andy Warren (blog | twitter), one of the creators of SQL Saturday. He was trying to explain what SQL Saturday was to a non-SQL person and found that while saying it's a free day of training is accurate but not complete. I… Read more

Want 2 days of Microsoft SQL Server training where you can hand-pick what you're learning about for the low price of $299?

That's what you get with SQLRally, which next year will be held in Dallas, Texas. Registration just opened for this event and the early bird $299 pricing… Read more

Last week my partner in crime, Bobby Dimmick (blog | twitter) and I sat down for lunch and caught up and asked the question, "What's next?" Bobby and I discussed plans and goals for next year and what became pretty apparent very quickly is that neither of us… Read more

Last week I was able to give a SQL Server security webinar with Quest Software and SQL Server MVP Kevin E. Kline (blog | twitter). The webinar is available for viewing and the slides for download now:

Experts' Perspective Webcast: Building a Bulletproof Security Strategy for SQL Server Read more

Tom asks what #SQLFamily means to me. This is a hard one, not because of what #SQLFamily does for me, but rather, trying to limit it to a blog post.

#SQLFamily Provides Knowledge Growth Opportunities:

There is always something being talked about, whether SQL Server related or not, that I… Read more

I  have the privilege of being able to give a webinar tomorrow, November 3, at 11 AM EDT. It will be through Quest's Experts' Perspective series. You can register here:

Experts' Perspective Webcast: Building a Bulletproof Security Strategy for SQL Server

In this webinar I'll be discussing how to design… Read more

I have the privilege of being able to give a webinar next Thursday, November 3, at 11 AM EDT. It will be through Quest's Experts' Perspective series. You can register here:

Experts' Perspective Webcast: Building a Bulletproof Security Strategy for SQL Server

In this webinar I'll be discussing how to… Read more

Welcome back to both our Kerberos coverage and to another topic for SQL University's Security and Auditing Week. In today's lesson we're going to cast some light on what is likely the most used tool in managing Service Principal Names (SPNs) for Kerberos: SETSPN. If you're not familiar with… Read more

Welcome to Security week at SQL University. I apologize for the late start. However, if you want to do some related reading from last week, take a look at the Kerberos series I started:

• Understanding Kerberos, Part I
• Understanding Kerberos, Part II

The reason I point out the Kerberos… Read more

The majority of the time, the problems I see with Kerberos are due to a bad SPN (Service Principal Name) configuration. So in this post we'll talk about what an SPN contains and how it should look. An SPN contains several pieces of information:

• The service identifier (this is MSSQLSvc…

Read more

A get a lot of questions where I work about Kerberos and how it works for SQL Server, whether we're talking about the database engine or Reporting Services. I also see it quite a bit on Twitter. This is a series of posts that looks to explain Kerberos in more… Read more

On Tuesday, October 18, 2011, I will be speaking at the Carolina Technology Conference in Columbia, SC. I'm scheduled for the 3:30-4:20 PM slot, meaning about a 40-45 minute presentation on database security. While I will focus primarily on Microsoft SQL Server security, I will approach database and data security… Read more