SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Archives: January 2009

What Do You Want Auditors to Know About Auditing SQL Server?

Right now it looks like I'll be putting a training session on for my local ISACA chapter on SQL Server security and auditing SQL Server.  I know there is usually a lot of griping by DBAs when auditors show up and ask about their databases. Typically it's around how the auditors… Read more

2 comments, 1,069 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 22 January 2009

Read-Only Access to SQL Server Jobs

This question comes up a lot: how do I give read-only access to job status to a group of people? The answer, at least in SQL Server 2005 and 2008, seems simple: add them to the SQLAgentReaderRole role. But this doesn't actually work, as this role also has the ability… Read more

1 comments, 2,927 reads

Posted in K. Brian Kelley - Databases, Infrastructure, and Security on 22 January 2009

Video: xp_cmdshell execution in SQL Server 2005/2008

The video I did for Jumpstart TV on xp_cmdshell execution has hit the front page. Registration on the site is required but viewing the video (~ 5 minutes) is free.

  Read more

Fake LinkedIn profiles with links to malware

This is a little old (five days based on the last update), but TrendMicro put on their blog about fake LinkedIn profiles which have links leading to malware.

The basics:

  • The fake profiles are for famous people others would likely be looking for (like Paris Hilton, Beyonce, etc.)
  • The…

Read more

Conficker / Downadup Worm One More Time

Hopefully by now everyone has seen this, but if not, here's a reminder to continue to spread the details. Denis Gobo made a post earlier today and Security MVP Randy Franklin Smith sent out a newsletter after being prompted by his MVP lead.

The worm is known as Conficker or Downadup… Read more

Microsoft Solution Accelerators on TechNet

I was browsing through the new titles that are on Safari and saw some planning guides around Windows Server 2008 (Active Directory Services, File Services, etc.). Of course, all of these are published as solution accelerators, because they are designed to assist IT professionals understand, plan, and implement solutions quicker… Read more

Have you disabled autoplay yet?

If not, you should. Because autoplay being on means any time a removable data device, such as a USB stick, is inserted into the computer, autoplay fires up. Typically this is usually taken advantage of by CDs/DVDs to get us to a start menu. However, attackers are now writing worms… Read more

More About Twitter

I've mentioned before that I was on Twitter and I know that for some the question is still out on whether or not it is of value. For me, it's like any other tool, it depends on how you use it. If you're trying to use a hammer to dig… Read more


This came up on Twitter today. I have a search set for "SQL Server" and it pulled up someone who was struggling with PHPMyAdmin because of a very large SQL text file. He was unaware that there were free GUI tools for MySQL from Sun. Those tools can be found… Read more

Windows Server 2008 R2 Core supports SQL Server

First saw this because Jason Massie twittered about it. But apparently there are enough bits of the .NET Framework in R2 Core where SQL Server installations will be possible:

Andrew Fryer's Blog: Windows Server 2008 r2 

It'll be a command-line install, since core has no GUI, but that's fine… Read more

Organizing RSS Feeds

I have a lot of blogs I subscribe to. Well over 500 at last count. And the truth of the matter is there is no possible way to read them all. I tried once. It took about 3-4 hours a day. After about 3 days of that, I gave up.… Read more

MVP Award

Received my notification via email this morning that I've been recognized as a Microsoft MVP for SQL Server. It's been a goal of mine for a long time and I'm glad it is finally accomplished. Like Andy Warren, mine wasn't so much posting in forums but probably more so… Read more