I've been dealing with illness the last few weeks, probably due to the rather heavy pollen season here in South Carolina. Case in point: when I went to the grocery store on Wednesday, just about every cold and sinus product was completely sold out. So I've had a hard time… Read more

Welcome to PowerShell Week #2 for SQL University! One of the frequent questions I hear is, "Who has access to my SQL Server?" Using PowerShell we can answer this question fairly easily. Here's what we need to do:

1. Retrieve the list of Windows logins for a given SQL Server…

Read more

You don't want to do so from that web page. Instead you want to go to the Adobe web site directly (www.adobe.com) and get the update from there. Newer versions of Flash should prompt you to update when you reboot your system every time a new version related to a… Read more

Today on Twitter a friend of mine posted that the AV on his SQL Server flagged two trojans that were tied to an IT person in his organization. Naturally I asked about whether they were using two levels of accounts. The answer was, "No." Two accounts? Whatever for?

• The first…

Read more

This evening I received my SQL Connection scores for the following presentations:

• Windows Internals for DB Pros
• From the Ramparts: Knowing What to Look for in SQL Server Security

Let's break down what the information provided told me.

Windows Internals

There were 17 evaluations turned in. Of these, I must… Read more

Since going back to being a senior DBA, I've not stayed on top of the latest tools like I did as primarily a security professional. The last time I looked at Cain, it was not able to do the LSA Secrets dump on Vista and higher OSes. This is… Read more

This is a crucial question with regards to what needs to be done. It really hit home after listening to Cynthia Tobias make this the center of what are we trying to do with regards to students. The example she gave was a teacher who was at wit's end with… Read more

There's an article that's making its way through the SQL Ranks: Consultants are pros, while corporate IT staff are minor leaguers. Louis Davidson (blog | twitter) has a response to it here: Big League Technical Staff. Basically, the premise of the original is that consultants are… Read more

I'm coming to the end of a week of training in a Microsoft Official Curriculum (MOC) Course. I should expect that best practices and gotchas would be covered, especially since this is an Install and Configure course, but I know better. Here are the things that I've seen that make… Read more

This is the second part of a leadership series I started with On Leadership - Lead from the Front. To recap the basic leadership lessons I learned and which I follow, here they are:

• Lead from the front.
• Lead by example.
• Never ask your men to do something you…

Read more

One of the topics the Election Review Committee has discussed is how best to score the interview portion. Because of the nature of the interview, it's not something that can really be put out there for review by the world at large. If you're thinking, why not? Imagine you just… Read more

On the topic of my SQL Connections SQL Server presentation, one of the things I pointed out about recent SQL injection attacks is they aren't exclusively targeting data any longer. Sure, the hacks against MySQL.com did target data, but an attack occuring at the same time sought to embed redirect… Read more

By now, you may have received an email from one of the larger businesses you've given your email address to saying that due to their marketing provider being breached, hackers have your email address. A marketing company, Epsilon, had customer names and email addresses stolen. There are quite a few… Read more

Tom LaRock (blog | twitter) proposed a Meme Monday and his first choice of topics was to write a SQL Server related story in eleven words or less. Here's mine:

Blank sa password. Got SQL. Admin. Got Server. Escalate. Got Domain.

This scenario I actually covered in my… Read more

In a recent explanation about the RSA breach, Rick Wanner wrote on the Internet Storm Center (ISC) Diary:

The traditional paradigm of a well protected perimeter with a soft inside should be dead.  There are just too many ways to circumvent the perimeter, spear phishing being just one.

He… Read more

When SQL Connections in the spring was announced, the folks at Red Gate and SQL Server Central reached out to a few of us about submitting abstracts for a SQLServerCentral.com track at the event. A couple of years ago I had submitted several abstracts for the SQL Connections event in… Read more