This is part of a series of tips on how bad/rogue admins can get access to the data in your SQL Servers.

We all know we shouldn't do it: don't put production data in non-production. The main reason is because we don't treat non-production like production. If we did, we'd… Read more

This is part of a series of tips on how bad/rogue admins can get access to the data in your SQL Servers.

Sooner or later a SQL Server is going to need maintenance. This could simply be automatic patching for security vulnerabilities. Now I realize that there are some environments… Read more

This is part of a series of tips on how bad/rogue admins can get access to the data in your SQL Servers.

The service account for SQL Server is a member of the sysadmin role. This is required. And one would think that if you follow all the best practices… Read more

In a previous post I gave suggestions on how to get speaking credentials for consideration at a larger event, such as the PASS Summit. I focused mainly on SQL Server specific opportunities, but there are others.

Other Technical User Groups

This was suggested by Grant Fritchey (blog | twitter Read more

This is part of a series of tips on how bad/rogue admins can get access to the data in your SQL Servers.

I have seen organizations put a lot of attention and focus on the database servers themselves. This is true whether we're talking SQL Server or another product. This… Read more

Yesterday I posted about manipulating group membership to get access to a SQL Server. Today comes attack vector #2: stealing an account. And when I mean stealing an account, it could be any account. It doesn't have to be a DBA's account. For instance, if I know a particular end user… Read more

This is a series of blog posts about how administrators can gain access to SQL Server, even if you try to impede them. This was inspired by a conversation with Brent Ozar (twitter | blog) about Argenis Fernandez's (twitter | blog) post about getting in as… Read more