Another article has published over at MSSQLTips.com. This one covers how to identify what stored procedures are set to run when SQL Server starts up as well as what jobs are set to run when SQL Server Agent comes online. An attacker could use both of these places to embed code to regain… Read more

I was trying to acquire a license for a product I was trying to look at using a free program. Now, because the organization is providing the license for free, I expect some strings to be attached. Want me email? Yup, how else would you send me the license? You… Read more

So I went to present at Charleston PASS on Thursday night and of course I had my standard contact information on my slides. This included the web site I have (had) as my brochure site: truthsolutions.com (it's not up, so no link). I hadn't checked it in a while because… Read more

Every security awareness presentation makes the warning about opening attachments or clicking on links in emails when you don't know the sender or aren't 100% positive that the sender intended to send the email. Yet, despite this general warning, we all typically do it. For instance, if you're on Twitter and… Read more

My first article of 2012 has published over at MSSQLTips.com. This one covers the basic technique for using PowerShell to audit for a server role across multiple SQL Servers. It is assumed you have appropriate rights on those servers. You can read the article here:

Auditing sysadmin on multiple servers… Read more

I will be presenting on SQL Server security on January 19th in Charleston, SC. You can find the details at the Charleston PASS website. I'm looking forward to it.

Both my wife and I graduated from colleges in Charleston. I'm a graduate of The Citadel and my wife graduated… Read more

I have been renewed as an MVP for SQL Server. This is my 4th award. It's humbling to receive the award each time, as many other MVPs have expressed. If you're wondering how to become an MVP, then Paul Randal's post (blog | twitter) from 2009 is probably the… Read more