SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SQL Server Preproduction Tasks


SQL Server Preproduction Tasks

Author
Message
Jack Corbett
  Jack Corbett
SSC-Forever
SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)

Group: General Forum Members
Points: 41921 Visits: 14925
Mohit (11/27/2008)


I was considering removing Bulti-In Administrators but wasn't sure if that is a good idea or not. I thought I am just being over jelouse by not wanting to give server operations any permissions on the SQL Servers.



The problem is that Builtin\Administrators are sysadmins if you don't remove them or change them. This can be an audit problem. Does the server operations group grant you domain admin or server admin on every server? You should manage them just like you manage other users and grant them specific permissions based on business needs.



Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming
At best you can say that one job may be more secure than another, but total job security is an illusion. -- Rod at work

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Mohit K. Gupta
Mohit K. Gupta
Hall of Fame
Hall of Fame (3K reputation)Hall of Fame (3K reputation)Hall of Fame (3K reputation)Hall of Fame (3K reputation)Hall of Fame (3K reputation)Hall of Fame (3K reputation)Hall of Fame (3K reputation)Hall of Fame (3K reputation)

Group: General Forum Members
Points: 3008 Visits: 1089
Jack Corbett (11/27/2008)


The problem is that Builtin\Administrators are sysadmins if you don't remove them or change them. This can be an audit problem. Does the server operations group grant you domain admin or server admin on every server? You should manage them just like you manage other users and grant them specific permissions based on business needs.


HeheLaughHeheLaugh

Yaa right I don't get access to all the servers or domain admin LOL. They did have a heart attack, yaa I said the same thing few times. Heh, and actually on new servers I am starting to implement that; so far no one has noticed Rolleyes. Lets see how long it lasts ;-).

---

Mohit K. Gupta, MCITP: Database Administrator (2005), My Blog, Twitter: @SQLCAN.
Microsoft FTE - SQL Server PFE

* Some time its the search that counts, not the finding...
* I didn't think so, but if I was wrong, I was wrong. I'd rather do something, and make a mistake than be frightened and be doing nothing. Smooooth


How to ask for help .. Read Best Practices here.
Vivien Xing
Vivien Xing
Hall of Fame
Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)Hall of Fame (3.5K reputation)

Group: General Forum Members
Points: 3502 Visits: 2204
Nice article.

I keep 99 (max) errorlogs. It depends on the size of each errorlog/entries in the errorlog. When the size is over 1 MB; it takes time to open it (in my case). This is one of the factors I consider how often to recycle the errorlog.

I zip the old errorlogs by the end of the year and move it to a central depository. This can be automated, too.

Keeping 25000 errorlog may be not realistic; it will take a lot of space on the current live system.
Tom Garth
Tom Garth
SSCommitted
SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)

Group: General Forum Members
Points: 1921 Visits: 1499
Ken,

Great article / checklist!

Thanks,

Tom Garth
Vertical Solutions

"There are three kinds of men. The one that learns by reading. The few who learn by observation. The rest of them have to pee on the electric fence for themselves." -- Will Rogers

JStiney
JStiney
SSC-Enthusiastic
SSC-Enthusiastic (129 reputation)SSC-Enthusiastic (129 reputation)SSC-Enthusiastic (129 reputation)SSC-Enthusiastic (129 reputation)SSC-Enthusiastic (129 reputation)SSC-Enthusiastic (129 reputation)SSC-Enthusiastic (129 reputation)SSC-Enthusiastic (129 reputation)

Group: General Forum Members
Points: 129 Visits: 446
Ken,
Nice article. I will be adding some of the items you mentioned.
Some of the things we do may be of interest.

6. Determine Drive Structure and move system databases if necessary.
We also resize all the system databases and set them to grow by a reasonable amount of MB and set a max after the growth factor is applied 2 to 4 times.
I would stay away from 10MB as a growth number, as I have seen this still be interpreted as 10%.

15. Make sure each maintenance job has an output file in a standard directory.
We set up a jobs directory on each server with a cmd, reports, and sql subdirectory.
All jobs are run from the cmd directory and the output of each job is piped to a member in the reports directory with the same name as the cmd member name.
One of the jobs in the cmd directory is sqlcmd that accepts a database and a sql script as input.
When you set up a new server you can copy this directory structure to the server and copy the server jobs with an SSIS package and you have most of the jobs you need on the new server.

We also have a daily report for each server that contains the space available on each disk drive. The size and space available for each database file. The log space used and recovery mode of each database. An edited report containing backups, update statistics, and reindex along with errors found in the last two logs, backups, and dbcccs. We keep a copy of these reports for each server for 30 days.



Misha_SQL
Misha_SQL
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1600 Visits: 1010
Wow, no offense to any other authors, but this is probably one of the most valuable articles I have ever seen on SQL Server Central. What a great compilation of immediately useful resources in one place. Thank you for all the work!



Wayne West
Wayne West
SSCertifiable
SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)

Group: General Forum Members
Points: 5500 Visits: 3702
Excellent article, Ken. Your list should be part of every administrator's personal standard practices list, perhaps altered a bit for individual taste and installation specifics.

I also do full audits, but then every night I parse my error logs through a Perl script that ignores successful logins and gives me a text file of just SQL events and failed logins. I can always go back to the server log and check it for successful logins: we're almost exclusively 2000, so we don't do login audit triggers at this time.

I would add one thing for pre-2005 servers: create yourself an additional admin account in case something happens to your network login or you lose network connectivity and have to go local console. I like to use a strong password, sometimes completely random, for SA just to ensure it won't be used, so this serves as my back door when an admin connection can't be used.

And I'd add backing up the master, model, and msdb databases regularly. Great help for restoring systems.

-----
Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson
Wayne West
Wayne West
SSCertifiable
SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)

Group: General Forum Members
Points: 5500 Visits: 3702
Forgot something that I do on 2005. I have all my 2005 instances set to use checksums for torn page detection, so I run the following code in addition to my DBCC step:

select * from msdb..suspect_pages
go


The output goes into a text file, suspectpagesresult.txt. If I get any rows in my result, I know I have a problem (haven't gotten any yet).

I also filter my DBCC runs

d:
cd\dbccs
type dbccresult.txt | find "errors" >server1_dbcc.txt
type suspectpagesresult.txt >>server1_dbcc.txt



So my result file looks someting like this:

....
DBCC Results:
CHECKDB found 0 allocation errors and 0 consistency errors in database
CHECKDB found 0 allocation errors and 0 consistency errors in database
CHECKDB found 0 allocation errors and 0 consistency errors in database
CHECKDB found 0 allocation errors and 0 consistency errors in database
CHECKDB found 0 allocation errors and 0 consistency errors in database
CHECKDB found 0 allocation errors and 0 consistency errors in database
CHECKDB found 0 allocation errors and 0 consistency errors in database
CHECKDB found 0 allocation errors and 0 consistency errors in database
CHECKDB found 0 allocation errors and 0 consistency errors in database
CHECKDB found 0 allocation errors and 0 consistency errors in database
1> 2> 1> 2> 3> database_id file_id page_id event_type error_count
last_update_date
----------- ----------- -------------------- ----------- -----------
-----------------------

(0 rows affected)
1>



Makes things a lot easier to see if there are problems rather than sifting through pages of DBCC results. If I see a non-zero result, I know there is a problem and I have the full log on my server to investigate further.

-----
Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search