Hi there. Regarding item # 12 in the article:
12) All the databases that had user defined assemblies should have 'trustworthy' set to true.
Please do not enable
TRUSTWORTHY on databases, especially in Production. It is neither desirable nor necessary, at least not on a permanent basis (please see the following post of mine which describes the various issues related to
TRUSTWORTHY: PLEASE, Please, please Stop Using Impersonation, TRUSTWORTHY, and Cross-DB Ownership Chaining ). However, it is sometimes required to enable temporarily in order to implement proper security (and those instances would be greatly reduced if Microsoft would implement the following suggestion, so please vote for it: Allow Asymmetric Key to be created from binary hex bytes string just like CREATE CERTIFICATE ).
What it comes down to is this: assemblies should be signed. And if assemblies are already loaded and cannot be signed prior to loading into SQL Server, you can still sign them within SQL Server (i.e. without exporting / re-importing). Please see the following post of mine that describes this and provides a working example: SQLCLR vs. SQL Server 2017, Part 4: “Trusted Assemblies” – The Disappointment (Msg 10314).
Finally, for a thorough description of what the "sqlservr.exe -q" option does and does not do, please see my post:
Changing the Collation of the SQL Server Instance, the Databases, and All Columns in All User Databases: What Could Possibly Go Wrong?