dioscoredes (4/19/2011)

---

Much preferring the hardware security appliance approach, here are a few comments on securing SQL server using firewalls/router ACLs. The discussion is dependent on the user population and...

I prefer the use of SQLPing (especially command-line) or the Quest Discovery Wizard (which can also be used command-line as it licenses components of SQLPing). The reason it can take...

alen teplitsky (4/18/2011)

---

over the years i've found the Windows firewall to be flaky at best in trying to created rules to let some traffic in

this is also a good way...

dioscoredes (4/18/2011)

---

Simple, elegant and easy to follow. Thanks for the technique. Can I ask how we would get round NAT masking the true IP address - or I...

jinlye (4/15/2011)

---

If in your...

[Jim].[dba].[Murphy] (4/11/2011)

---

RegEx patterns can go a long way to help, but are usually implemented in the application/business layer, causing DBAs to depend on these faithful developers to protect our own...

This is pretty easy, then. Create a new blank database. Identify what objects the public role has access to, specifically the stored procedures, since that's what you're targeting. Take Lowell's...

I'll give the general caution not to undo the permissions Microsoft defines in their initial install of these two versions. Otherwise, you could result in an unsupported configuration.

Whisper9999 (4/7/2011)

---

What makes me nervous is that we are planning to migrate all of these servers into a cluster. And the description of what to do for the cluster...

Keep in mind that while you can remove BUILTIN\Administrators from the sysadmin role, this is just low hanging fruit. NT AUTHORITY\SYSTEM is still present with sysadmin rights (the VSS writer...

Yes. See here Books Online: Password Policy

And how can I get notification when my...

I understand.

SQL Server 2005 introduced the capability to take account policies from the local Windows machines. These are applied to SQL Server based logins like sa.

So the things we enforce...

You cannot modify SQL Server's set password ability without resorting to an unsupported system. Also realize that as of SQL Server 2005, if you use password policy enforcement, SQL Server...

It should not occur with an ALTER. If you see that, please report it via connect.microsoft.com as a bug.

With that said, starting with 2005, you can apply permissions at the...

You will need to grant the appropriate CREATE statements. In 2005 and above, you will also need to grant ALTER SCHEMA on those schema where these objects appear. The problem...