I came up with the idea that perhaps we could let clients connect to a database in an AlwaysOn Availability Group (AG) by the current instance name instead of the virtual network name (VNN) if the cluster service crashed. This idea does not work. Microsoft...

In this article , I pointed out some of the most common permissions failures when installing SQL Server in an environment where security has been hardened, such as the removal of the Debug Programs permission. In my experience, "hardened" usually means...

As a reminder for myself when I can't fire up the Installation Center, here are the screen shots. To make it slightly more interesting, I'm adding some notes about the differences from the 2008 R2 version. I'm also attaching a Word doc with the 2012 and...

Does the DoD STIG require Transparent Database Encryption (TDE)? The short answer is: It depends on whether or not the Data Owner says the data must be encrypted. The current version of the DoD Database STIG is v8r1. Here are two relevant sections...

It's official, SQL Server 2012 goes on the market on Wednesday, March 7th, 2012! Update on Feb 27, 2012: Rats. I'm always careful not to divulge any confidential information, and I'm sure I got this date from an official source that did NOT state that...

Sometimes I run into established DBA's who have a little confusion regarding the different types of accounts used with SQL Server. I suspect that kind of confusion may come from a history of installing/experimenting with SQL Server on a workstation or...

Locks are used by relational database management systems to increase user concurrency (more users) while guaranteeing data consistency. A deadlock is when two locks interfere each other, and is caused by one process locking a row, page, partition, or...

The Database STIG requires a written System Security Plan, and it's the responsibility of the Information Assurance Officer (IAO) to create it (see section 3.1.9 below). Although the DBA doesn't create it, the DBA can advise the IAO, and the DBA is required...

I was recently asked about securing SQL Server Integration Services, and I knew next to nothing about it. After digging in for a while, here are my notes, mostly for myself, but shared in case they might help someone else. There are 3 areas that need...

Sometime back, I heard that Microsoft was going to start using PowerShell scripts to monitor and optionally enforce security standards in SQL Server configurations, such as in the Microsoft Security Compliance Manager (SCM). I knew little about PowerShell...

Someone recently asked me about the principle of separation of duties (aka segregation of duties) as it applies to SQL Server DBA's, and I thought that would make a good topic for this blog, so here goes... The idea of separating duties in general...

Common Criteria is an international standard for a set of security characteristics, and the U.S. Department of Defense (DoD) Database Security Technical Implementation Guide (STIG) (via the Security Readiness Review for SQL Server) requires it to be enabled...

When I first heard about "SQL Rangers" I wasn't sure what it was, but I definitely wanted to be one. Just 'cause it sounded so cool. Basically, it was an early name for what later became Microsoft Certified Masters, which was the highest level of certification...

SQL Server's query optimization engine uses statistics on indexes to determine the most efficient execution plans. By default, SQL Server automatically updates statistics, but sometimes the automatic processes don't update them soon enough, so there are...

Well, it's almost the end of June and none of my draft posts are close enough to finishing to meet my self-imposed standard of at least one post per month. So, here's a pathetic little human-interest post. Microsoft has a Services group which provides...

Here's a SQL Server PFE war-story to give one example of one of the kind of work we might do. Most of the customers I support run SharePoint services, and they use a variety of methods to provide disaster recovery capabilities. One method involves...

Someone recently asked me what issues might arise when changing a server's domain and the server is running SQL Server. Here are the possible issues I'm aware of as far as SQL Server is concerned: 1. SQL Server SysAdmin (SA) Access. The most important...

STIG requirement DG0016 specifies that you should not install any service you do not need, and if one is automatically installed and cannot be removed, it should be disabled. The Microsoft Distributed Transaction Coordinator (MSDTC) is a Windows service...

If your SQL Server master database becomes corrupt, such as from its disks losing power while SQL Server was running, the conventional advice is to rebuild the master database, start SQL Server, then restore the backup of the master database. That's because...

This post is to provide a little enlightenment to folks who have never STIG'd a database system before and assume that the process is a one-time configuration. It's not. It's not even close. STIG compliance requires: One or more named Database...

The DoD Database Security Technical Implementation Guide (STIG) has quite a few requirements in the area of auditing, but they're scattered throughout the document. Here's a list of all the audit-related STIG ID's that I found. From the Security Readiness...

One of the primary areas of responsibility for DBA's is maintenance, and one of the primary maintenance tasks is file-size management. First I'll present a list of the file-sizing tasks with short explanations for each one, then some background information...

This post is primarily an online note for myself, which I'll make public in case someone else might find it helpful, but here's one issue I've seen cause more confusion among my customers than any other regarding SQL Server clustering. The SQL Server...

SQL Server is so well-behaved it's often installed by 3rd party applications in an organization or department without a professional Database administrator (DBA). When such implementations need attention (e.g. backups), system administrators often get...

The DoD Database STIG includes DG0155 (CAT II): The DBA will ensure all applicable DBMS settings are configured to use trusted files, functions, features, or other components during startup, shutdown, aborts, or other unplanned interruptions. In the...