Want to try SQL Server 2012 without even installing it? Easy... use SQL Server 2012 Virtual Labs at http://technet.microsoft.com/en-us/video/Hh913731 !

We harden SQL Server to minimize the threats to SQL Server from rouges/hackers and crackers, but it may be equally important to harden systems other than SQL Server to protect our data. For example, coders and DBA's need to ensure that calls to SQL Server...

Doh! Never mind the post below. If I had read more thoroughly (or if I had tested using MSAs with SQL Server) before posting, I would have realized MSAs are NOT supported with SQL Server. At least, not according to the article in the first link below...

A common task for many database administrators (DBAs) is to set up alert emails to notify themselves when free disk space falls below a certain threshold (e.g. 10%). Before SQL Server ran on Windows clusters that included mount-points, there were a number...

With high-security SQL Server configurations we usually want to encyrpt the data-in-transit between SQL Server and the application servers. It's a little more trouble with a Failover Cluster Instance (FCI) than a stand-alone instance, and this post is...

Quick cheat sheet for port numbers used by SQL Server services or services that SQL Server may depend on: 21 TCP FTP (replication) 80 TCP HTTP endpoints, Reporting Services, HTTP replication 135 TCP & UDP...

User configurable events have been available in SQL Server since at least version 2000, but aren't often used, I suspect just because DBA's aren't familiar with them. Here's a screen shot of the Events Selection page of the Trace Properties for a SQL...

I came up with the idea that perhaps we could let clients connect to a database in an AlwaysOn Availability Group (AG) by the current instance name instead of the virtual network name (VNN) if the cluster service crashed. This idea does not work. Microsoft...

In this article , I pointed out some of the most common permissions failures when installing SQL Server in an environment where security has been hardened, such as the removal of the Debug Programs permission. In my experience, "hardened" usually means...

As a reminder for myself when I can't fire up the Installation Center, here are the screen shots. To make it slightly more interesting, I'm adding some notes about the differences from the 2008 R2 version. I'm also attaching a Word doc with the 2012 and...

Does the DoD STIG require Transparent Database Encryption (TDE)? The short answer is: It depends on whether or not the Data Owner says the data must be encrypted. The current version of the DoD Database STIG is v8r1. Here are two relevant sections...

It's official, SQL Server 2012 goes on the market on Wednesday, March 7th, 2012! Update on Feb 27, 2012: Rats. I'm always careful not to divulge any confidential information, and I'm sure I got this date from an official source that did NOT state that...

Sometimes I run into established DBA's who have a little confusion regarding the different types of accounts used with SQL Server. I suspect that kind of confusion may come from a history of installing/experimenting with SQL Server on a workstation or...

Locks are used by relational database management systems to increase user concurrency (more users) while guaranteeing data consistency. A deadlock is when two locks interfere each other, and is caused by one process locking a row, page, partition, or...

The Database STIG requires a written System Security Plan, and it's the responsibility of the Information Assurance Officer (IAO) to create it (see section 3.1.9 below). Although the DBA doesn't create it, the DBA can advise the IAO, and the DBA is required...

I was recently asked about securing SQL Server Integration Services, and I knew next to nothing about it. After digging in for a while, here are my notes, mostly for myself, but shared in case they might help someone else. There are 3 areas that need...

Sometime back, I heard that Microsoft was going to start using PowerShell scripts to monitor and optionally enforce security standards in SQL Server configurations, such as in the Microsoft Security Compliance Manager (SCM). I knew little about PowerShell...

Someone recently asked me about the principle of separation of duties (aka segregation of duties) as it applies to SQL Server DBA's, and I thought that would make a good topic for this blog, so here goes... The idea of separating duties in general...

Common Criteria is an international standard for a set of security characteristics, and the U.S. Department of Defense (DoD) Database Security Technical Implementation Guide (STIG) (via the Security Readiness Review for SQL Server) requires it to be enabled...

When I first heard about "SQL Rangers" I wasn't sure what it was, but I definitely wanted to be one. Just 'cause it sounded so cool. Basically, it was an early name for what later became Microsoft Certified Masters, which was the highest level of certification...

SQL Server's query optimization engine uses statistics on indexes to determine the most efficient execution plans. By default, SQL Server automatically updates statistics, but sometimes the automatic processes don't update them soon enough, so there are...

Well, it's almost the end of June and none of my draft posts are close enough to finishing to meet my self-imposed standard of at least one post per month. So, here's a pathetic little human-interest post. Microsoft has a Services group which provides...

Here's a SQL Server PFE war-story to give one example of one of the kind of work we might do. Most of the customers I support run SharePoint services, and they use a variety of methods to provide disaster recovery capabilities. One method involves...

Someone recently asked me what issues might arise when changing a server's domain and the server is running SQL Server. Here are the possible issues I'm aware of as far as SQL Server is concerned: 1. SQL Server SysAdmin (SA) Access. The most important...

STIG requirement DG0016 specifies that you should not install any service you do not need, and if one is automatically installed and cannot be removed, it should be disabled. The Microsoft Distributed Transaction Coordinator (MSDTC) is a Windows service...