Skip to main content

PASS Security Virtual Chapter webinar - Cure Your Sysadmin Addiction


I had the pleasure of presenting for the new PASS Security Virtual Chapter on August 29, 2013.  

My presentation  "Cure your sysadmin addiction" describes the fundamentals of Separation of Duties, reviews SQL Server fixed server roles and granular permissions and the steps I took to reduce DBA permissions in our Production environments to satisfy a mandate from the management and our IT Risk and Compliance group.

If you missed it, the session was recorded. 
Please forgive the audio difficulties at the beginning. Once I dialed into the session, it went smoothly.

Thank you to K. Brian Kelley, Argenis Fernandez, and Robert Davis for the opportunity.

Comments

Popular posts from this blog

Modifying Endpoint URLs on Availability Group Replicas

I recently had to modify the Endpoint URLs on our SQL Server Availability Group replicas.  The reason for this blog post is that I could not answer the following questions: Do I need to suspend data movement prior to making this change?  Would this change require a restart of the database instance? I spent enough time searching on my own to no avail that I tossed the question to the #sqlhelp hashtag on Twitter and Slack but didn't get an answer prior to executing the change request. After reading the relevant documentation, I think it's probably a good idea to suspend data movement for this change. The T-SQL is straightforward.  USE MASTER GO ALTER AVAILABILITY GROUP [AG1]  MODIFY REPLICA ON 'SQL2012-1' WITH (ENDPOINT_URL = 'TCP://10.10.10.1:5022'); ALTER AVAILABILITY GROUP [AG1]  MODIFY REPLICA ON 'SQL2012-2' WITH (ENDPOINT_URL = 'TCP://10.10.10.2:5022'); ALTER AVAILABILITY GROUP [AG2]  MODIFY REPLICA ON 'SQL2012-1

Set Azure App Service Platform Configuration to 64 bit.

If you need to update several Azure App Services' Configuration to change the Platform setting from 32 bit to 64 bit under Configuration | General settings, this script will save you about six clicks per service and you won't forget to press the SAVE button. Ask me I know. 🙄 Login-AzureRmAccount Set-AzureRmContext  -SubscriptionName  "Your Subscription" $ResourceGroupName  =  'RG1' ,  'RG2', 'RG3' foreach  ( $g   in   $ResourceGroupName ) {       # Set PROD slot to use 64 bit Platform Setting      Get-AzureRmWebApp  -ResourceGroupName  $g  | Select Name |  %  {  Set-AzureRmWebApp  -ResourceGroupName  $g  -Name  $_ .Name  -Use32BitWorkerProcess  $false  }       # Set staging slot to use 64 bit Platform setting      Get-AzureRmWebApp  -ResourceGroupName  $g  | Select Name |  %  {  Set-AzureRmWebAppSlot  -ResourceGroupName  $g  -Name  $_ .Name  -Slot  "staging"  -Use32BitWorkerProcess  $false  }  }

Rediscovering SQL Server Agent Alerts...

Having moved from a Fortune 50 company using BMC Patrol for SQL Server Monitoring to a small software company of less than 200 people, I'm rediscovering SQL Server Agent Alerts. Why might you ask? Because small companies can't afford expensive tools and need to use the out-of-the-box features as much as possible. This past week, I rediscovered that you can alert on SQL Server performance conditions using SQL Server Agent. I needed to alert on database transaction log usage.  How to create SQL Server Agent alerts can be found at the link below. https://msdn.microsoft.com/en-us/library/ms180982.aspx Under Options, I suggest you set a delay of 10 minutes. Unless you like to be spammed every minute when bad things happen. I'm hoping it will provide enough notice to prevent an undesirable event from complicating my life. Do this before your storage runs out of space on a holiday. ;-)