Skip to main content

SQL Saturday #371 Tampa - I'm speaking!

I'll be speaking at SQL Saturday #371 in Tampa on February 28, 2015.

If you are interested in minimizing or possibly preventing the type of breach that happened at Anthem Inc, you will likely find my session "Real World SQL Server Database Administration with just a bit of sysadmin" very interesting. 

It is becoming increasingly difficult to allow SQL Server database administrators to retain perpetual sysadmin access on production servers due to IT Security, Audit, and Compliance concerns. 

will review the fundamentals needed to define a configurable permission model currently in use at a large insurance company that allows database administrators to do routine work without having unfettered access to business data. Several demonstrations will show that many DBA tasks can be done without sysadmin access. Attendees will also learn how to deploy a set of permissions that allows DBAs to do routine work, elevate DBA permissions quickly to respond to production emergencies and how to grant sysadmin permissions during disaster recovery scenarios. Scripts will be reviewed and demonstrated that secure the database server, undo the permission model in case of unforeseen circumstances and discover which servers remain to be locked down. Attendees will leave this session with the realization that DBAs need to be sysadmin only when required.

SQL Saturday is a FREE training event for SQL Server professionals and those wanting to learn about SQL Server. SQL Saturdays are possible because of PASS, our sponsors, and the many volunteer speakers and staff that run the event. I encourage you to check the schedule

I guarantee you will learn something new by the end of the day!

Comments

Popular posts from this blog

Modifying Endpoint URLs on Availability Group Replicas

I recently had to modify the Endpoint URLs on our SQL Server Availability Group replicas. 

The reason for this blog post is that I could not answer the following questions:

Do I need to suspend data movement prior to making this change? 

Would this change require a restart of the database instance?

I spent enough time searching on my own to no avail that I tossed the question to the #sqlhelp hashtag on Twitter and Slack but didn't get an answer prior to executing the change request.

After reading the relevant documentation, I think it's probably a good idea to suspend data movement for this change.

The T-SQL is straightforward. 

USE MASTER
GO

ALTER AVAILABILITY GROUP [AG1] 
MODIFY REPLICA ON 'SQL2012-1' WITH (ENDPOINT_URL = 'TCP://10.10.10.1:5022');

ALTER AVAILABILITY GROUP [AG1] 
MODIFY REPLICA ON 'SQL2012-2' WITH (ENDPOINT_URL = 'TCP://10.10.10.2:5022');

ALTER AVAILABILITY GROUP [AG2] 
MODIFY REPLICA ON 'SQL2012-1' WITH (ENDPOINT_URL = 'TCP://10…

PowerShell: Quick SQL Server Version Check

I have to keep track of our SQL Server version inventory.  The goal is to reduce the SQL Server 2000 population as fast as possible.


The following PowerShell script will produce a csv file containing the database server name and the version of SQL Server it's running.


1: ## Get SQL Version installed on multiple servers ##2: ## ./sqlver.ps13: $start = get-date4: write-host "Start: " $start5:  6: [reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.Smo") | out-null7:  8: $FilePath = "C:\Output"9: $OutFile = Join-Path -path $FilePath -childPath ("SQLVersions_" + (get-date).toString('yyyyMMdd_hhmmtt') + ".log")10:  11: # Version inventory12: @(foreach ($svr in get-content "C:\Input\AllLOBServers.txt")13: {14: $s = New-Object "Microsoft.SqlServer.Management.Smo.Server" $svr15: $s | select Name, Version16:  17: }) | export-csv -noType $OutFile18:  19: $end = get-date 2…

AzureRM Templates 101

I've recently started working with AzureRM templates to build new environments.

This document really helped me understand the template structure when I first started looking at them.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates

I love examples when I'm trying to learn something new and the Quick Start templates are the mother lode. 
https://github.com/Azure/azure-quickstart-templates

Our goal is to incorporate our templates into an Azure Blueprint so that we can quickly build new environments when needed. AzureRM templates can be artifacts of a blueprint.
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview