Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Enterprise-wide SQL Server Auditing

Published byClemence Fields Modified over 5 years ago

Similar presentations

Presentation on theme: "Automated Enterprise-wide SQL Server Auditing"— Presentation transcript:

1 Automated Enterprise-wide SQL Server Auditing
Nem W. Schlecht Automated Enterprise-wide SQL Server Auditing

2 October 30th Through November 3rd
Join the brightest data professionals focused on the Microsoft Data Platform! October 30th Through November 3rd Pre-Conference Sessions – Monday/Tuesday Conference – Wednesday through Friday

3 SQLSatuday #682 – After Party
4th Floor of Mall of America at 6:30 PM Sponsored By:

4 Thank you Sponsors! Platinum Sponsor: Gold Sponsors:

5 PASSMN – News/Info Sponsors: Board Member Elections:
Thanks to all our sponsors of 2017! We need Sponsors for 2018! Special thanks to our annual sponsor: Board Member Elections: 3 spots available for term. Your chance to help out the MN SQL community!

6 About Me Fargo PASS Chapter Leader Twitter: @nemws1

7 About Me

8 IT Philosophy Modify your solutions for your needs. Stop modifying (constraining) yourself! Don't just fix the current problem… Fix it so it doesn't happen again

9 Introduction

10 Problem Lots of MSSQL Instances
Need to set up new servers quickly and accurately Inconsistencies/Enterprise changes/Learning! Best Practices/Compliance (SOX, et. al.) 3rd Party software Jr. DBA / Domain Admins

11 Solution Collect data Compare data Check data Fix issues
(yup, that simple)

12 Solution (Details) As close to all-SQL as possible (some PowerShell)
Automated By default, uses servers from an SSMS Central Management Server List Run daily via a Windows Task Daily reports on changes and needed fixes

13 Collect Data If you need it, query it and record it
All data collect queries stored in a table (of course) Simple key/value pairs Queries can be de-activated and sorted

14

15 Collect Data Working on community involvement and presets
Minimum collection points Recommended Glenn Berry VM environments

16 Currently ~200 data points

17 Common Data Points All Agent Jobs (and Categories)
All Database compatibility levels Free space on all drives Instant File Initialization?? Without Trace 3004 & 3605 Don't think we can check this yet…

18 Common Data Points Config:backup compression default
Config:max server memory (MB) Config:max worker threads Default DATA Directory Default LOG Directory Login Audit Level SA has EMPTY password SA Last Modified

19 Compare Data If you record it, compare it.
Compare today to the previous day Compare any 2 days

20 Daily Change Displays values between today and yesterday that have been: Changed Added Deleted

21 -- Changed Variables --
Instance: MB-MN01-VMG-003 Variable: SQL Server Start Time Old value: :40:16 New value: :43:06 -- New Variables -- Instance: MB-ND01-VMD-069\SPIDEV Variable: Database:SalesLead New value: 100 -- Old Variables -- -- *** No old values ***

22 Rule Checking If you record it, check it.
Run sanity checks on your servers. Make sure: Backup compression is turned on 'sa' has a password set max memory is set

23 INSERT INTO auditRules (
ruleName , runOrder , action , configKey , target ) VALUES ( 'sa-a.bob.smith' -- name , order , 'notcontains' -- check/action , 'ServerRole:sysadmin' -- key to check , 'MBND\a.bob.smith' -- value to check ;

24 -- Rule Checks -- Rule: sa-a.bob.smith Result: notcontains:match Instance: MB-ND01-SC-005 Variable: ServerRole:sysadmin Value: BUILTIN\administrators,MBND\a.bob.smith,MBND\a.nem.schlecht,MBND\DomainAdmins,MBND\s.CCM,MBND\s.sccm,MBND\s.SQLSentry,NT AUTHORITY\SYSTEM,NT SERVICE\MSSQLSERVER,NT SERVICE\SQLSERVERAGENT,sa

25 Fixing Rule Violations
If you check it, and it's wrong, fix it.

26 -- Fix sa-a.bob.smith--notcontains--ServerRole:sysadmin
:connect SERVER1 IF <> 'SERVER1') BEGIN PRINT ' *** Wrong Server! ' + + ' <> SERVER1'; SET NOEXEC ON; END USE [master] GO EXEC master..sp_dropsrvrolemember @loginame = N'MBND\a.bob.smith' = N'sysadmin' -- End fix sa-a.bob.smith--notcontains--ServerRole:sysadmin

27 Fixing Rule Violations
Make sure you make rules for everything Make sure they're in the right order! Create a rule to check for/create a user before you run the rule to assign them a role

28 ToDo Rules should be more flexible
Many rules need SQL snippet fixes to be written for them yet New/old (or down) servers mess up the change report Use Server Groups from the Centralized Server Management list in rules Ex: Apply rule only if in the 'dev' group, etc.

29 Want to try it our yourself?

30 About Me Fargo PASS Chapter Leader Twitter: @nemws1

31 Wake Up!!! I'm done! Any questions?

Download ppt "Automated Enterprise-wide SQL Server Auditing"

Similar presentations

Burt King We will cover: Essentials --No command line needed here (mott) What is SQL Server How does it come to life What are the.

Burt King We will cover: Essentials --No command line needed here (mott) What is SQL Server How does it come to life What are the.
Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.

Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.
Overview What is SQL Server? Creating databases Administration Security Backup.

Overview What is SQL Server? Creating databases Administration Security Backup.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.

Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
SQL Server Security By Mattias Lind 2015-08-20 For PASS Security VC.

SQL Server Security By Mattias Lind For PASS Security VC.
Module 14 Configuring Security for SQL Server Agent.

Module 14 Configuring Security for SQL Server Agent.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.

1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
Windows 2000 Server Active Directory Groups User Accounts Frank Schneemann.

Windows 2000 Server Active Directory Groups User Accounts Frank Schneemann.
6/13/2015 Visit the Sponsor tables to enter their end of day raffles. Turn in your completed Event Evaluation form at the end of the day in the Registration.

6/13/2015 Visit the Sponsor tables to enter their end of day raffles. Turn in your completed Event Evaluation form at the end of the day in the Registration.
New Instance… Now What? Presented by: James Donahoe Senior Solutions Engineer – TeleTracking Technologies MCSA: SQL Server 2012.

New Instance… Now What? Presented by: James Donahoe Senior Solutions Engineer – TeleTracking Technologies MCSA: SQL Server 2012.
WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations

WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations
Securing SQL Server Processes with Certificates

Securing SQL Server Processes with Certificates
DIT314 ~ Client Operating System & Administration

DIT314 ~ Client Operating System & Administration
You Inherited a Database Now What?

You Inherited a Database Now What?
Amazon Web Services RDS with SQL Server

Amazon Web Services RDS with SQL Server
Introduction to Operating Systems

Introduction to Operating Systems
Policy Based Management: Introduction & implementation

Policy Based Management: Introduction & implementation
Disaster Recovery and SQL for new and non-DBAs

Disaster Recovery and SQL for new and non-DBAs

Similar presentations

Ads by Google