Clarification around "Data and Log Files …" and "Backup Files …" policies

Hi, We ship these two Best Practices policies Place Data and Log Files on Separate Drives Backup Files Must Be on Separate Devices from the Database Files Unfortunately, neither of those two policies can detect separate physical devices through Windows mount points.   We will clarify the documentation on this and look to get this working across…

Clarification on the "Guest Permissions on User Databases" policy

We ship a “Microsoft Best Practices: Security” policy called “Guest Permissions on User Databases”.  Unfortunately, the wording in the UI and BOL is not clear about whether this can/should apply to msdb.   Here is what is says today: “You can do this by executing REVOKE CONNECT FROM GUEST” from within any database other than master…

Generate the List of All Available Facets and Their Properties

Our colleague Jens Suessmeyer in Germany has figured out how to generate the list of all facets and their properties. He has posted the list on his blog. Below is the code snippet from Jens: foreach (FacetInfo info in PolicyStore.Facets) {      Console.WriteLine(info.Name);      foreach (System.Reflection.PropertyInfo p in info.FacetProperties)      {           Console.WriteLine("\t" + p.Name);…


Policy Evaluation Modes

I hosted a PBM break out session in Microsoft MVP Summit 2009 in March. One feedback I got is that the rules for what evaluation modes a policy support are obtuse. I thought that would be a good topic to cover in the blog. In PBM, users can specify the “Evaluation Mode” for a policy,…


Defining Complex Server "Health" Policies in SQL2K8

Bart Duncan (a dev on the manageability team and one of the masterminds behind the Management Data Warehouse and Data Collector feature in SQL Server 2008) has a blog posting where he walks through using PBM to author a complex server "health" policy.


Out-Of-Box Policies

SQL Server 2008 includes several predefined policies. These are generally associated with best practices and overtime the rules from the Best Practices Analyzer will be implemented as policies for PBM. A number of these have already been implemented and are available to you in one of two forms: First, they’re installed as part of every…


Policy Categories

Policy categories have two purposes in SQL2K8: 1) organization of policies and 2) policy scope. In this posting we’ll explore creating categories for each of these purposes. Creating Categories There are two ways to create a category: 1) the Manage Categories dialog and 2) The Policy Properties dialog. To create a category from the Manage…


Using PBM Against SQL2K and SQL2K5

We get this question a lot: can I use PBM against a SQL2K & SQL2K5 instances. The quick answer is yes but in a limited fashion. PBM is ultimately based on SMO (SQL Server Management Objects) and SMO supports SQL2K, SQL2K5, and SQL2K8. PBM relies on some changes to the DB engine which are not…



One of the key development tenets of Policy-Based Management was to raise the level of abstraction of management. The analogy I’ve used time and time again is Security Zones in Internet Explorer. Prior to Security Zones we had to scroll through pages and pages of configuration options. Security Zones greatly simplifies this task by providing…


PowerShell Script for Creating a Policy to a File

Sethu Srinivasan, a developer on the PBM team, wrote a blog post for a sample PowerShell script that will create a new policy to check XPCMDSHELL and save it to an XML file.