SQL Server Authentication Troubleshooter

  I am posting this article on behalf of my teammate Lyudmila.    A new tool to help investigate ‘Login Failed’ errors in SQL Server has been recently implemented and published on CodePlex: http://ssat.codeplex.com/ The tool is implemented in C# and uses xEvents to capture “Login Failed” errors. It also uses security ring buffer information… Read more

How To: Share a Single EKM Credential among Multiple Users

   SQL Server Extensible Key Management (EKM) requires the authentication information (user/password) to be stored in a credential mapped to the primary identity. This version of EKM cannot be used under an impersonated context; that is, you cannot access the EKM while running a module with the EXECUTE AS clause.    However, some customers want… Read more

Filtering (obfuscating) Sensitive Text in SQL Server

  A very common concern when dealing with sensitive data such as passwords is how to make sure that such data is not exposed through traces. SQL Server can detect and filter the SQL statements in traces that include the usage of DDL and built-ins (such as OPEN SYMMETRIC KEY, and EncryptByKey) that are known… Read more

Link to Lyudmila’s blog

  My teammate Lyudmila is maintaining her own TechNet blog where she writes articles related to SQL Server security. You can access her blog at http://blogs.technet.com/lyudmila_fokina. Her blog is written in Russian, but the samples she includes should be easy to follow, and you can use an online translation tool for the rest of the text.  … Read more

SQL Audit Buffering and Error Handling

I’ve had several questions about how exactly the buffering and error handling works in SQL Audit and thought it would help to give some more detail. For starters, let’s break down the event firing workflow into the following stages: 1. Permission Check/Audit Check 2. Filling out the event 3. Distribute event to Audit Extended Event… Read more

Accessing the calling context in modules that use EXECUTE AS

  In many occasions, marking a module (i.e. SP, trigger, etc.) with execute as can be really useful as it allows a controlled impersonation during the module execution; but at the same time there are many cases that it is necessary to access information using the caller’s execution context (i.e. revert to the default behavior),… Read more

SQL Server and the Windows Server 2008 Firewall

We’ve long recommended that customers use the Windows Firewall to protect SQL Server installations. Starting with Windows XP/SP2, and continuing with Windows Vista, the firewall has been enabled by default on Windows client operating systems. Windows Server 2008 marks the first time this protection has been extended to a Windows Server OS. For those of… Read more