I am speaking at 24 Hours of PASS
Thank you to everyone who attended my #24HOP session on Performance Tuning for Pirates! You can now download my slide deck, t-sql queries, and view my reference links. If you have any questions about the tools presented feel free to contact me and I will try to help you out or point you in the right direction.
Posted in Events, SQL Server 2008, SQLServerPedia Syndication
Tagged 24HOP, DMV, Events, Presentation, SQL Server
**The very first step to connecting to an instant of SQL Server is to connect or login. In order to connect you must have a login. Therefore, our first step will be to actually copy the logins. I know, you might already be wondering how do I get the passwords moved over for SQL authenticated logins? Microsoft has a KB article (918922) that walks you through this process. Make sure you checkout the remarks section before running the code on a production box.
Logins are nice but actually useless unless they have access to connect. Therefore, we might want to allow these logins to connect. You might also want to make sure a subset of the accounts have access to view the DMV’s. This and other server level permissions can be scripted out with the following code below.
SELECT sp.state_desc,
sp.permission_name,
principal_name = QUOTENAME(spl.name),
spl.type_desc,
sp.state_desc + N' ' + sp.permission_name + N' TO ' + cast(QUOTENAME(spl.name COLLATE DATABASE_DEFAULT) as nvarchar(256)) AS "T-SQL Script"
FROM sys.server_permissions sp
inner join sys.server_principals spl on (sp.grantee_principal_id = spl.principal_id)
where spl.name not like '##%' -- skip PBM accounts
and spl.name not in ('dbo', 'sa', 'public')
order by sp.permission_name, spl.name
Now that we can login we might want to take this to the next step. We may actually like to perform some actions. Well, if your instance includes third party application databases there could be a good chance that it depends on its login having sysadmin access. Yes, in case you were wondering this is poor security design but the point is your logins may depend on server level roles to have access to the database objects. Here is a script you can use to script out server level roles.
SELECT DISTINCT
QUOTENAME(sp.name) AS "ServerRoleName",
sp.type_desc AS "RoleDescription",
QUOTENAME(m.name) AS "PrincipalName",
m.type_desc AS "LoginDescription",
'EXEC master..sp_addsrvrolemember @loginame = N''' + m.name + ''', @rolename = N''' + sp.name + '''' AS "T-SQL Script"
FROM sys.server_role_members AS srm
inner join sys.server_principals sp on (srm.role_principal_id = sp.principal_id)
inner join sys.server_principals m on (srm.member_principal_id = m.principal_id)
where sp.is_disabled = 0
and m.is_disabled = 0
and m.name not in ('dbo', 'sa', 'public')
and m.name <> 'NT AUTHORITY\SYSTEM'
Now that your logins can connect you need to make sure that they can connect to the databases you migrated over. Remember those third party apps that skipped the process of doing a security design? They will use sysadmin access so database level security will be included. Hopefully, your applications are not one of those. Just like server level security you can also have database level security. Make sure you run the script below and save your results.
SELECT dp.state_desc,
dp.permission_name,
QUOTENAME(dpl.name) AS 'principal_name',
dpl.type_desc,
dp.state_desc + N' ' + dp.permission_name + N' TO ' + cast(QUOTENAME(dpl.name COLLATE DATABASE_DEFAULT) as nvarchar(500)) AS "T-SQL Script"
FROM sys.database_permissions AS dp
INNER JOIN sys.database_principals AS dpl ON (dp.grantee_principal_id = dpl.principal_id)
WHERE dp.major_id = 0
and dpl.name not like '##%' -- excluds PBM accounts
and dpl.name not in ('dbo', 'sa', 'public')
ORDER BY dp.permission_name ASC, dp.state_desc ASC
Just like the SQL Server instance your database also has roles. Many times I will see applications that don’t require sysadmin on the instance but do require db_owner access in the database. This is also a bad security design practice as db_owner can do anything against that database. Hopefully, your application has object level explicit permissions as needed. Once again, I would recommend pulling this information in case its needed after your migration.
SELECT DISTINCT
QUOTENAME(drole.name) as "DatabaseRoleName",
drole.type_desc,
QUOTENAME(dp.name) as "PrincipalName",
dp.type_desc,
'EXEC sp_addrolemember @membername = N''' + dp.name COLLATE DATABASE_DEFAULT + ''', @rolename = N''' + drole.name + '''' AS "T-SQL Script"
FROM sys.database_role_members AS drm
inner join sys.database_principals drole on (drm.role_principal_id = drole.principal_id)
inner join sys.database_principals dp on (drm.member_principal_id = dp.principal_id)
where dp.name not in ('dbo', 'sa', 'public')
Finally, we will get to the area of security where I hope to see many entries. If someone, tasked me with designing their the security model for their application I would make sure stored procedures controlled the data access and that application users could only execute the stored procedures. This way there would be very minimal risk of data loss as the users wouldn’t have direct access to the tables. They would only access data needed by the business logic provided in the database objects. You can pull this information from the code below.
SELECT dp.state_desc AS "StateDescription" ,
dp.permission_name AS "PermissionName" ,
SCHEMA_NAME(obj.schema_id) AS [Schema Name],
obj.NAME AS [Object Name],
QUOTENAME(SCHEMA_NAME(obj.schema_id)) + '.' + QUOTENAME(obj.name) + CASE WHEN col.column_id IS NULL THEN SPACE(0) ELSE '(' + QUOTENAME(col.name COLLATE DATABASE_DEFAULT) + ')' END AS "ObjectName" ,
QUOTENAME(dpl.name COLLATE database_default) AS "UserName" ,
dpl.type_Desc AS "UserRoleType" ,
obj.type_desc AS "ObjectType" ,
dp.state_desc + N' ' + dp.permission_name + N' ON ' + QUOTENAME(SCHEMA_NAME(obj.schema_id)) + '.' + QUOTENAME(obj.name) + N' TO ' + QUOTENAME(dpl.name COLLATE database_default) AS "T-SQL Script"
FROM sys.database_permissions AS dp
INNER JOIN sys.objects AS obj ON ( dp.major_id = obj.[object_id] )
INNER JOIN sys.database_principals AS dpl ON ( dp.grantee_principal_id = dpl.principal_id )
LEFT JOIN sys.columns AS col ON ( col.column_id = dp.minor_id AND col.[object_id] = dp.major_id)
WHERE obj.name NOT LIKE 'dt%'
AND obj.is_ms_shipped = 0
AND dpl.name NOT IN ( 'dbo', 'sa', 'public' )
ORDER BY dp.permission_name ASC , dp.state_desc ASC
If logins are not brought over correctly you may notice that they are not mapped correctly with the user account that exists in the database security (Logins section above should catch this). The following is an explination that comes from BOL.
A database user for which the corresponding SQL Server login is undefined or is incorrectly defined on a server instance cannot log in to the instance. Such a user is said to be anorphaned user of the database on that server instance.
You can find and fix orphaned users by following the instructions provided here.
Finally, yes when possible lets make sure the user accounts work. I know this might be common sense but you don’t want to cut something over with out testing and verifying connectivity.
Posted in SQL Server 2008
Tagged audit, best practice, idera, security, Security design flaws, SQL Server, SQLPermissions
Now that we are finishing up the last few days of the year its time to take a few minutes and reflect on my accomplishments for the year. To be honest, looking back at the blog posts I have no idea how I completed so many mile stones. Last year I privately established some long term goals and I knocked several items off my three year and five year plan in the first year.
Vendor said, "Wow... it looks like you had a very big year. Would you like to attend our vendor party?"
My first child was born in February. Typically having a child would slow you down but somehow I still completed several milestones. I have to give huge props to my wife for all her help and support.
This year I gave presentations at the first SQL Rally; the SQL PASS Member Summit; SQL Saturday in Houston, TX (presented multiple sessions); the Pittsburgh SQL User Group and several session at the West Virginia SQL Server User Group.
One of my good friends and I co-founded the first SQL Server User Group in West Virginia. I also helped relaunch the Pittsburgh SQL Server User Group and was truly honored to speak at the relaunch event. I also organized the 2nd Annual SQL Saturday in Wheeling, WV. Its was truly an honor to bring my peers and friends to my hometown for some free SQL Training (photos). Towards the end of the year I also became a PASS Regional Mentor for the Mid-Atlantic Region.
Personally, I also had the following accomplishments. I was included in a local
It's never to early to get started on your professional development.
magazine article on “Digital Generation.” Finally, I changed jobs and became a SQL Server Consultant. I am truly blessed to say that many of these milestones couldn’t happen without my #sqlfamily and my tech giants mentors .
The following are my favorite blog posts and tips written by me in 2011.
I look forward to sharing some goals next week as we break in the new year!
Posted in SQL Server 2008, SQLServerPedia Syndication
Tagged PASS, Presentation, Professional Development, sqlpass, SQLSaturday, User Group
Session evaluations from the 2011 PASS Summit have been officially released to speakers. I am proud to share my feedback as it gives me room for improvement. I look forward to making it back in 2012.
The evaluation format is as follows. Each question is rated on a scale of 1-5 (1 = Very Poor, 2 = Poor, 3 = Average, 4 = Good, 5 = Excellent) with room for additional comments if the attendee felt compelled to add more information about why they gave a particular score.
Here’s how I fared:
Topic: Evaluate your Daily Checklist Against 100+ instances of SQL Server while you get a cup of coffee
Attendance: 138
Total Responses: 68
Average Rating: 4.4 out of 5.0
How would you rate the Speaker’s presentation skills? 4.19
How would you rate the Speaker’s knowledge of the subject? 4.51
How would you rate the accuracy of the session title, description and experience level to the actual session? 4.49
How would you rate the quality of the presentation materials? 4.35
Did you learn what you expected to learn? 4.47
What will you take away from this session?
What would you change to improve the overall quality of this session?
Conclusion:
I think I did a good job for presenting my first full session at the PASS Member Summit. Several people mentioned in the comments that they were going to try PBM and CMS. This completed my mission for giving the presentation. I also received some great feedback that I will implement to make my presentation better. I think this was a great experience for me and I look forward to doing it again next year if I get selected.
Last year I attended my first PASS Member Summit in 2010. After attending the conference I made it a goal to make sure I return. You see, not only was this the first time I attended but also the first time I was a presenter. Last year I gave a lighting talk on how to use profiler and a chalk talk on SQL Server 2008 for Developers.
Two weeks ago I got a very cool email. It asked if I would be interested in being an alternate speaker. The answer was simple. Hell yea! I would like to speak at the biggest and best conference for SQL Server Professionals.
My topic is Evaluate Your Daily Checklist against 100+ Instances While You Get A Cup Of Coffee. I will also give a lightning talk on Hosting A SQL Saturday.
Reciently, I downloaded screen flow. I hope to give everyone a teaser video to my session next week.
You will walk away from this session with an understanding of how to use the Policy Based Management and Central Management Server to complete a daily checklist against your whole SQL Server farm. We will cover the basics to evaluate, monitor and apply best practice policies, which are included out of the box with SQL Server 2008. We will also make custom policies to cover additional best practices to evaluate daily checklist items. Finally, we will combine Policy-Based Management and Central Management Server with the Enterprise Policy Management Framework on codeplex to automate the monitoring process and create manager friendly reports to monitor your checklist items against the whole SQL Server farm.
Bio:
John Sterrett is a database administrator at Remote DBA Experts and a member of the Integrations team. John has been active within the SQL Server community, including hosting the first and second annual SQL Saturday in West Virginia. John also presented a lightning talk and chalk-talk at the SQL Server 2010 Member Summit, presented sessions at three SQL Saturday’s, and presented to the Pittsburgh SQL Server User Group. John is a syndicated blogger at SQLServerPedia and contributes tips at MSSQLTIPS. You can find his blog at www.johnsterrett.com
Posted in Professional Development, SQL Server 2008, Uncategorized
Tagged PASS, PBM, Presentation, SQL Server, User Group
Below is a collection of photos at SQL Saturday #80 in Wheeling, WV on July 23rd.
You can find my recap of hosting SQL Saturday #80 here.
On Saturday July 23rd the WVPASS and Greater Wheeling Chapter of AITP joined forces to host the 2nd Annual SQL Saturday in Wheeling, WV. SQLSaturday is a one-day free training event for SQL Server professionals and those wanting to learn about SQL Server brought to you by the local SQL Server community and PASS (Professional Association for SQL Server).
The following is a quick run down of our stats for the event. We had 108 people signup, 85 attendees, 11 speakers covering 18 sessions on Saturday. Many thanks goes out to the speakers, volunteers, sponsors and attendees for making this a successful SQL Saturday.
The Good
Posted in SQL Server 2008, SQLServerPedia Syndication
Tagged AITP, SQL Server, sqlpass, SQLSaturday
Last week I celebrated my birthday and I have to admit it was the best birthday ever! The following are a few of the highlights including a nice suprise for everyone who follows my blog.
I got to spend my first birthday with baby beluga. This alone is priceless and a moment that will not be forgotten.
My wife threw a great surprise dinner that included several friends. It was an unexpected suprise. In fact, I had to cancel dinner plans with Allen White (blog | @SQLRunr) who came into Wheeling, W V just to see me! Okay, he may tell you he came to race in the Ogden half marathon but we know he came to wish me a happy birthday.
Finally, I gave myself a great gift. The gift of a new oppertunity. That’s right friends I am one of the Remote DBA Experts. No, seriously I am a SQL Server DBA at Remote DBA Experts. I just started this week and I am stoked to be part of the team. If you have any SQL Server needs contact me (I can make a recommendation)
Comments Off
Posted in Family, SQL Server 2008
Whenever I give a presentation about Policy-Based Management I always mention that www.mssqltips.com has a great library of policies to import. To this point I never provided a top ten list of recommended policies. In no particular order are ten policies I highly recommend.
Posted in SQL Server 2008
