Tag Archives: SQL Server

8 steps to moving database users from SQL 2005 to SQL 2008

Posted on January 24, 2012 by johnsterrett| Leave a comment
Have you ever had to complete an upgrade where you had to uninstall SQL Server 2005 and install SQL Server 2008 on the same box? If so, how do you make sure the new install had the same security objects?  For me, the answer was lets be safe instead of being sorry.  I would script out all the existing server and database security objects so they could be verified and implemented if needed.

Not only is this a good practice for migrating your servers but the following post could be useful for a security audit.   I also want to mention if you are allowed to install tools on the box you can download SQLPermissions its a free tool provided by Idera to generate a script to move security objects during a migration.
[Update 1/28/2012 - USER_NAME() was replaced with SCHEMA_NAME() in the Explicit Permissions section]
** Run scripts at your own risk. I don’t assume any responsibility for these scripts on being ran in your environment. As always, I recommend testing in development before running in production :-) **

Logins

The very first step to connecting to an instant of SQL Server is to connect or login. In order to connect you must have a login. Therefore, our first step will be to actually copy the logins. I know, you might already be wondering how do I get the passwords moved over for SQL authenticated logins? Microsoft has a KB article (918922) that walks you through this process. Make sure you checkout the remarks section before running the code on a production box.

Server Level Security

Logins are nice but actually useless unless they have access to connect. Therefore, we might want to allow these logins to connect. You might also want to make sure a subset of the accounts  have access to view the DMV’s. This and other server level permissions can be scripted out with the following code below.


SELECT	sp.state_desc,
	sp.permission_name,
	principal_name = QUOTENAME(spl.name),
spl.type_desc,
	sp.state_desc + N' ' + sp.permission_name + N' TO ' + cast(QUOTENAME(spl.name COLLATE DATABASE_DEFAULT) as nvarchar(256)) AS "T-SQL Script"
FROM sys.server_permissions sp
inner join sys.server_principals spl on (sp.grantee_principal_id = spl.principal_id)
where spl.name not like '##%' -- skip PBM accounts
and spl.name not in ('dbo', 'sa', 'public')
order by sp.permission_name, spl.name

Server Level Roles

Now that we can login we might want to take this to the next step. We may actually like to perform some actions. Well, if your instance includes third party application databases there could be a good chance that it depends on its login having sysadmin access. Yes, in case you were wondering this is poor security design but the point is your logins may depend on server level roles to have access to the database objects.  Here is a script you can use to script out server level roles.

SELECT  DISTINCT
QUOTENAME(sp.name) AS "ServerRoleName",
sp.type_desc AS "RoleDescription",
QUOTENAME(m.name) AS "PrincipalName",
m.type_desc AS "LoginDescription",
'EXEC master..sp_addsrvrolemember @loginame = N''' + m.name + ''', @rolename = N''' + sp.name + '''' AS "T-SQL Script"
FROM sys.server_role_members AS srm
inner join sys.server_principals sp on (srm.role_principal_id = sp.principal_id)
inner join sys.server_principals m on (srm.member_principal_id = m.principal_id)
where sp.is_disabled = 0
and m.is_disabled = 0
and m.name not in ('dbo', 'sa', 'public')
and m.name <> 'NT AUTHORITY\SYSTEM'

Database Level Security

Now that your logins can connect you need to make sure that they can connect to the databases you migrated over.  Remember those third party apps that skipped the process of doing a  security design?  They will use sysadmin access so database level security will be included.  Hopefully, your applications are not one of those. Just like server level security you can also have database level security. Make sure you run the script below and save your results.


SELECT  dp.state_desc,
dp.permission_name,
QUOTENAME(dpl.name)  AS 'principal_name',
 dpl.type_desc,
 dp.state_desc + N' ' + dp.permission_name + N' TO ' + cast(QUOTENAME(dpl.name COLLATE DATABASE_DEFAULT) as nvarchar(500))  AS "T-SQL Script"
FROM sys.database_permissions AS dp
INNER JOIN sys.database_principals AS dpl ON (dp.grantee_principal_id = dpl.principal_id)
WHERE dp.major_id = 0
and dpl.name not like '##%' -- excluds PBM accounts
and dpl.name not in ('dbo', 'sa', 'public')
ORDER BY dp.permission_name ASC, dp.state_desc ASC

Database Level Roles

Just like the SQL Server instance your database also has roles.  Many times I will see applications that don’t require sysadmin on the instance but do require db_owner access in the database.   This is also a bad security design practice as db_owner can do anything against that database. Hopefully, your application has object level explicit permissions as needed. Once again, I would recommend pulling this information in case its needed after your migration.


SELECT DISTINCT
QUOTENAME(drole.name) as "DatabaseRoleName",
drole.type_desc,
QUOTENAME(dp.name) as "PrincipalName",
dp.type_desc,
'EXEC sp_addrolemember @membername = N''' + dp.name COLLATE DATABASE_DEFAULT + ''', @rolename = N''' + drole.name + '''' AS "T-SQL Script"
FROM sys.database_role_members AS drm
inner join sys.database_principals drole on (drm.role_principal_id = drole.principal_id)
inner join sys.database_principals dp on (drm.member_principal_id = dp.principal_id)
where dp.name not in ('dbo', 'sa', 'public')

Database Level Explicit Permissions

Finally, we will get to the area of security where I hope to see many entries. If someone, tasked me with designing their the security model for their application I would make sure stored procedures controlled the data access and that application users could only execute the stored procedures. This way there would be very minimal risk of data loss as the users wouldn’t have direct access to the tables. They would only access data needed by the business logic provided in the database objects. You can pull this information from the code below.


SELECT    dp.state_desc AS "StateDescription" ,
dp.permission_name AS "PermissionName" ,
SCHEMA_NAME(obj.schema_id) AS [Schema Name],
obj.NAME AS [Object Name],
QUOTENAME(SCHEMA_NAME(obj.schema_id)) + '.' + QUOTENAME(obj.name)    + CASE WHEN col.column_id IS NULL THEN SPACE(0)           ELSE '(' + QUOTENAME(col.name COLLATE DATABASE_DEFAULT) + ')'      END AS "ObjectName" ,
QUOTENAME(dpl.name COLLATE database_default) AS "UserName" ,
dpl.type_Desc AS "UserRoleType" ,
obj.type_desc AS "ObjectType" ,
dp.state_desc + N' ' + dp.permission_name + N' ON '    + QUOTENAME(SCHEMA_NAME(obj.schema_id)) + '.' + QUOTENAME(obj.name)    + N' TO ' + QUOTENAME(dpl.name COLLATE database_default) AS "T-SQL Script"
FROM    sys.database_permissions AS dp
INNER JOIN sys.objects AS obj ON ( dp.major_id = obj.[object_id] )
INNER JOIN sys.database_principals AS dpl ON ( dp.grantee_principal_id = dpl.principal_id )
LEFT JOIN sys.columns AS col ON ( col.column_id = dp.minor_id  AND col.[object_id] = dp.major_id)
WHERE    obj.name NOT LIKE 'dt%'
AND obj.is_ms_shipped = 0
AND dpl.name NOT IN ( 'dbo', 'sa', 'public' )
ORDER BY    dp.permission_name ASC ,    dp.state_desc ASC

Orphaned users

If logins are not brought over correctly you may notice that they are not mapped correctly with the user account that exists in the database security (Logins section above should catch this).  The following is an explination that comes from BOL.

A database user for which the corresponding SQL Server login is undefined or is incorrectly defined on a server instance cannot log in to the instance. Such a user is said to be anorphaned user of the database on that server instance.

You can find and fix orphaned users by following the instructions provided here.

Validate User Accounts

Finally, yes when possible lets make sure the user accounts work.  I know this might be common sense but you don’t want to cut something over with out testing and verifying connectivity.

→ Leave a comment

Posted in SQL Server 2008

Tagged , , , , , ,

Speaking at WV SQL User Group on August 25th

Posted on August 16, 2011 by johnsterrett| Leave a comment
I look forward to giving my Evaluate your Daily Checklist against your SQL Enterprise with PBM and CMS presentation at the WV SQL Server User Group in Wheeling, WV on August 25th at the Orrick Building.
You can still sign up and registration is free.  In fact, everyone is a winner because there will be free pizza and every user group attendees knows there is no better prize than free pizza!

Abstract

You will walk away from this session with an understanding of how to use the Policy Based Management and Central Management Server to complete a daily checklist against your whole SQL Server farm. We will cover the basics to evaluate, monitor and apply best practice policies, which are included out of the box with SQL Server 2008. We will also make custom policies to cover additional best practices to evaluate daily checklist items. Finally, we will combine Policy-Based Management and Central Management Server with the Enterprise Policy Management Framework on codeplex to automate the monitoring process and create manager friendly reports to monitor your checklist items against the whole SQL Server farm.

Session goals include:
  • You will be able to install, configure and run scripts against the Central Management Server
  • You will be able to use Central Management Server and/or Policy-Based Management to complete a daily checklist
  • You will be able to evaluate and build custom policies.

Bio:
John Sterrett is a database administrator at Remote DBA Experts and a member of the Integrations team. John has been active within the SQL Server community, including hosting the first and second annual SQL Saturday in West Virginia. John also presented a lightning talk and chalk-talk at the SQL Server 2010 Member Summit, presented sessions at three SQL Saturday’s, and presented to the Pittsburgh SQL Server User Group. John is a syndicated blogger at SQLServerPedia and contributes tips at MSSQLTIPS. You can find his blog at www.johnsterrett.com

→ Leave a comment

Posted in Professional Development, SQL Server 2008, Uncategorized

Tagged , , , ,

SQL Saturday #80 was a Success!

Posted on July 25, 2011 by johnsterrett| 7 Comments

On Saturday July 23rd the WVPASS and Greater Wheeling Chapter of AITP joined forces to host the 2nd Annual SQL Saturday in Wheeling, WV. SQLSaturday is a one-day free training event for SQL Server professionals and those wanting to learn about SQL Server brought to you by the local SQL Server community and PASS (Professional Association for SQL Server).

The following is a quick run down of our stats for the event. We had 108 people signup, 85 attendees, 11 speakers covering 18 sessions on Saturday.   Many thanks goes out to the speakers, volunteers, sponsors and attendees for making this a successful SQL Saturday.

The Good

  • We had a great mix of MVP’s, experienced speakers and first time speakers. One of the greatest accomplishments for this event is giving Matt Velic (Check out his #sqlsat80 photo’s), Abi Chapagai and Shannon Lowder their first opportunity to speak at a SQL Saturday. The speakers all did a fantastic job. We received several comments from attendees thanking us for having fantastic speakers.
  • Registration was quick and smooth. Everyone was able to get in and get to the main room to socialize and enjoy a free breakfast. The volunteers did a fantastic job.
  • We took a step outside of the box with lunch and got burrito’s from Salsa Café. With only a few complaints this was a hit. Last year we did box lunches from Panera and it was expensive and we also got lukewarm reviews.
  • Speakers received their evaluation’s shortly after their sessions. Personally, I have spoken at a few events and never received my feedback so I completely understand how important it can be towards growing as a speaker.
  • WVNCC was a fantastic host facility. The staff was very friendly and able to get us everything we needed to be successful.
  • Hosted the event on a $2,400.00 budget. There will be more on this in a future blog post.

Stuff to work on Next year!

  • Speakers dinner might have been a little too early. We held our dinner at 6pm and a few speakers wanted to attend but couldn’t make it in time. We also had plans of following our dinner with a voyage of the Italian Festival but a rain storm quickly sidelined that plan.
  • SQLGolf was a great idea and fun until the heat kicked our butt around the fifth hole. Once we got to the eighteenth hole I forgot we were still playing golf.
  • We need more onsite sponsors next year.
  • Bacon was not included in breakfast.

→ 7 Comments

Posted in SQL Server 2008, SQLServerPedia Syndication

Tagged , , ,

What I am reading in 2011- week two

Posted on January 14, 2011 by johnsterrett| Leave a comment

This year I am going to try to keep better tabs on what I am reading on the intertubes and why I found the posts interesting.  Here is my first list of the year.  I hope you enjoy these links.  I know I did.

Writing a Technical Blog: Why to do it and what to write about – Kendra Little (blog | @Kendra_Little) wrote a great post for someone who is technical and is thinking about blogging. Actually, If you work within IT and don’t blog you should really read this blog post!

Cloud Computing for IT Pros – My local IT Pro Microsoft Evangelist Youg Chow produced this is a  six part series going over the basics of cloud computing for IT pros. It starts with defining what is a service.

→ Leave a comment

Posted in Reading, SQLServerPedia Syndication

Tagged ,

First SQLSaturday in Wheeling, West Virginia was a Success!

Posted on December 30, 2010 by johnsterrett| 1 Comment

After SQL Saturday #36 on May 1st 2010 my wife and I headed to Spain.  Somehow this post got lost in the shuffle when I got back. I thought it is important to share my thoughts of the event so here it is.

The first SQLSaturday in West Virginia can be summed up in two sentences.  The SQL Server Community is bleeping awesome.  The Ohio Valley is bleeping awesome. I know unfortunately I will leave some people out but I would like to thank the following individuals for their advice and support Andy Warren, John Parkinson, Thomas LaRock, Jeremiah Peschka, Justin Siebert, Joelle Ennis, and The Greater Wheeling Chapter of AITP.


Its now a little past a month six months after the first SQLSaturday in West Virginia and I am glad to share my thoughts on the event.  First, I would like to say we held it down for the DBA’s in the small cities who have dreams of hosing a SQLSaturday.  Don’t quote me on this but I believe we are the only SQLSaturday host city with a population under 50,000.

When we first started this mission in November 2009 our goal was to have 50 to 100 people register.  We actually had registration at 100 and had 70 people attend.  We had three tracks that delivered 16 13 sessions presented by 11 9 speakers.

Things that worked

  • Using WVNCC as venue – The West Virginia Northern Community College campus in Downtown Wheeling allowed us to use their facility.  We had the ballroom which held 100 people, two class rooms held 50+ and two smaller class rooms that held 30 attendees. This was a great fit and we are very grateful that they hosted the meeting for us.
  • Volunteers – We had a super all-star team of volunteers on hand for the SQL Saturday. Did I mention that the volunteers were awesome? There were, and they all did a great job.
  • Selected Speakers – All of the speakers did a great job.  The evaluations showed that everyone appreciated the presentations. We need a better way to deliver results to speakers. We will work on that for next year.
  • Lunch – The box lunches from Panera Bread were a hit.  The food arrived as scheduled.  One of our volunteers was also arranged to have the Catholic Charities pick up the leftover food.  Once again, did I mention that our volunteers rock?

Things that need improved

  • Get more people involved – While we had plenty of support for the big day only two people did the majority of the pre-day work. Hopefully, we can get more people involved earlier next year.
  • Build Higher Goals -  Our venue can support more people. We tried our best to keep it simple because we didn’t know what we were doing as this was the first major information technology event in Wheeling, WV for years. Now we know what we are doing so we should try to go buck wild next year.
  • Evaluations – I will take the blame here and say that we failed.  We didn’t have a good system for generating feedback.
  • More Speakers – We cut it close with filling up our three tracks. Next year I we will need to be more active with pulling speakers.  If you are interested in speaking next year contact me and I will get you on our contact list.

Thanks to the speakers

We would like to give a shout out to all the speakers for making SQLSaturday in Wheeling happen.  You were all awesome.  Check out their blogs and tweets.

Thanks to the sponsors

Whats Next?

  • 2nd Annual SQL Saturday in West Virginia - This is correct, we are excited to give it another run and are targeting June 2011. We will shoot out an update to let everyone know when we have an official date.
  • Wheeling SQL Server User Group – Hey John there is no SQL Server User Group in West Virginia what are you smoking?  First, I don’t smoke and second there will be. Our first meeting will be on January 20th. Check out my blog during the first week of January for more information.

Related Posts:

→ 1 Comment

Posted in Events, SQL Server 2008, SQLServerPedia Syndication

Tagged , , ,

SQLPASS Lightning Talk Video

Posted on November 10, 2010 by johnsterrett| 1 Comment

Profiling 3rd Party Applications

Today I am giving a lightning talk at the PASS Member Summit in Seattle, WA.  A lightning talk is a quick fire five minute talk given by seven individuals during a single session.  My topic is going to cover using profiler to troubleshoot 3rd party applications.  Profiler can be intimidating when you start to use it.  My goal is to make the use of Profiler easier for people who don’t use it.

If you are not at the Summit or decided to skip out on the lightning talks I have good news for you.  I have uploaded one of my practice sessions for you to see.

Links

→ 1 Comment

Posted in SQL Server 2008, SQLServerPedia Syndication

Tagged , , ,

Things I am reading about PASS Member Summit 2010

Posted on October 28, 2010 by johnsterrett| 1 Comment

The following are a few blog posts I am reading lately on the interwebz.  This is going to be short and sweet.  The following posts are all based on the PASS Member Summit coming up in one week. If your are new to the PASS Member Summit like me I suggest you check them out.

  • 2-Weeks to PASS Summit 2010 Countdown – This is a great five part series going over stuff you need to know if you are making your first trip on out to the PASS Member Summit. Jason Strate did a great job on this series.
  • 2010 PASS Summit Preview – Back to SchoolTom LaRock gives a preview to this years Summit by throwing in his experience and lessons learned from the previous Summit sessions.
  • PASS 2010 on a Budget – Yes, this is a shameless plug to my blog.  It includes how I am getting there and includes how I plan to only spend five dollars for a round-trip to and from the Airport.
  • PASS Summit 2010 PreviewTodd McDermid explains why you shouldn’t eat alone, why everyone should have business cards, and how to start a conversation with strangers.
  • PASS Summit MVP Birds of a Feather LunchMike Walsh does a good job breaking down what the MVP Lunch is all about.  It’s a great way to meet an MVP and join an ad-hoc conversation during lunch over several topics you use in your shop.
  • How MidnightDBA will Rock the 2010 Member Summit – Jen builds a good list of places and times where you can bump into her.  This is actually a cool list of general events going on so if you looking to meet a lot of cool kids I think its safe to follow her schedule.

    [Update Nov 3rd 2010]

  • Why I am paying my own way to PASS Member Summit 2010 – David does a great job explaining why you should take care of your own professional development.  I am actually following his advice and paying for myself to attend this years Summit.
  • More PASS Summit tips for First Timers – Kendal Van Dyke does a great job of explaining what first times like myself should expect during the Summit.  Check his blog out as there are several post including one that explains how you can join in on the fun if your not in Seattle.
  • Top 10 PASS Summit tips – Brian Garraty lists several good tips that can be used by all attendes.  I really like the walking tour tip.  Hopefully I will get some time to do this.

→ 1 Comment

Posted in SQLServerPedia Syndication

Tagged , ,

Wheeling, WV to Dallas, TX? A SQL Saturday 56 Recap

Posted on October 28, 2010 by johnsterrett| 4 Comments

Why would I travel from Wheeling, WV to Dallas, TX to speak at a free SQL Saturday? First, of all SQL Saturday’s in general are bleeping awesome. In a nutshell SQL Saturday is an all day multi-track, multi-session learning opportunity to learn SQL Server.  SQL Saturday #56 was was the first Business Intelligence SQL Saturday in the nation.  Second, I am blessed to have a great mother-in-law and father-in-law in Dallas and I enjoy hanging out with them so this was a huge bonus. Third, I enjoy connecting with people in the SQL Server Community so I can network and talk shop and see how we do things differently.

Facility & Logistics

First of all let me say this Pittsburgh we got gipped. Microsoft’s Campus in Dallas (yes campus not floor) was super cool. When I walk in the main door the first thing I saw was servers. You know I am a geek when I love the fact that servers are the first thing I see when I enter a business building. Anyways back to how the facility worked with the SQL Saturday event. The facility was a great fit for the 200+ attendees. There were several rooms that held 50 or more attendees and a gigantic room for the opening, main events and the end of day raffle. There were also some smaller rooms that brought everyone in closer and made for some good collaborative sessions.

Sessions

I attended Jen McCowen (twitter) SSRS from Ground Zero session and was very impressed especially when I found out Jen only had one day to prepare. I already know the basics in SSRS so I was really interested in picking up a few tips while I see how an experienced speaker gives an introduction session.  I really liked Jen’s style as she just dove straight into BIDS and went over key concepts you need to know to start using SSRS.  I also got to steal a few minutes after the presentation and see how she records her videos for midnightDBA.  For those out there who are interested in recording demos it looks like she uses Camtasia Studio and from what she showed me it looks like it’s not hard to use. More on camtasia a little later.

Another session I attended focused on evaluating use case personas for a new feature coming up in the next edition of SQL Server.  I really enjoyed this session because it basically was an hour group discussion about how we do things in our shop.   I would love to go into more details but I signed an NDA. 

My Session

I gave a talk on SQL Server 2008 for Developers.  Overall I think the session went well and I was glad to take part as a speaker.  The session was interactive as there were great questions from the audience.  I didn’t do a head count so I would estimate that there were about 30 attendees in the session. 

The host crew did a great job with speaker evaluations.  I even recieved my evaluations a few minutes after my session was complete.  In fact, I had a really helpful evaluation from an attendee who mentioned I should have went over Change Data Capture and MERGE in more detail and skipped the other features.   Being that this was a BI SQL Saturday I agree so I am going to evaluate Camtasia and see if I can record a video over these features and add them to my blog over the next two weeks.

Networking

On of my favorite parts of attending SQL Saturday is networking.  I was able to meet a lot of great people.  I apologize in advance as I am sure I am leaving some super cool people off this paragraph.  I meet Ryan Adams and had a great discussion about how he uses visual basic to perform actions on alerts with MOM for SQL Server. I also shared some information about our TFS configuration with Robert Crocker during lunch.  I also meet Thomas LeBlanc, Tim Mitchell, David Stein and had several great conversation in the speakers room and at the after party.

Other Posts

The following is a short list of other bloggers recaps on SQL Saturday 56

Conclusion

In conclusion this was a great event. The North Texas SQL Server User Group did a great job.  I would love to speak at another one of their SQL Saturday’s.  I cannot believe they are going to have three within a twelve month period.

→ 4 Comments

Posted in SQLServerPedia Syndication

Tagged , , ,

Pittsburgh Code Camp – SQL 2008 for Developers

Posted on October 16, 2010 by johnsterrett| Leave a comment

This past weekend I presented SQL Server 2008 for Developers at the PGH.NET Code Camp.   You can download the slides here if you would like a copy.  You can also check out my scheduled speaking engagements.

The PGH.NET 2010.2 Code Camp was organized very well.  I want to give a big shout out to organizers as they did a great job.  My favorite session of the day was Scrum 101 with Eric Kepes (Blog | Twitter).  Personally, I knew very little about Scrum coming in to the presentation so this was a great opportunity for me to see how others have implemented it in their shops.  The presentation lead to some great debates.

If you would like to see Eric’s presentation or download a Scrum worksheet check out his blog post.

→ Leave a comment

Posted in Events, Professional Development, SQLServerPedia Syndication

Tagged , , , ,

Table Value Parameters with SQL Server and .NET

Posted on September 29, 2010 by johnsterrett| Leave a comment

Have you ever wanted to send multiple insert statements using one round-trip to the database? This month I published a tip on mssqltips.com to do this implementing Table Value Parameters with .NET.  It will be the first of many tips and blog entries on SQL Server 2008 Development as I am schedule to present at a few events across the country.

For more on Table Value Parameters check out my links.

→ Leave a comment

Posted in SQL Server 2008

Tagged , , ,