Note to self on AlwaysOn…

I came up with the idea that perhaps we could let clients connect to a database in an AlwaysOn Availability Group (AG) by the current instance name instead of the virtual network name (VNN) if the cluster service crashed. This idea does not work. Microsoft Consultant Don Scott set up a very simple 2-node cluster with a stand-alone instance of…

3

Installing SQL Server in a High-Security Domain, Part II

In this article, I pointed out some of the most common permissions failures when installing SQL Server in an environment where security has been hardened, such as the removal of the Debug Programs permission. In my experience, “hardened” usually means some default permissions have been removed from various accounts. Recently some colleagues had failures while…


The Easiest Way To Rebuild The master Database

If your SQL Server master database becomes corrupt, such as from its disks losing power while SQL Server was running, the conventional advice is to rebuild the master database, start SQL Server, then restore the backup of the master database. That’s because SQL Server won’t start with a corrupt master database. But rebuilding the master…

25

DG0116 and DG0121: DBA Privileges Via Roles

The generic DoD database STIG requirement DG0116 states that the Information Assurance Officer (IAO) will ensure database privileged role assignments are restricted to IAO-authorized accounts, and DG0121 states that the DBA will ensure database privileges are assigned via roles and not directly assigned to database accounts. These two requirements are closely related and have a common…

1