Since releasing our initial version of sp_CheckSecurity, we have received quite a bit of feedback. Thank you for all the emails, blog comments, and issues noted in GitHub, that have all been helpful in directing us towards making this SQL Server tool more useful.
Today we are announcing the release of version 1.1, available for download at the sp_CheckSecurity GitHub repository, which addresses several issues.
The updates in this release include:
- Added notation of version and version date
- Added check for Ad Hoc Distributed Queries
- Added check for Database Mail XPs
- Added check for Ole Automation Procedures
- Added check for number of error log files
- Added of @PreferredDBOwner parameter
- Added default for @PreferredDBOwner is “sa” (or whatever it was renamed to) if @PreferredDBOwner is NULL
- Updated “database owner not sa” check to “database owner not preferred owner”
- Added of check for IP address
- Added of check for Database Mail XPs
- Updated vulnerability level for securityadmin members
- Updated TRUSTWORTHY database check into two checks based on owner permission level
- Updated vulnerability level of role members in master databases
- Updated check for recent for product level including recent vulnerability updates (GDRs)
- Removed requirement to create sp_CheckSecurity in the master database
- Corrected some typos here and there
For the newer checks we have added additional content pages on our website, which you can access via links the output. Or, if you have the free time to scroll through 1200+ lines of T-SQL, you can peruse the source code and copy the URLs.
We are already working on further updates for future releases, so please let us know if you have any suggestions to improve sp_CheckSecurity!
