No recent TDE certificate backup
Issue: The TDE certificate has not been backed up recently.
Problem: You need the TDE certificate to be able to restore a backup of a database that has TDE enabled. If you have never backed up your certificate, then you are currently not able to restore the backups of at least one user database on a different instance.
Learn More...Unencrypted databases
Issue: There is no issue. This is simply how many, if any, database are not encrypted by Transparent Data Encryption (TDE).
Problem: This probably is not a problem, unless you need all user databases to be encrypted.
Learn More...Encrypted databases
Issue: There is no issue. This is simply how many, if any, databases are encrypted by Transparent Data Encryption (TDE).
Problem: This probably is not a problem, unless you didn't know you had any encrypted databases.
Learn More...SQL Agent jobs that run at startup
Issue: One or more SQL Agent jobs has been set to run whenever SQL Server starts up.
Problem: A job that is set to run at startup could be doing anything executing with the permissions of a highly-privileged login.
Learn More...Stored procedures that run at startup
Issue: One or more stored procedures has been set to execute whenever SQL Server starts up.
Problem: Stored procedures set to execute at startup are often created by software vendors to do things like start traces and write output files. These traces can sometimes cause excessive resource utilization, and the output files can contain information that, if not properly secured, could be in conflict with compliance requirements.
Learn More...SQL Agent jobs owned by users
Issue: One or more jobs are owned by user logins.
Problem: The execution of a job is dependent on the permissions of the owner, so if the owner's permissions are changed or removed then execution of the job will fail.
Learn More...Cross-database ownership chaining
Issue: The instance level configuration 'cross db ownership chaining' is enabled.
Problem: Cross database ownership chaining allows for the creation of objects in one database that allow access to objects in other databases. Having this enabled at the instance level allows database owners or members of any database db_ddladmin and db_owner roles to create objects that can use objects in other databases, which can allow other users to have access to objects which they haven't been granted.
Learn More...xp_cmdshell enabled
Issue: You have the instance configuration 'xp_cmdshell' set to enabled.
Problem: Enabling the xp_cmdshell configuration allows for the spawning of a Windows command shell and passes a string for execution. Because this is a frequent target for malicious software, it is recommended to only have xp_cmdshell enabled if needed.
However, considering that by default xp_cmdshell can only be executed by members of the sysadmin role - who can also enable or disable this configuration at will - we recommend that more attention be given to the members of the sysadmin role than whether or not xp_cmdshell is enabled.
Learn More...CLR enabled
Issue: You have the instance configuration 'clr enabled' set to enabled.
Problem: It is possible to do things in an assembly with a PERMISSION_SET value of UNSAFE that cannot be done in regular T-SQL, similarly to extended stored procedures, xp_cmdshell, and the OLE Automatic procedures.
Learn More...About sp_checks
This page contains a list of SQL Server configuration checks performed by Straight Path's suite of sp_check tools. For more details about our free tools, select one from the following list: