Unusual database permissions
Issue: One or more logins or groups has been included in the db_accessadmin, db_securityadmin, or db_ddladmin database roles in a user database.
Problem: These roles noted have very specific purposes, but we have found that often users have been assigned to these roles while also being assigned to the db_owner role. Since the db_owner role includes all permissions from the db_accessadmin, db_securityadmin, and db_ddladmin roles, these permissions can be redundant.
Learn More...db_owner role members
Issue: One or more logins or groups has been included in the db_owner database role in a user database.
Problem: Members of the db_owner role can do anything within the scope of a database, including creating, modifying, or deleting any object. Members of db_owner can also change other database permissions and even drop the database.
Learn More...Failed logins
Issue: One or more failed login attempts have recently occurred on your SQL Server instance.
Problem: Although a handful of failed login attempts are typically not something to be concerned about, if you have hundreds or thousands of failed logins.
Learn More...SQL Login Audit does not include failed logins
Issue: The default audit of SQL Server logins does not include writing failed logins to the SQL Server Log.
Problem: If you encounter a brute-force hacking event against a particular login, you would have no record of the failed login attempts.
Learn More...SQL Server service accounts
Issue: There is no issue. This is simply the name of the account used by the SQL Server service.
Problem: This probably isn't a problem, but did you know this was the account used to run this service? If not, you probably want to note it and any permissions it is assigned in case you need to restore this instance and all it's databases on another server.
Learn More...Database owner is unknown
Issue: The owner of the database is unknown, meaning you likely restored this database on an instance where the owner login does not exist.
Problem: This isn't so much a problem as a mess that should be cleaned up, as you don't know what kind of permissions will be assigned if you restore a backup of this database on an instance where the login does exist.
Learn More...Database owner is not sa
Issue: The owner of the database is something other than the sa login.
Problem: The owner of a database has additional permissions, such as full access to a database including the ability to CREATE, ALTER, or DROP any object within the database. Additionally, this could be problematic if the database is restored to an instance where the login exists.
Learn More...SQL Server Audit
Issue: One or more SQL Audits have been detected to be running on your SQL Server instance.
Problem: Because SQL Audits can use excessive resources if set up to do things like track every query, you should review any running SQL Audits and determine if they are necessary and what is in their output files. Additionally, check to make sure the audits have the correct folder permissions where they are being written and that there is no chance they can consume all available drive space.
Learn More...Endpoint ownership
Issue: One or more endpoints have been determined to be owned by a user login.
Problem: By default endpoints are set to be owned by whoever created them, so they can often be owned by user login. However, if the login that owns the endpoint becomes disabled in Windows, then the any high availability solutions you are using such as Availability Groups or Mirroring will cease communicating properly.
Learn More...About sp_checks
This page contains a list of SQL Server configuration checks performed by Straight Path's suite of sp_check tools. For more details about our free tools, select one from the following list: