Linked server
Issue: One or more linked servers has been detected on your SQL Server instance.
Problem: Depending on the permission used by the linked server, users may have elevated permissions. If a linked server is set up using the sa login then we will classify it as level 1, "High - action required" since this means any user able to access the linked server will have permissions to do anything on the linked server - and you probably don't want that.
However, since there is no easy way to check permissions on a linked server, we generally classify this finding as level 3, "Potential- review recommended" since linked servers may still be set up to connect using a different login with elevated permissions.
Learn More...Database backup certificate expiration date
Issue: The certificate used for database backups has expired.
Problem: If you encrypt your database backups, you need the associated certificate to be able to restore a backup of a database that has TDE enabled. If the certificate used to encrypt your backups is expired then you will not be able to either backup your database or restore previously encrypted backups.
Learn More...Missing database backup certificate backup
Issue: The certificate used for database backups has not been backed up recently.
Problem: If you encrypt your database backups, you need the associated certificate to be able to restore a backup of a database that has TDE enabled. If you have never backed up your certificate, then you are currently not able to restore the backups of at least one user database on a different instance.
Learn More...TDE certificate expiration date
Issue: The TDE certificate has not been backed up recently.
Problem: You need the TDE certificate to be able to restore a backup of a database that has TDE enabled. If you have made a backup of the certificate but the expiration date has passed then we classify this finding as level 3, "Potential- review recommended" since even expired certificates can be used to restore backups of encrypted databases.
Learn More...No recent TDE certificate backup
Issue: The TDE certificate has not been backed up recently.
Problem: You need the TDE certificate to be able to restore a backup of a database that has TDE enabled. If you have never backed up your certificate, then you are currently not able to restore the backups of at least one user database on a different instance.
Learn More...Unencrypted databases
Issue: There is no issue. This is simply how many, if any, database are not encrypted by Transparent Data Encryption (TDE).
Problem: This probably is not a problem, unless you need all user databases to be encrypted.
Learn More...Encrypted databases
Issue: There is no issue. This is simply how many, if any, databases are encrypted by Transparent Data Encryption (TDE).
Problem: This probably is not a problem, unless you didn't know you had any encrypted databases.
Learn More...SQL Agent jobs that run at startup
Issue: One or more SQL Agent jobs has been set to run whenever SQL Server starts up.
Problem: A job that is set to run at startup could be doing anything executing with the permissions of a highly-privileged login.
Learn More...Stored procedures that run at startup
Issue: One or more stored procedures has been set to execute whenever SQL Server starts up.
Problem: Stored procedures set to execute at startup are often created by software vendors to do things like start traces and write output files. These traces can sometimes cause excessive resource utilization, and the output files can contain information that, if not properly secured, could be in conflict with compliance requirements.
Learn More...SQL Agent jobs owned by users
Issue: One or more jobs are owned by user logins.
Problem: The execution of a job is dependent on the permissions of the owner, so if the owner's permissions are changed or removed then execution of the job will fail.
Learn More...About sp_checks
This page contains a list of SQL Server configuration checks performed by Straight Path's suite of sp_check tools. For more details about our free tools, select one from the following list: