Cross-database ownership chaining
Issue: The instance level configuration 'cross db ownership chaining' is enabled.
Problem: Cross database ownership chaining allows for the creation of objects in one database that allow access to objects in other databases. Having this enabled at the instance level allows database owners or members of any database db_ddladmin and db_owner roles to create objects that can use objects in other databases, which can allow other users to have access to objects which they haven't been granted.
Learn More...xp_cmdshell enabled
Issue: You have the instance configuration 'xp_cmdshell' set to enabled.
Problem: Enabling the xp_cmdshell configuration allows for the spawning of a Windows command shell and passes a string for execution. Because this is a frequent target for malicious software, it is recommended to only have xp_cmdshell enabled if needed.
However, considering that by default xp_cmdshell can only be executed by members of the sysadmin role - who can also enable or disable this configuration at will - we recommend that more attention be given to the members of the sysadmin role than whether or not xp_cmdshell is enabled.
Learn More...CLR enabled
Issue: You have the instance configuration 'clr enabled' set to enabled.
Problem: It is possible to do things in an assembly with a PERMISSION_SET value of UNSAFE that cannot be done in regular T-SQL, similarly to extended stored procedures, xp_cmdshell, and the OLE Automatic procedures.
Learn More...About sp_checks
This page contains a list of SQL Server configuration checks performed by Straight Path's suite of sp_check tools. For more details about our free tools, select one from the following list: