Database backup certificate expiration date
Issue: The certificate used for database backups has expired.
Problem: If you encrypt your database backups, you need the associated certificate to be able to restore a backup of a database that has TDE enabled. If the certificate used to encrypt your backups is expired then you will not be able to either backup your database or restore previously encrypted backups.
Learn More...Missing database backup certificate backup
Issue: The certificate used for database backups has not been backed up recently.
Problem: If you encrypt your database backups, you need the associated certificate to be able to restore a backup of a database that has TDE enabled. If you have never backed up your certificate, then you are currently not able to restore the backups of at least one user database on a different instance.
Learn More...TDE certificate expiration date
Issue: The TDE certificate has not been backed up recently.
Problem: You need the TDE certificate to be able to restore a backup of a database that has TDE enabled. If you have made a backup of the certificate but the expiration date has passed then we classify this finding as level 3, "Potential- review recommended" since even expired certificates can be used to restore backups of encrypted databases.
Learn More...No recent TDE certificate backup
Issue: The TDE certificate has not been backed up recently.
Problem: You need the TDE certificate to be able to restore a backup of a database that has TDE enabled. If you have never backed up your certificate, then you are currently not able to restore the backups of at least one user database on a different instance.
Learn More...Unencrypted databases
Issue: There is no issue. This is simply how many, if any, database are not encrypted by Transparent Data Encryption (TDE).
Problem: This probably is not a problem, unless you need all user databases to be encrypted.
Learn More...Encrypted databases
Issue: There is no issue. This is simply how many, if any, databases are encrypted by Transparent Data Encryption (TDE).
Problem: This probably is not a problem, unless you didn't know you had any encrypted databases.
Learn More...SQL Agent jobs that run at startup
Issue: One or more SQL Agent jobs has been set to run whenever SQL Server starts up.
Problem: A job that is set to run at startup could be doing anything executing with the permissions of a highly-privileged login.
Learn More...Stored procedures that run at startup
Issue: One or more stored procedures has been set to execute whenever SQL Server starts up.
Problem: Stored procedures set to execute at startup are often created by software vendors to do things like start traces and write output files. These traces can sometimes cause excessive resource utilization, and the output files can contain information that, if not properly secured, could be in conflict with compliance requirements.
Learn More...SQL Agent jobs owned by users
Issue: One or more jobs are owned by user logins.
Problem: The execution of a job is dependent on the permissions of the owner, so if the owner's permissions are changed or removed then execution of the job will fail.
Learn More...Cross-database ownership chaining
Issue: The instance level configuration 'cross db ownership chaining' is enabled.
Problem: Cross database ownership chaining allows for the creation of objects in one database that allow access to objects in other databases. Having this enabled at the instance level allows database owners or members of any database db_ddladmin and db_owner roles to create objects that can use objects in other databases, which can allow other users to have access to objects which they haven't been granted.
Learn More...About sp_checks
This page contains a list of SQL Server configuration checks performed by Straight Path's suite of sp_check tools. For more details about our free tools, select one from the following list: