TLDR: dbatools is moving to Azure Trusted Signing, which means Microsoft backs our reputation and dbatools won’t trigger as many antivirus false positives.
Users upgrading from older signed versions will need -SkipPublisherCheck only once during the initial transition. PowerShell users with strict ExecutionPolicies (AllSigned/RemoteSigned) will need to trust each new certificate after every update due to Azure Trusted Signing’s daily cert rotation (but you can use the automation script provided below).
Add-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Imports X.509 certificates into the Windows certificate store on local or remote computers.
Description Imports X.509 certificates (including password-protected .pfx files with private keys) into the specified Windows certificate store on one or more computers. This function is essential for SQL Server TLS/SSL encryption setup, Availability Group certificate requirements, and Service Broker security configurations.
The function handles both certificate files from disk and certificate objects from the pipeline, supports remote installation via PowerShell remoting, and allows you to control import behavior through various flags like exportable/non-exportable private keys.
Disable-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Disables Transparent Data Encryption (TDE) on SQL Server databases and removes encryption keys
Description Disables Transparent Data Encryption (TDE) on specified databases by setting EncryptionEnabled to false and monitoring the decryption process until completion. Since TDE is not fully disabled until the Database Encryption Key (DEK) is removed, this command drops the encryption key by default to complete the decryption process.
Disable-DbaForceNetworkEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Disables Force Network Encryption setting in SQL Server Configuration Manager
Description Modifies the Windows registry to disable Force Network Encryption for SQL Server instances, allowing unencrypted client connections. This is useful when troubleshooting connectivity issues, working with legacy applications that don’t support encryption, or when encryption is handled at the network level. Requires Windows administrator access to the target server and PowerShell remoting.
Disable-DbaHideInstance View Source Gareth Newman (@gazeranco), ifexists.blog Windows, Linux, macOS Synopsis Makes SQL Server instances visible to network discovery by disabling the Hide Instance registry setting.
Description Modifies the Windows registry to disable the Hide Instance setting, making SQL Server instances visible to the SQL Server Browser service and network discovery tools. When Hide Instance is enabled, the instance won’t respond to browse requests, which is often used for security hardening but makes instances harder to locate.
Enable-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Enables Transparent Data Encryption (TDE) on SQL Server databases
Description Enables Transparent Data Encryption (TDE) on specified databases to protect data at rest. This is essential for compliance with regulations like HIPAA, PCI-DSS, and organizational security policies. The function automatically creates a Database Encryption Key (DEK) if one doesn’t exist, using a certificate from the master database to encrypt it.
Enable-DbaForceNetworkEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Configures SQL Server to require encrypted connections from all clients by modifying the Windows registry
Description Modifies the Windows registry to force all client connections to SQL Server to use encryption, regardless of the client’s encryption settings. This security feature ensures that all data transmitted between clients and SQL Server is encrypted, protecting against network eavesdropping and man-in-the-middle attacks.
Enable-DbaHideInstance View Source Gareth Newman (@gazeranco), ifexists.blog Windows, Linux, macOS Synopsis Enables the Hide Instance setting to prevent SQL Server Browser service from advertising the instance.
Description Enables the Hide Instance setting in the SQL Server network configuration registry, which prevents the instance from responding to SQL Server Browser service enumeration requests. This security setting makes the instance invisible to network discovery tools and requires clients to specify the exact port number or use a SQL Server alias to connect.
Get-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves X.509 certificates from Windows certificate stores that can be used for SQL Server TLS encryption
Description Scans Windows certificate stores to find X.509 certificates suitable for enabling SQL Server network encryption. By default, returns only certificates with Server Authentication capability from the LocalMachine\My store, which are the certificates SQL Server can actually use for TLS connections. This saves you from manually browsing certificate stores and checking enhanced key usage extensions when configuring Force Encryption or setting up secure SQL Server connections.
Get-DbaCredential View Source Garry Bargsley (@gbargsley), blog.garrybargsley.com Windows, Linux, macOS Synopsis Retrieves SQL Server Credentials configured for external authentication and resource access.
Description Retrieves SQL Server Credentials that are stored securely on the server and used by SQL Server services to authenticate to external resources like file shares, web services, or other SQL Server instances. These credentials are essential for operations like backups to network locations, accessing external data sources, or running SQL Agent jobs that interact with external systems.
dbatools