Get-DbaPermission View Source Klaas Vandenberghe (@PowerDBAKlaas) Windows, Linux, macOS Synopsis Retrieves explicit and implicit permissions across SQL Server instances and databases for security auditing
Description Retrieves comprehensive permission information from SQL Server instances and databases, including both explicit permissions and implicit permissions from fixed roles.
This function queries sys.server_permissions and sys.database_permissions to capture all granted, denied, and revoked permissions across server and database levels.
Perfect for security audits, compliance reporting, troubleshooting access issues, and planning permission migrations between environments.
Get-DbaPrivilege View Source Klaas Vandenberghe (@PowerDBAKlaas) Windows, Linux, macOS Synopsis Retrieves Windows security privileges critical for SQL Server performance from target computers.
Description Audits five Windows privileges that directly impact SQL Server performance and functionality: Lock Pages in Memory, Instant File Initialization, Logon as Batch, Generate Security Audits, and Logon as a Service. These privileges are essential for SQL Server service accounts to achieve optimal performance and proper operation.
Get-DbaUserPermission View Source Brandon Abshire, netnerds.net , Josh Smith Windows, Linux, macOS Synopsis Audits comprehensive security permissions across SQL Server instances using DISA STIG methodology
Description Performs a comprehensive security audit by analyzing all server logins, server-level permissions, database users, database roles, and object-level permissions across SQL Server instances. Creates temporary STIG (Security Technical Implementation Guide) objects in tempdb to gather detailed permission information for both direct and inherited access rights.
New-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates a new computer certificate useful for Forcing Encryption
Description Creates a new computer certificate - self-signed or signed by an Active Directory CA, using the Web Server certificate.
By default, a key with a length of 1024 and a friendly name of the machines FQDN is generated.
This command was originally intended to help automate the process so that SSL certificates can be available for enforcing encryption on connections.
New-DbaComputerCertificateSigningRequest View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Generates certificate signing requests for SQL Server instances to enable SSL/TLS encryption and connection security.
Description Creates certificate signing requests (CSRs) that can be submitted to your Certificate Authority to obtain SSL/TLS certificates for SQL Server instances. This eliminates the manual process of creating certificate requests and ensures proper configuration for SQL Server’s encryption requirements.
The function generates both the certificate configuration file (.
New-DbaCredential View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates a SQL Server credential for authentication to external resources
Description Creates a SQL Server credential that stores authentication information for connecting to external resources like Azure storage accounts, network shares, or service accounts. Credentials are commonly used for backup to URL operations, SQL Agent job authentication, and accessing external data sources. The function supports various authentication methods including traditional username/password, Azure storage access keys, SAS tokens, and managed identities.
New-DbaDbAsymmetricKey View Source Stuart Moore (@napalmgram), stuart-moore.com Windows, Linux, macOS Synopsis Creates RSA asymmetric keys in SQL Server databases for encryption and digital signing
Description Creates asymmetric keys within SQL Server databases using RSA encryption algorithms (512-4096 bit). These keys are essential for database-level encryption features like Transparent Data Encryption (TDE), column-level encryption, and digital signing of assemblies or stored procedures. You can generate new key pairs directly on the server or import existing keys from files, executables, or assemblies.
New-DbaDbCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates a new database certificate for encryption and security purposes
Description Creates a new database certificate within a specified database using SQL Server Management Objects. Database certificates are essential for implementing Transparent Data Encryption (TDE), encrypting stored procedures and functions, securing Service Broker dialogs, and enabling column-level encryption. The certificate can be password-protected or secured by the database master key, with configurable expiration dates and subject information.
New-DbaDbEncryptionKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates database encryption keys for Transparent Data Encryption (TDE)
Description Creates database encryption keys (DEKs) required for Transparent Data Encryption, using certificates or asymmetric keys from the master database. This is the essential first step before enabling TDE on any database to encrypt data at rest. The function automatically validates that certificates have been backed up before creating encryption keys, preventing potential data loss scenarios.
New-DbaDbMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates a database master key for encryption operations
Description Creates a database master key, which is required for implementing Transparent Data Encryption (TDE), Always Encrypted, or other database-level encryption features. The master key serves as the root encryption key that protects other encryption keys within the database. Defaults to creating the key in the master database if no specific database is specified, and will prompt securely for a password if none is provided.
dbatools