Get-DbaInstanceAudit View Source Garry Bargsley (@gbargsley), blog.garrybargsley.com Windows, Linux, macOS Synopsis Retrieves SQL Server audit objects from instance-level security auditing configurations.
Description Retrieves all configured SQL Server audit objects at the instance level, which define where security audit events are stored and how they’re managed. These audits capture login attempts, permission changes, and other security-related activities across the entire SQL Server instance. The function returns detailed information including audit file paths, size limits, rollover settings, and current status, helping DBAs monitor compliance and troubleshoot security configurations without manually querying system views.
Get-DbaInstanceAuditSpecification View Source Garry Bargsley (@gbargsley), blog.garrybargsley.com Windows, Linux, macOS Synopsis Retrieves server-level audit specifications from SQL Server instances for compliance and security monitoring
Description Returns all server-level audit specifications configured on SQL Server instances, including their enabled status, associated audit names, and configuration details. This helps DBAs inventory audit configurations for compliance reporting, security assessments, and ensuring proper event monitoring is in place. Server audit specifications define which events are captured by SQL Server Audit at the instance level, such as login attempts, permission changes, and database access patterns.
Get-DbaNetworkCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves the certificate currently configured for SQL Server network encryption.
Description Retrieves the specific computer certificate that SQL Server is configured to use for network encryption and SSL connections. This shows you which certificate from the local certificate store is actively being used by the SQL Server instance for encrypting client connections. Only returns instances that actually have a certificate configured - instances without certificates won’t appear in the results.
Get-DbaPermission View Source Klaas Vandenberghe (@PowerDBAKlaas) Windows, Linux, macOS Synopsis Retrieves explicit and implicit permissions across SQL Server instances and databases for security auditing
Description Retrieves comprehensive permission information from SQL Server instances and databases, including both explicit permissions and implicit permissions from fixed roles.
This function queries sys.server_permissions and sys.database_permissions to capture all granted, denied, and revoked permissions across server and database levels.
Perfect for security audits, compliance reporting, troubleshooting access issues, and planning permission migrations between environments.
Get-DbaPrivilege View Source Klaas Vandenberghe (@PowerDBAKlaas) Windows, Linux, macOS Synopsis Retrieves Windows security privileges critical for SQL Server performance from target computers.
Description Audits five Windows privileges that directly impact SQL Server performance and functionality: Lock Pages in Memory, Instant File Initialization, Logon as Batch, Generate Security Audits, and Logon as a Service. These privileges are essential for SQL Server service accounts to achieve optimal performance and proper operation.
Get-DbaUserPermission View Source Brandon Abshire, netnerds.net , Josh Smith Windows, Linux, macOS Synopsis Audits comprehensive security permissions across SQL Server instances using DISA STIG methodology
Description Performs a comprehensive security audit by analyzing all server logins, server-level permissions, database users, database roles, and object-level permissions across SQL Server instances. Creates temporary STIG (Security Technical Implementation Guide) objects in tempdb to gather detailed permission information for both direct and inherited access rights.
New-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates a new computer certificate useful for Forcing Encryption
Description Creates a new computer certificate - self-signed or signed by an Active Directory CA, using the Web Server certificate.
By default, a key with a length of 1024 and a friendly name of the machines FQDN is generated.
This command was originally intended to help automate the process so that SSL certificates can be available for enforcing encryption on connections.
New-DbaComputerCertificateSigningRequest View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Generates certificate signing requests for SQL Server instances to enable SSL/TLS encryption and connection security.
Description Creates certificate signing requests (CSRs) that can be submitted to your Certificate Authority to obtain SSL/TLS certificates for SQL Server instances. This eliminates the manual process of creating certificate requests and ensures proper configuration for SQL Server’s encryption requirements.
The function generates both the certificate configuration file (.
New-DbaCredential View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates a SQL Server credential for authentication to external resources
Description Creates a SQL Server credential that stores authentication information for connecting to external resources like Azure storage accounts, network shares, or service accounts. Credentials are commonly used for backup to URL operations, SQL Agent job authentication, and accessing external data sources. The function supports various authentication methods including traditional username/password, Azure storage access keys, SAS tokens, and managed identities.
New-DbaDbAsymmetricKey View Source Stuart Moore (@napalmgram), stuart-moore.com Windows, Linux, macOS Synopsis Creates RSA asymmetric keys in SQL Server databases for encryption and digital signing
Description Creates asymmetric keys within SQL Server databases using RSA encryption algorithms (512-4096 bit). These keys are essential for database-level encryption features like Transparent Data Encryption (TDE), column-level encryption, and digital signing of assemblies or stored procedures. You can generate new key pairs directly on the server or import existing keys from files, executables, or assemblies.
dbatools