Remove-DbaDbMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Removes database master keys from SQL Server databases
Description Removes database master keys from specified SQL Server databases by executing DROP MASTER KEY. Database master keys are used to encrypt other database-level encryption keys, including those for Transparent Data Encryption (TDE), Always Encrypted, and certificate private keys. This function is typically used when decommissioning database encryption, migrating to different encryption strategies, or cleaning up unused encryption infrastructure during database maintenance or compliance changes.
Remove-DbaLinkedServerLogin View Source Adam Lancaster, github.com/lancasteradam Windows, Linux, macOS Synopsis Removes linked server login mappings that define credential relationships between local and remote server logins.
Description Removes linked server login mappings, which are the credential associations that determine how local SQL Server logins authenticate to remote servers through linked server connections. These mappings control which credentials are used when executing queries against remote servers, so removing them effectively blocks access through that linked server for the specified local login.
Remove-DbaNetworkCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Removes the SSL certificate configuration from SQL Server network encryption settings
Description Removes the certificate thumbprint from SQL Server’s network encryption configuration by clearing the Certificate registry value in SuperSocketNetLib. This disables forced SSL encryption for client connections and returns the instance to unencrypted or optional encryption mode. Use this when decommissioning certificates, troubleshooting SSL connection issues, or when you need to reconfigure encryption settings from scratch.
Set-DbaExtendedProtection View Source Claudio Silva (@claudioessilva), claudioessilva.eu Windows, Linux, macOS Synopsis Configures Extended Protection for Authentication on SQL Server network protocols
Description Modifies the Extended Protection registry setting for SQL Server network protocols to enhance connection security. Extended Protection helps prevent authentication relay attacks by requiring additional authentication at the network protocol level.
This security feature is particularly useful in environments where you need to protect against man-in-the-middle attacks or when connecting over untrusted networks.
Set-DbaNetworkCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Sets the network certificate for SQL Server instance
Description Sets the network certificate for SQL Server instance. This setting is found in Configuration Manager.
This command also grants read permissions for the service account on the certificate’s private key.
References:
https://www.itprotoday.com/sql-server/7-steps-ssl-encryption
https://azurebi.jppp.org/2016/01/23/using-lets-encrypt-certificates-for-secure-sql-server-connections/
https://blogs.msdn.microsoft.com/sqlserverfaq/2016/09/26/creating-and-registering-ssl-certificates/
Syntax Set-DbaNetworkCertificate [-SqlInstance <DbaInstanceParameter[]>] [-Credential <PSCredential>] [-RestartService] [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>] Set-DbaNetworkCertificate [-SqlInstance <DbaInstanceParameter[]>] [-Credential <PSCredential>] -Certificate <X509Certificate2> [-RestartService] [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>] Set-DbaNetworkCertificate [-SqlInstance <DbaInstanceParameter[]>] [-Credential <PSCredential>] -Thumbprint <String> [-RestartService] [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>] Examples Example: 1 PS C:\> New-DbaComputerCertificate | Set-DbaNetworkCertificate -SqlInstance localhost\SQL2008R2SP2 Creates and imports a new certificate signed by an Active Directory CA on localhost then sets the network certificate for the SQL2008R2SP2 to that newly created certificate.
Set-DbaPrivilege View Source Klaas Vandenberghe (@PowerDbaKlaas) Windows, Linux, macOS Synopsis Grants essential Windows privileges to SQL Server service accounts for optimal performance and security.
Description Configures critical Windows privileges for SQL Server service accounts including Lock Pages in Memory (LPIM), Instant File Initialization (IFI), Logon as Batch, Logon as Service, and Generate Security Audits. These privileges are essential for SQL Server performance optimization and proper service operation, eliminating the need to manually configure them through Local Security Policy.
Start-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Implements Transparent Data Encryption (TDE) on user databases with automated key infrastructure and backup management
Description Automates the complete TDE implementation process from start to finish, handling all the complex key management steps that would otherwise require multiple manual commands. This function sets up the entire encryption infrastructure including master keys, certificates or asymmetric keys, database encryption keys, and automatically backs up all encryption components to protect against data loss.
Stop-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Disables Transparent Data Encryption (TDE) on all user databases across a SQL Server instance
Description Disables Transparent Data Encryption (TDE) on all user databases within a SQL Server instance by calling Disable-DbaDbEncryption for each encrypted database found. This function automatically excludes system databases (master, model, tempdb, msdb, resource) and only processes databases that currently have encryption enabled.
This is commonly used during instance decommissioning, migration scenarios where TDE is not required in the target environment, or when standardizing security configurations across multiple databases.
Test-DbaComputerCertificateExpiration View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Identifies SSL/TLS certificates that are expired or expiring soon on SQL Server computers
Description Scans computer certificate stores to find certificates that are expired or will expire within a specified timeframe. This function focuses on certificates used for SQL Server network encryption, helping DBAs proactively identify potential connection failures before they occur.
By default, it examines certificates that are candidates for SQL Server’s network encryption feature.
TLDR: This error is expected and the change is legitimate. To update, switch to Install-Module, then slap on the -SkipPublisherCheck and -Force parameters and continue your update.
Install-Module dbatools -Force -SkipPublisherCheck I’ve always been very proud that dbatools is Code Signed like a “real” application. These certs prove the identity of the creator and help prevent tampering. The certificates cost a bunch of money and are hard to obtain. You gotta send in tons of paperwork, including your passport and business papers.
dbatools