Set-DbaExtendedProtection View Source Claudio Silva (@claudioessilva), claudioessilva.eu Windows, Linux, macOS Synopsis Configures Extended Protection for Authentication on SQL Server network protocols
Description Modifies the Extended Protection registry setting for SQL Server network protocols to enhance connection security. Extended Protection helps prevent authentication relay attacks by requiring additional authentication at the network protocol level.
This security feature is particularly useful in environments where you need to protect against man-in-the-middle attacks or when connecting over untrusted networks.
Set-DbaNetworkCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Sets the network certificate for SQL Server instance
Description Sets the network certificate for SQL Server instance. This setting is found in Configuration Manager.
This command also grants read permissions for the service account on the certificate’s private key.
References:
https://www.itprotoday.com/sql-server/7-steps-ssl-encryption
https://azurebi.jppp.org/2016/01/23/using-lets-encrypt-certificates-for-secure-sql-server-connections/
https://blogs.msdn.microsoft.com/sqlserverfaq/2016/09/26/creating-and-registering-ssl-certificates/
Syntax Set-DbaNetworkCertificate [-SqlInstance <DbaInstanceParameter[]>] [-Credential <PSCredential>] [-RestartService] [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>] Set-DbaNetworkCertificate [-SqlInstance <DbaInstanceParameter[]>] [-Credential <PSCredential>] -Certificate <X509Certificate2> [-RestartService] [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>] Set-DbaNetworkCertificate [-SqlInstance <DbaInstanceParameter[]>] [-Credential <PSCredential>] -Thumbprint <String> [-RestartService] [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>] Examples Example: 1 PS C:\> New-DbaComputerCertificate | Set-DbaNetworkCertificate -SqlInstance localhost\SQL2008R2SP2 Creates and imports a new certificate signed by an Active Directory CA on localhost then sets the network certificate for the SQL2008R2SP2 to that newly created certificate.
Set-DbaPrivilege View Source Klaas Vandenberghe (@PowerDbaKlaas) Windows, Linux, macOS Synopsis Grants essential Windows privileges to SQL Server service accounts for optimal performance and security.
Description Configures critical Windows privileges for SQL Server service accounts including Lock Pages in Memory (LPIM), Instant File Initialization (IFI), Logon as Batch, Logon as Service, and Generate Security Audits. These privileges are essential for SQL Server performance optimization and proper service operation, eliminating the need to manually configure them through Local Security Policy.
Start-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Implements Transparent Data Encryption (TDE) on user databases with automated key infrastructure and backup management
Description Automates the complete TDE implementation process from start to finish, handling all the complex key management steps that would otherwise require multiple manual commands. This function sets up the entire encryption infrastructure including master keys, certificates or asymmetric keys, database encryption keys, and automatically backs up all encryption components to protect against data loss.
Stop-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Disables Transparent Data Encryption (TDE) on all user databases across a SQL Server instance
Description Disables Transparent Data Encryption (TDE) on all user databases within a SQL Server instance by calling Disable-DbaDbEncryption for each encrypted database found. This function automatically excludes system databases (master, model, tempdb, msdb, resource) and only processes databases that currently have encryption enabled.
This is commonly used during instance decommissioning, migration scenarios where TDE is not required in the target environment, or when standardizing security configurations across multiple databases.
Test-DbaComputerCertificateExpiration View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Identifies SSL/TLS certificates that are expired or expiring soon on SQL Server computers
Description Scans computer certificate stores to find certificates that are expired or will expire within a specified timeframe. This function focuses on certificates used for SQL Server network encryption, helping DBAs proactively identify potential connection failures before they occur.
By default, it examines certificates that are candidates for SQL Server’s network encryption feature.
TLDR: This error is expected and the change is legitimate. To update, switch to Install-Module, then slap on the -SkipPublisherCheck and -Force parameters and continue your update.
Install-Module dbatools -Force -SkipPublisherCheck I’ve always been very proud that dbatools is Code Signed like a “real” application. These certs prove the identity of the creator and help prevent tampering. The certificates cost a bunch of money and are hard to obtain. You gotta send in tons of paperwork, including your passport and business papers.
Last year, during our PASS Summit and SQL Bits precons, we highlighted the reasons that PowerShell is even more secure than GUI administration.
I even created a cute lil logo for it 😊
Recently, our team had a discussion about security in #dbatools-dev and I realized I should probably highlight why PowerShell and dbatools are ideal for every organization, including security-minded organizations.
If you’re questioned about PowerShell or dbatools, here are some handy facts to help prove we can help make your administration more, not less, secure.
These commands were updated Feb 8, 2017 (v0.8.709) to incorporate feedback ❤️
Right, so the first thing you need to know is: I’m not Chrissy. My name’s Drew, and I’m here tell you about an exciting new release of dbatools: schwifty!
In this release we’ve added three new commands to help you manage SPNs for SQL Server Kerberos authentication. If you have a lot of linked servers in your environment, then this is probably a welcome addition to the toolset for you.
dbatools