Remove-DbaDbMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Removes database master keys from SQL Server databases
Description Removes database master keys from specified SQL Server databases by executing DROP MASTER KEY. Database master keys are used to encrypt other database-level encryption keys, including those for Transparent Data Encryption (TDE), Always Encrypted, and certificate private keys.
Remove-DbaLinkedServerLogin View Source Adam Lancaster, github.com/lancasteradam Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Removes linked server login mappings that define credential relationships between local and remote server logins.
Description Removes linked server login mappings, which are the credential associations that determine how local SQL Server logins authenticate to remote servers through linked server connections. These mappings control which credentials are used when executing queries against remote servers, so removing them effectively blocks access through that linked server for the specified local login.
Remove-DbaNetworkCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Removes the SSL certificate configuration from SQL Server network encryption settings
Description Removes the certificate thumbprint from SQL Server’s network encryption configuration by clearing the Certificate registry value in SuperSocketNetLib. This disables forced SSL encryption for client connections and returns the instance to unencrypted or optional encryption mode.
Set-DbaExtendedProtection View Source Claudio Silva (@claudioessilva), claudioessilva.eu Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Configures Extended Protection for Authentication on SQL Server network protocols
Description Modifies the Extended Protection registry setting for SQL Server network protocols to enhance connection security. Extended Protection helps prevent authentication relay attacks by requiring additional authentication at the network protocol level.
This security feature is particularly useful in environments where you need to protect against man-in-the-middle attacks or when connecting over untrusted networks.
Set-DbaNetworkCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Sets the network certificate for SQL Server instance
Description Sets the network certificate for SQL Server instance. This setting is found in Configuration Manager.
This command also grants read permissions for the service account on the certificate’s private key.
References:
https://www.itprotoday.com/sql-server/7-steps-ssl-encryption
https://azurebi.jppp.org/2016/01/23/using-lets-encrypt-certificates-for-secure-sql-server-connections/
https://blogs.msdn.microsoft.com/sqlserverfaq/2016/09/26/creating-and-registering-ssl-certificates/
Syntax Set-DbaNetworkCertificate [-SqlInstance <DbaInstanceParameter[]>] [-Credential <PSCredential>] [-RestartService] [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>] Set-DbaNetworkCertificate [-SqlInstance <DbaInstanceParameter[]>] [-Credential <PSCredential>] -Certificate <X509Certificate2> [-RestartService] [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>] Set-DbaNetworkCertificate [-SqlInstance <DbaInstanceParameter[]>] [-Credential <PSCredential>] -Thumbprint <String> [-RestartService] [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>] Examples Example: 1 PS C:\> New-DbaComputerCertificate | Set-DbaNetworkCertificate -SqlInstance localhost\SQL2008R2SP2 Creates and imports a new certificate signed by an Active Directory CA on localhost then sets the network certificate for the SQL2008R2SP2 to that newly created certificate.
Set-DbaPrivilege View Source Klaas Vandenberghe (@PowerDbaKlaas) Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Grants essential Windows privileges to SQL Server service accounts for optimal performance and security.
Description Configures critical Windows privileges for SQL Server service accounts including Lock Pages in Memory (LPIM), Instant File Initialization (IFI), Logon as Batch, Logon as Service, and Generate Security Audits. These privileges are essential for SQL Server performance optimization and proper service operation, eliminating the need to manually configure them through Local Security Policy.
Start-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Implements Transparent Data Encryption (TDE) on user databases with automated key infrastructure and backup management
Description Automates the complete TDE implementation process from start to finish, handling all the complex key management steps that would otherwise require multiple manual commands. This function sets up the entire encryption infrastructure including master keys, certificates or asymmetric keys, database encryption keys, and automatically backs up all encryption components to protect against data loss.
Stop-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Disables Transparent Data Encryption (TDE) on all user databases across a SQL Server instance
Description Disables Transparent Data Encryption (TDE) on all user databases within a SQL Server instance by calling Disable-DbaDbEncryption for each encrypted database found. This function automatically excludes system databases (master, model, tempdb, msdb, resource) and only processes databases that currently have encryption enabled.
Test-DbaComputerCertificateExpiration View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Identifies SSL/TLS certificates that are expired or expiring soon on SQL Server computers
Description Scans computer certificate stores to find certificates that are expired or will expire within a specified timeframe. This function focuses on certificates used for SQL Server network encryption, helping DBAs proactively identify potential connection failures before they occur.
Test-DbaKerberos View Source Claude + Andreas Jordan + Chrissy LeMaire Windows, Linux, macOS On this page: Synopsis · Description · Syntax · Examples · Parameters · Outputs Synopsis Tests Kerberos authentication configuration for SQL Server instances by performing comprehensive diagnostic checks.
Description This function performs a comprehensive suite of diagnostic checks to troubleshoot Kerberos authentication issues for SQL Server instances. It addresses the most common causes of Kerberos authentication failures including SPN configuration problems, DNS issues, time synchronization errors, service account configuration, network connectivity problems, and security policy misconfigurations.
dbatools