Get-DbaDbAsymmetricKey View Source Stuart Moore (@napalmgram), stuart-moore.com Windows, Linux, macOS Synopsis Retrieves asymmetric keys from SQL Server databases for encryption management and security auditing
Description Retrieves asymmetric keys stored in SQL Server databases, including their encryption algorithms, key lengths, owners, and thumbprints.
This function is essential for security audits and encryption key management, allowing DBAs to inventory all asymmetric keys across databases without manually querying system catalogs.
Asymmetric keys are used for encryption, digital signatures, and certificate creation in SQL Server’s transparent data encryption and column-level encryption features.
Get-DbaDbCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves database-level certificates from SQL Server databases for security auditing and certificate management
Description Retrieves all certificates stored within SQL Server databases, providing detailed information about each certificate including expiration dates, issuers, and encryption properties. This function is essential for DBAs managing Transparent Data Encryption (TDE), Service Broker security, or other database-level encryption features. Use this to audit certificate inventory across your environment, monitor approaching expiration dates for proactive renewal planning, and ensure compliance with security policies that require certificate tracking and rotation.
Get-DbaDbEncryptionKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves Transparent Data Encryption (TDE) database encryption keys from SQL Server databases
Description Retrieves detailed information about Transparent Data Encryption (TDE) database encryption keys including encryption state, algorithm, and certificate details. This function helps DBAs audit encrypted databases, verify TDE configuration, and gather key information for compliance reporting or troubleshooting encryption issues. Returns comprehensive key properties like thumbprint, encryption type, and important dates for certificate rotation planning.
Get-DbaDbMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves database master key information from SQL Server databases
Description Retrieves database master key objects and their metadata from one or more SQL Server databases. Database master keys are used to encrypt sensitive data through features like Transparent Data Encryption (TDE), column-level encryption, and certificate-based encryption. This function helps DBAs inventory encryption keys across their environment for security audits, compliance reporting, and encryption management.
Get-DbaExtendedProtection View Source Claudio Silva (@claudioessilva), claudioessilva.eu Windows, Linux, macOS Synopsis Retrieves Extended Protection authentication settings from SQL Server network configuration.
Description Retrieves the Extended Protection setting for SQL Server instances to help assess authentication security posture. Extended Protection is a Windows authentication enhancement that helps prevent credential relay attacks by validating channel binding and service principal names.
This function queries the Windows registry directly rather than connecting to SQL Server, so it requires Windows-level access to the target server.
Get-DbaForceNetworkEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves Force Network Encryption configuration from SQL Server’s network settings
Description Retrieves the Force Network Encryption setting and associated certificate from SQL Server’s network configuration stored in the Windows registry. This setting determines whether SQL Server requires all client connections to use encryption, preventing unencrypted communication.
Useful for security audits and compliance checks to verify that network encryption policies are properly configured across your SQL Server estate.
Get-DbaHideInstance View Source Tracy Boggiano @TracyBoggiano, databaseuperhero.com Windows, Linux, macOS Synopsis Retrieves the Hide Instance setting from SQL Server registry configuration
Description Retrieves the Hide Instance setting from the Windows registry for SQL Server instances. This security setting controls whether the instance appears when clients browse the network for available SQL Server instances. When Hide Instance is enabled, the SQL Server instance will not respond to broadcast requests from SQL Server Browser service, making it invisible to network discovery tools.
Get-DbaInstanceAudit View Source Garry Bargsley (@gbargsley), blog.garrybargsley.com Windows, Linux, macOS Synopsis Retrieves SQL Server audit objects from instance-level security auditing configurations.
Description Retrieves all configured SQL Server audit objects at the instance level, which define where security audit events are stored and how they’re managed. These audits capture login attempts, permission changes, and other security-related activities across the entire SQL Server instance. The function returns detailed information including audit file paths, size limits, rollover settings, and current status, helping DBAs monitor compliance and troubleshoot security configurations without manually querying system views.
Get-DbaInstanceAuditSpecification View Source Garry Bargsley (@gbargsley), blog.garrybargsley.com Windows, Linux, macOS Synopsis Retrieves server-level audit specifications from SQL Server instances for compliance and security monitoring
Description Returns all server-level audit specifications configured on SQL Server instances, including their enabled status, associated audit names, and configuration details. This helps DBAs inventory audit configurations for compliance reporting, security assessments, and ensuring proper event monitoring is in place. Server audit specifications define which events are captured by SQL Server Audit at the instance level, such as login attempts, permission changes, and database access patterns.
Get-DbaNetworkCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Retrieves the certificate currently configured for SQL Server network encryption.
Description Retrieves the specific computer certificate that SQL Server is configured to use for network encryption and SSL connections. This shows you which certificate from the local certificate store is actively being used by the SQL Server instance for encrypting client connections. Only returns instances that actually have a certificate configured - instances without certificates won’t appear in the results.
dbatools