One of the neat security features with SQL 2005 and later is the ability to use a SSL certificate to encrypt off-host SQL server communications over port 1433. Encrypting communications between your SQL server and your remote applications is strongly recommended. Do you really want credit card data, personal information...
As previously mentioned in my blog about SQL TDE (Transparent Data Encryption), the example script I gave just used a SQL self-signed certificate to encrypt the database. While this is fine for a demo, you should only used trusted certificates in a production environment.Getting a trusted certificated inserted into SQL...
One of the new features in SQL Server 2008/R2 is Transparent Database Encryption, or TDE. TDE lets you encrypt any database, without having to change your application. This means you can fully encrypt databases and log files for SharePoint, RMS, or anything else you wish. For the ultimate in security...
One of the last things I do during a SQL installation is configure the temp databases. Temp databases are very important to some applications, as they are used as a scratch or buffer space. Other applications may not use them hardly at all, so it really depends on your environment.One...
One of the best things Microsoft did with Windows Server 2008 and later is the built-in firewall. Unlike previous OS releases where the firewall was pretty much a joke, Microsoft started from scratch and came up with a very robust two-way firewall. SQL is one of the prime targets for...
Yes, time for part 2 of the Wyse PXE booting series. Part 1 described the general concept and why you might want to PXE boot your Wyse zero client instead of having embedded flash for the ThinOS. The remainder of this post will cover the technical details on how to...
Welcome to Part 3 of my SQL 2008 R2 installation and lockdown series. The script below must be run in SQL Studio and is step #2 in my series introduction. It turns on SQL auditing and pipes it to the Windows security event log, renames the SA account, and then...
Although Microsoft tries to ship most products 'secure by default', there is almost always more you can do to lockdown a service. SQL 2008 R2 is no different. As much as possible I like to automate processes so they are repeatable, less prone to errors, and save time. To that...
This is the final part of my SQL 2008 R2 Secure and Automate your Installations series. The first two scripts, covered here, and here perform an unattended installation of SQL 2008 R2 and then modify some key SQL parameters. The final script to make all of this work is below....
Note: For my updated version for SQL Server 2012, see my new article here.Many of you probably do frequent SQL 2008 R2 installation. Be it in a development environment, or deployment in production environments. For years Microsoft has given people the ability to perform unattended installations of SQL. Starting with...
As a standard practice in the environment I support we use WMI filtering on GPOs to ensure a GPO only gets applied to the right operating system type. This can prevent accidents such as applying a client GPO to a server, or a GPO for Server 2003 to a Server...
If your organization is looking at deploying VDI (Virtual Desktop Infrastructure), I highly recommend you check out the VDI Smackdown report by PQR. It has a very lengthy and highly detailed feature comparison matrix of leading VDI solutions such as Citrix XenDesktop 4.0 SP1, Microsoft Server 2008 R2 Remote Desktop...