Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1


Ratings: (0)|Views: 1,662|Likes:
Published by api-19823041

More info:

Published by: api-19823041 on Nov 30, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Peter DeBetta
Chapter 1
Security and Administration

With all the complexity of today\u2019s IT shops and with stronger security measures being re-
quired by both the high-tech industry and by government regulations, we are going to need
some new tools to help us make our way through the new world of IT. SQL Server 2005 made
leaps and bounds in advances for security and management, providing the ability to more
easily manage and secure servers with features such as certi\ufb01cate and key-based encryption
and more full-featured tools. SQL Server 2008 takes these measures even further, provid-
ing the ability to more easily manage and secure database servers, with new features such
as policy-based management, external key management, server and database auditing, and
transparent data encryption.

Policy-Based Management

Have you ever had to ensure that only Windows logons or groups were added to Microsoft
SQL Server, or that xp_cmdshell was disabled, or that no stored procedure names started
with \u201csp_\u201d? Did you ever have to do this to more than one server in your enterprise? I have,
and it was always such a hassle to go from server instance to server instance, querying sys-
tem objects, checking various con\ufb01guration settings, and scouring through all sorts of places
to ensure that your SQL Server instances were all compliant. That process has changed in SQL

Server 2008.
Policy Management in SQL Server 2008

Yes, it\u2019s true. SQL Server 2008 introduces a new feature known as the Policy-Based
Management. This framework allows you to de\ufb01ne policies on a variety of objects and then
either manually or automatically prevent changes based on said policies. Management is also
very simple using SQL Server Management Studio (preferred), or you can write your own
code to manage policies. But I am getting ahead of myself. Let\u2019s start at the beginning.

This management framework allows you to easily and proactively manage a variety of poli-
cies, ranging from security to metadata. It does this in two ways:
\ue001It allows you to monitor changes to these policies, with options to manually check poli-
cies, check policies on schedule, check policies on change and log violations, or check
policies on change and prevent the change if the policy is violated.
Introducing SQL Server 2008
\ue001It allows you to manage one or more SQL Server instances on a single server or across
multiple servers.

Rather than waiting for something to go awry, you can set policies based on your server
speci\ufb01cations and then have the framework proactively prevent changes based on these
policies or inform you via policy logs when these policies are being violated. The ability to
prevent certain changes depends on the type of feature, or facet, for which you are creating
a policy. For example, if you want to ensure that xp_cmdshell is never turned on for any sever
you are managing, you can create a policy and have it inform you when a change occurs or
even have it check for changes on a schedule, but you cannot prevent it from being changed.
The ability to prevent changes varies from facet to facet.

Policy-Based Management in SQL Server Management Studio

The practice of creating and enforcing policies is easily achieved using SQL Server
Management Studio. Policy-Based Management is accessed primarily by the Policy
Management node in Object Explorer, which can be found under the Management node of
the SQL Server instance, as shown in Figure 1-1.

FIGURE 1-1Policy Management in Object Explorer

Within this node of Object Explorer, you \ufb01nd the three base items of the framework: Policies,
Conditions, and Facets. Although not shown as a node, Policy Category Management can
also be accessed from here by right-clicking on the Policy Management node of Object
Explorer and choosing Manage Categories. So what does each of the objects do to help you

Activity (184)

You've already reviewed this. Edit your review.
Anand Kumar Jha liked this
1 thousand reads
1 hundred reads
jkl316 liked this
anelinuit liked this
blai mb liked this
KHA-HERU liked this
ptidisd liked this
ptidisd liked this
ptidisd liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->