With the introduction of transparent data encryption (TDE) in SQL Server 2008, users now have the choice between cell-level encryption as in SQL Server 2005, full database-level encryption by using TDE, or the file-level encryption options provided by Windows. TDE is the optimal choice for bulk encryption to meet regulatory compliance or corporate data security standards. TDE works at the file level, which is similar to two Windows® features: the Encrypting File System (EFS) and BitLocker™ Drive Encryption, the new volume-level encryption introduced in Windows Vista®, both of which also encrypt data on the hard drive.

TDE does not replace cell-level encryption, EFS, or BitLocker. This white paper compares TDE with these other encryption methods for application developers and database administrators. While this is not a technical, in-depth review of TDE, technical implementations are explored and a familiarity with concepts such as virtual log files and the buffer pool are assumed. The user is assumed to be familiar with cell-level encryption and cryptography in general. Implementing database encryption is covered, but not the rationale for encrypting a database.

Read Database Encryption in SQL Server 2008 Enterprise Edition

Reference: Pinal Dave (http://blog.sqlauthority.com)

SQL Server, particularly the 2005 and 2008 versions, offers the functionality of cryptography. In the following, this functionality is briefly explained.

Introduction

Any database professional will support the encryption of data. However, the encryption of data has to be carried out at the database engine level. This is quite tricky as there the database performance can be affected by the process of decryption, data manipulation, and then re-encryption when data is being updated. SQL Server offers robust data security. Further, it is important to have strong knowledge of cryptography in SQL Server in order to avoid many problems that are encountered by DBAs while implementing cryptography.

SQL Server Authentication

When users log in to the database, there are two major steps of identifying the user: authentication and authorization (permissions).

• Authentication implies the verification of user’s identity or the security principal. Encryption and signature play an important role in the authentication process.
• Authorizations (also known as permissions) are the rights granted to a particular user. Permissions to a signature in SQL Server.

Protection of SQL Server Data by Encryption

At times, one can adequately protect data by controlling access to a table by using SQL Server robust permissions architecture. Therefore, what is the necessity of encrypting data on the server.

In general, if the storage medium such as SAN and backup tapes is completely secure, it is not necessary to encrypt data. If an attacker can break the permissions architecture, then he/she can possibly access the encryption keys of your database with very little effort. In such case, encryption cannot help.

However, if an attacker wants to access the file system, encryption defends the system to a greater depth.

Encryption is necessary for the data that fall in the following categories:

• For vulnerable storage media, wherein there are chances of loosing the backup data from PC or tapes.
• In some cases, the data has to be protected from sysadmins. In such an instance, it is advisable to use the middle tier to perform encryption and decryption, rather than SQL server internal encryption. However, if the keys are stored in the SQL Server, it is almost impossible to protect the data from a sysadmin who is determined to find the keys.
• If a sets of records (rows) within the same table needs to be protected, then users with cryptographic keys can be allowed to access the specific records, but not the other records within the same table. Encryption makes this process of hiding rows easy. In the case of regulating the permissions to columns, permissions on views can be enforced.
• Highly sensitive data requires encryption for storage. Such data include information on credit cards and military projects.

Third-party backup options that enable the encryption of backup files can be considered in situations wherein offsite tape storage is less secure and the disk storage access is secure.

Conclusion

The cryptographic functionality of SQL Sever has to deal with problems that were not taken into consideration during its design. Some common examples are as follows:

• The use of asymmetric key pairs in cases where key communication is not a crucial issue; for example, when data is stored in the SQL Server database.
• SQL Server permissions are sufficient to control access to data, except in situations where the access to the storage media is compromised. In such case, the security via encryption stands unnecessary.

Importantly, by using the cryptographic functionality of SQL Server, it is easy to create robust security. The native functionality offers access control and key storage, and the built-in encryption functionality offers robust security (including random salt and authenticator values). The ease in implementation of this functionality makes it an attractive choice for all types of users.

Reference: Pinal Dave (http://blog.sqlauthority.com), White paper by John Hicks, Microsoft Industry Solutions Group

This error is quite common and I have received it few times while I was working on a recent consultation project.

Cannot open database requested by the login. The login failed.
Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’.

This error occurs when you have configured your application with IIS, and IIS goes to SQL Server and tries to login with credentials that do not have proper permissions. This error can also occur when replication or mirroring is set up.

If you search online, there are many different solutions provided to solve this error, and many of these solutions work fine. However, I will be going over a solution that works always and is very simple.

Fix/Workaround/Solution:

Go to SQL Server >> Security >> Logins and right click on NT AUTHORITY\NETWORK SERVICE and select Properties

In newly opened screen of Login Properties, go to the “User Mapping” tab. Then, on the “User Mapping” tab, select the desired database – especially the database for which this error message is displayed. On the lower screen, check the role db_owner. Click OK.

In almost all such cases, this should fix your problem.

Reference : Pinal Dave (http://blog.sqlauthority.com)

Nakul, a dedicated member of the Gandhinagar SQL Server User Group, recently emailed me with a very interesting, but quick question. He asked me why the SQL Server Agent starts before SQL Server Engine does? He made the very valid point that as the SQL Server Engine is the core service, it should start first, and there is little point to running the SQL Server Agent without it.

Off the top of my head, I can offer the following quick reasons for this sequence:

• The SQL Server Engine does not only run jobs for SQL Server Engine itself. It also runs jobs for other core services like the SQL Server Analysis Service, Integration Service, Reporting Service etc.;
• The SQL Server Agent can run almost any kind of task that an Operating system can run. For example invoking any program or running shell scripts;

• The SQL Server Agent also starts jobs which are scheduled to run the second the SQL Server Engine starts, and for this reason it is needed; and
• Replication, mirroring and a few other tasks also depend on Agent Jobs.

These are the reasons that I have come up with so far. Can you think of any more? Let us have your views.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

I just received a call from an old friend with whom I used to work in Las Vegas. He told me about a password-related issue he faced in his organization. They had changed the password of username SA and now they are not able to recall the new password. I am sure that he is not the first person who has faced this issue. There may be many more similar situations where employees who have sysamin password leaves the job or a hacker disables the SA account.

Resetting the password of SA is a breeze!

Option 1 :

If there is any other SQL Server Login that is a member of sysadmin role, you can log in using that account and reset the password of SQL Server. Change the password of SA account as described here :  SQL SERVER – Change Password of SA Login Using Management Studio.

Option 2 :

If there is any other Windows Login that is a member of Windows Admin Group, log in using that account. Start SQL Server in Single User Mode as described here :  SQL SERVER – Start SQL Server Instance in Single User Mode.
Create a new login and give it sysadmin permission.

Note : If you have SQL Server Agent enabled, it starts before SQL Server service. If you have enabled SQL Server in a single user mode, it will connect it first, so it is recommended to turn that off before attempting any of the above options.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

This article will cover the most spectacular feature of SQL 2008 – Policy-based management and how the configuration of SQL Server with policy-based management architecture can make a powerful difference. Policy based management is loaded with several advantages. It can help you implement various policies for reliable configuration of the system. It also provides additional administration assistance to DBAs and helps them effortlessly manage various tasks of SQL Server across the enterprise.

1 Introduction
2 Basics of Policy Management
3 Policy Management Terms
4 Practical Example of Policy Management
4.1 Exploring of Facets
4.2 Create a Condition
4.3 Create a Policy
4.4 Evaluate a Policy
4.5 Fix Non-complying Policy
5 Summary

Read complete article here.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

Strange it may sound but being a SQL Server pro has its downside too. Common information on SQL does not interest me, while a good document is hard to find. So the reader in me is mostly discontented and constantly keeps looking for interesting documents.  Recently, I chanced upon a really good white paper by Jonathan Keyhayias on SQL Serve r2008 extended events. I have known Jonathan through forums but have not met him in person yet. But I hope to meet him soon.

The white paper starts with introduction to the extended event and then elaborates on its architecture, system objects, confusing target data and other important aspects of the extended events. This white paper ends with life of an event, and I would recommend that you read this portion at least if you do not have sufficient time to read the whole white paper.

Let us go through the first paragraph taken from the white paper which lucidly defines extended events.

What is extended events?
As SQL Server matures with time, the diagnostics tools available to administrators to troubleshoot problems when they arise have also matured. SQL Server 2000 had very limited diagnostic tools when compared with SQL Server 2005. SQL Trace and SQL Server Profiler were often the tools of choice for administrators to identify problems with performance, along with DBCC and individual trace flags like 1205 for deadlocks, and 3605 to log results to the SQL Server error log. With SQL Server 2005, the diagnostic tools expanded to include the dynamic management views, which provide a deep view into the internal workings of SQL Server, additional trace events for SQL Trace and SQL Server Profiler including the deadlock graph and Showplan XML events, the ability to import performance counter logs in SQL Server Profiler to view trace events along with their impact on the system, and WMI events which use Service Broker endpoints for event notifications. SQL Server 2008 continues to build upon the diagnostic tools with a new feature called Extended Events.

You can continue reading the white paper Using SQL Server 2008 Extended Events here.

Let me have your views about this white paper.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

I work in an environment wherein I connect to multiple servers across the world. Time and again, my SSMS is connected to a myriad of servers that kindles a lot of confusion. I frequently use the following trick to separate different connections, which I mentioned in my blog sometime back SQL SERVER – 2008 – Change Color of Status Bar of SSMS Query Editor. However, this trick does not help when a huge number of different connections are open. In such a case, I use the following handy script. Do not go by the length of the script; it might be very short but always works great!

Now, let’s take a look at the execution of this script in two different scenarios.

1) Logged in using SQL Authentication

SELECT HOST_NAME() AS HostName, SUSER_NAME() LoggedInUser

2) Logged in using Windows Authentication

SELECT HOST_NAME() AS HostName, SUSER_NAME() LoggedInUser

It is quite evident from both the above cases that we get correct logged-in username and hostname. Let me know if this script is helpful to you when you face a similar situation.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

Just a day ago, one of my friend sent me email requesting help with following error:

is not a valid Win32 application. (Exception from HRESULT: 0×800700C1)

In fact this is not SQL Server error but it is of .NET application. The solution of this error is just changing configuration of IIS7.

Fix/Solution/Workaround:

Go to IIS.
Click on Application Pool.
Look for your web application in application pool.
Go to Advanced Settings by right clicking on previously selected application pool.
Enable 32-Bit Applications by checking it.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

SQL Server 2005 and SQL Server 2008 provide encryption as a new feature to protect data against hackers’ attacks. Hackers might be able to penetrate the database or tables, but owing to encryption they would not be able to understand the data or make use of it. Nowadays, it has become imperative to encrypt crucial security-related data while storing in the database as well as during transmission across a network between the client and the server.

Encryption hierarchy is marked by three-level security. These three levels provide different mechanisms for securing data across networks and local servers. Different levels of hierarchies allow multiple instances of services (e.g., SQL Server Services) to run on one physical server.

• Windows Level – Highest Level – Uses Windows DP API for encryption
• SQL Server Level - Moderate Level – Uses Services Master Key for encryption
• Database Level – Lower Level – Uses Database Master Key for encryption

There are two  kinds of keys used in encryption:

• Symmetric Key – In Symmetric cryptography system, the sender and the receiver of a message share a single, common key that is used to encrypt and decrypt the message. This is relatively easy to implement, and both the sender and the receiver can encrypt or decrypt the messages.
• Asymmetric Key – Asymmetric cryptography, also known as Public-key cryptography, is a system in which the sender and the receiver of a message have a pair of cryptographic keys – a public key and a private key – to encrypt and decrypt the message. This is a relatively complex system where the sender can use his key to encrypt the message but he cannot decrypt it. The receiver, on the other hand, can use his key to decrypt the message but he cannot encrypt it. This intricacy has turned it into a resource-intensive process.

Yet another way to encrypt data is through certificates. A public key certificate is a digitally signed statement that binds the value of a public key to the identity of the person, device, or service that holds the corresponding private key. A Certification Authority (CA) issues and signs certifications. Download complete script here.

Please create a sample database that we will be use for testing Encryption. There are two different kinds of encryptions available in SQL Server:

• Database Level – This level secures all the data in a database. However, every time data is written or read from database, the whole database needs to be decrypted. This is a very resource-intensive process and not a practical solution.
• Column (or Row) Level – This level of encryption is the most preferred method. Here, only columns containing important data should be encrypted; this will result in lower CPU load compared with the whole database level encryption. If a column is used as a primary key or used in comparison clauses (WHERE clauses, JOIN conditions) the database will have to decrypt the whole column to perform operations involving those columns.

Let’s go over a simple instance that demonstrates the encryption and the decryption process executed with Symmetric Key and Triple DES encryption algorithm.

/* Create Database  */
USE master
GO
CREATE DATABASE EncryptTest
ON PRIMARY ( NAME = N'EncryptTest', FILENAME = N'C:EncryptTest.mdf')
LOG ON ( NAME = N'EncryptTest_log', FILENAME = N'C:EncryptTest_log.ldf')
GO

First, let’s create a sample table and then populate it with sample data. We will now encrypt one of the two columns of the table.

/* Create table and insert data in the table */
USE EncryptTest
GO
CREATE TABLE TestTable (FirstCol INT, SecondCol VARCHAR(50))
GO
INSERT INTO TestTable (FirstCol, SecondCol)
SELECT 1,'First'
UNION ALL
SELECT 2,'Second'
UNION ALL
SELECT 3,'Third'
UNION ALL
SELECT 4,'Fourth'
UNION ALL
SELECT 5,'Fifth'
GO
/* Check the content of the TestTable */
USE EncryptTest
GO
SELECT *
FROM TestTable
GO

The preceding code will return the result depicted in the subsequent figure.

Every database can have one master key. Database master key is a symmetric key used to protect the private keys of certificates and asymmetric keys present in the database. It uses Triple DES algorithm together with user-provided password to encrypt the keys.

/* Create Database Master Key */
USE EncryptTest
GO
CREATE MASTER KEY ENCRYPTION
BY PASSWORD = 'SQLAuthority'
GO

Certificates are used to safeguard encryption keys, which are used to encrypt data in the database. SQL Server 2005 has the capability to generate self-signed X.509 certificates.

/* Create Encryption Certificate */
USE EncryptTest
GO
CREATE CERTIFICATE EncryptTestCert
WITH SUBJECT = 'SQLAuthority'
GO

The symmetric key can be encrypted by using various options such as certificate, password, symmetric key, and asymmetric key. A number of different algorithms can be employed for encrypting key. The supported algorithms are DES, TRIPLE_DES, RC2, RC4, RC4_128, DESX, AES_128, AES_192, and AES_256.

/* Create Symmetric Key */
USE EncryptTest
GO
CREATE SYMMETRIC KEY TestTableKey
WITH ALGORITHM = TRIPLE_DES ENCRYPTION
BY CERTIFICATE EncryptTestCert
GO

Now add a column of type varbinary to the original table, which will store the encrypted value for the SecondCol.

/*  Encrypt Data using Key and Certificate
Add Columns which will hold the encrypted data in binary */
USE EncryptTest
GO
ALTER TABLE TestTable
ADD EncryptSecondCol VARBINARY(256)
GO

Before the key is used, it needs to be decrypted using the same method that was used for encrypting it. In our example, we have used a certificate for encrypting the key. Because of the same reason, we are using the same certificate for opening the key and making it available for use. Subsequent to opening it and making it available for use, we can use the encryptkey function and store the encrypted values in the database, in the EncryptSecondCol column.

/* Update binary column with encrypted data created by certificate and key */
USE EncryptTest
GO
OPEN SYMMETRIC KEY TestTableKey DECRYPTION
BY CERTIFICATE EncryptTestCert
UPDATE TestTable
SET EncryptSecondCol = ENCRYPTBYKEY(KEY_GUID('TestTableKey'),SecondCol)
GO

We can drop the original SecondCol column, which we have now encrypted in the EncryptSecondCol column. If you do not want to drop the column, you can keep it for future comparison of the data when we decrypt the column.

/* DROP original column which was encrypted for protect the data */
USE EncryptTest
GO
ALTER TABLE TestTable
DROP COLUMN SecondCol
GO

We can run a SELECT query on our database and verify if our data in the table is well protected and hackers will not be able to make use of it even if they somehow manage to reach the data.

/* Check the content of the TestTable */
USE EncryptTest
GO
SELECT *
FROM TestTable
GO

Authorized user can use the decryptbykey function to retrieve the original data from the encrypted column. If Symmetric key is not open for decryption, it has to be decrypted using the same certificate that was used to encrypt it. An important point to bear in mind here is that the original column and the decrypted column should have the same data types. If their data types differ, incorrect values could be reproduced. In our case, we have used a VARCHAR data type for SecondCol and EncryptSecondCol.

/* Decrypt the data of the SecondCol  */
USE EncryptTest
GO
OPEN SYMMETRIC KEY TestTableKey DECRYPTION
BY CERTIFICATE EncryptTestCert
SELECT CONVERT(VARCHAR(50),DECRYPTBYKEY(EncryptSecondCol)) AS DecryptSecondCol
FROM TestTable
GO

If you drop the database after the entire processing is complete, you do not have to worry about cleaning up the database. However, in real world on production servers, the database is not dropped. It is a good practice for developers to close the key after using it. If keys and certificates are used only once or their use is over, they can be dropped as well. Dropping a database will drop everything it contains – table, keys, certificates, all the data, to name a few.

/* Clean up database  */
USE EncryptTest
GO
CLOSE SYMMETRIC KEY TestTableKey
GO
DROP SYMMETRIC KEY TestTableKey
GO
DROP CERTIFICATE EncryptTestCert
GO
DROP MASTER KEY
GO
USE [master]
GO
DROP DATABASE [EncryptTest]
GO

Summary

Encryption is a very important security feature of SQL Server 2005. Long keys and asymmetric keys create unassailable, stronger encryption and stronger encryption uses lots of CPU to encrypt data. Stronger encryption is slower to process. When there is a huge amount of data to encrypt, it is suggested to encrypt it using a symmetric key. The same symmetric key can be encrypted further with an asymmetric key for additional protection, thereby adding the advantage of a stronger encryption. It is also recommended to compress data before encryption, as encrypted data cannot be compressed.

Reference : Pinal Dave (http://blog.SQLAuthority.com), DotNetSlackers,Download complete script here

Today, we will riffle through a very simple, yet common issue – How to unlock a locked “sa” login?

It is quite a common practice that SQL Server is hosted on a separate server than application server. In most cases, SQL Server ports or IP are exposed to the web, which makes them risk prone. For hackers, System Admin login “sa” is the preferred account which they use for hacking. In fact, a majority of hackers try to hack into SQL Server by attempting to login using “sa” account. Once hackers gain access to server using “sa” login, they get a complete control over the SQL Server.

Hackers apply Brute Force method to hack “sa” login. Brute Force method is an attempt to guess a password using every possible combination. Be it in your machine where SQL Server is hosted or in your domain, if you have a policy setting that disables any account after a certain number of unsuccessful attempts, it will also disable all your SQL Server logins including “sa” login. In this scenario, SQL Server will display the following error:

msg: 18486
Login failed for user ’sa’ because the account is currently locked out. The system administrator can unlock it.

Fix/Solution/Workaround:

1) Disable the policy on your system or on your domain level. However, this may not be the most appropriate option as it will adversely affect your security protection level.

2) If this is a one-time issue, enable “sa” login WITH changing password of “sa” login.

ALTER LOGIN sa WITH PASSWORD = 'yourpass' UNLOCK ;
GO

3) If this is a one-time issue, enable “sa” login WITHOUT changing password of “sa” login.

ALTER LOGIN sa WITH CHECK_POLICY = OFF;
ALTER LOGIN sa WITH CHECK_POLICY = ON;
GO

4) If you are not using “sa” login, switch your authentication from mixed mode authentication to windows authentication to remove your “sa” login account.

5) BEST Practice: Create another user with systemadmin role having the same rights as “sa” login and let “sa” login get disabled. Use the newly created account as this will not be exposed on the Internet and for hackers it will be a tough nut to crack! They will find it difficult to guess the right password and moreover, they will not be able to do Brute Force attack over it.

I am eager to know if there are other options to solve this problem.

If you simply want to change the “sa” password, you can follow my previous article SQL SERVER – Change Password of SA Login Using Management Studio.

Please note that it is not mandatory to reboot SQL Server or restart SQL Server services after changing the password for “sa” login. If you are interested, go through all the comments and bring forth your opinion about this discussion.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

Posted in Pinal Dave, SQL, SQL Authority, SQL Error Messages, SQL Query, SQL Scripts, SQL Security, SQL Server, SQL Tips and Tricks, SQLServer, T SQL, Technology Tagged: hacking ]]> http://blog.sqlauthority.com/2009/04/23/sql-server-fix-error-18486-login-failed-for-user-sa-because-the-account-is-currently-locked-out-the-system-administrator-can-unlock-it-unlock-sa-login/feed/ 5 pinaldave http://blog.sqlauthority.com/2009/04/14/sql-server-check-if-current-login-is-part-of-server-role-member/ http://blog.sqlauthority.com/2009/04/14/sql-server-check-if-current-login-is-part-of-server-role-member/#comments Tue, 14 Apr 2009 01:30:23 +0000 pinaldave http://blog.sqlauthority.com/?p=4333 ]]>

I often work on consulting projects with umpteen clients from across the globe. The nature of the works I usually receive necessitates me to take on the role of a system admin. Now, this role is trailed by come common issues. This article revolves around one such concern.

Most of the time, I get login and DBA from my clients. However, sometimes I face login-related problems, primarily because my clients forget to confer admin rights on me. Anticipating this situation I perform a simple task, which saves my time and saves me from exasperation.  Whenever I receive a server login I run the following query to verify if  the client has assigned me the role of system admin or not.

SELECT IS_SRVROLEMEMBER('sysadmin');

If I have been assigned system admin role then the result will be 1 else it will be 0.

I have listed below valid roles that can be verified using the above function.

sysadmin
dbcreator
diskadmin
processadmin
serveradmin
setupadmin
securityadmin

If you pass an invalid role to the above function, it will return value NULL.

I hope my article is clear to all my readers. Please send me your feedback. I want my readers to come up with more issues that need to be tackled.

Reference : Pinal Dave (http://blog.sqlauthority.com)

My present article talks about an error that you will encounter when connecting to Oracle database using OPENQUERY.

The error that eventuates is as follows:

Msg 9803, Level 16, State 1, Line 1
Invalid data for type “numeric”.

Fix/Solution/Workaround:

As far as I can discern, the above error occurs due to numeric precision or numeric definition mismatch. The number field of SQL Server does not appropriately match with the number field of Oracle. In fact, apart from number field there are several other data types that do not match.

I am including the following sample query having NumberCol that is Integer field of SQL Server and it needs to be converted To_Char to match up. NumberCol can be matched to Numeric in Oracle as well.

SELECT CONVERT(INT, NumberCol) AS NumberCol
FROM OPENQUERY (YourConnectionMethod, 'SELECT TO_CHAR(NumberCol) AS NumberCol FROM RemoteTbl');

Do read the article of MSDN to have a sound knowledge about Data Type Mapping for Oracle Publishers.

Please drop a line to me and let me have your doubts and questions. Your suggestions are always welcome!

Reference : Pinal Dave (http://blog.sqlauthority.com)

This article is outcome of the technical discussion of activity monitor and its behavior with my friend and SQL Expert Tejas Shah. Tejas told me that he does not like to re-write content from MSDN but rather prefer to write real life scenarios, as that prepares him to become better SQL Expert. While discussing about Activity Monitor he informed that activity monitor throws an error when there is permissions issue. He has even blogged about how to give permissions to user to launch activity monitor on his blog . Tejas asked me to write on the same subject for SQL Server 2008. Here is the article covering the discussion I had with Tejas.

I have user called ‘ActivityUser’ when turned on Activity Monitor (while logging in with user ActivityUser’) it does not have show anything in Activity Monitor.

The issue here is permissions issue. If user ActivityUser is given all the necessary permission it will start showing up data in Activity Monitor. Activity Monitor is new tool in SQL Server which displays activity in five sections. 1) Overview, 2) Processes, 3) Resources Waits, 4) Data File I/O, 5) Recent Expensive Queries. It is one of the new and very useful tool introduced by SQL Server.

Activity Monitor captures all the information at server level. For the same reason we need to give “View Server State” permission to user name to view data of Activity Monitor.We can give permission either using T-SQL or using SSMS.

T-SQL to give permission to user to view Activity Monitor:

SSMS to give permission to user to view Activity Monitor:

Once permissions is given to user, it displays the data in Activity Monitor. Click on images to enlarge the images.

Additionally, note that if you are user belonging to sysadmin role, you can always see all the data in Activity Monitor without additional permissions.

Reference : Pinal Dave (http://blog.sqlauthority.com)

I just received following email from one of the blog reader.

Question : “How to disable Windows Authentication?”

Answer : It can not be disabled. Windows Authentication is the most secure way to login in system.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

As I am doing lots of experiments on my SQL Server test box, I sometime gets too many files in SQL Server data installation folder – the place where I have all the .mdf and .ldf files are stored. I often go to that folder and clean up all unnecessary files I have left there taking up my hard drive space. I run following query to find out which .mdf and .ldf files are used and delete all other files. If your SQL Server is up and running OS will not let you delete .mdf and .ldf files any way giving you error that file already in use. This list also helps sometime to do documentation of which files are in being used by which database.

SELECT name, physical_name AS current_file_location
FROM sys.master_files

Following is the output of files used by my SQL Server instance.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

Posted in Pinal Dave, SQL, SQL Authority, SQL Backup and Restore, SQL Documentation, SQL Query, SQL Scripts, SQL Security, SQL Server, SQL System Table, SQL Tips and Tricks, T SQL, Technology ]]> http://blog.sqlauthority.com/2009/02/17/sql-server-find-current-location-of-data-and-log-file-of-all-the-database/feed/ 2 pinaldave http://blog.sqlauthority.com/2009/02/15/sql-server-reasons-to-backup-master-database-why-should-master-database-backedup/ http://blog.sqlauthority.com/2009/02/15/sql-server-reasons-to-backup-master-database-why-should-master-database-backedup/#comments Sun, 15 Feb 2009 01:30:06 +0000 pinaldave http://blog.sqlauthority.com/?p=2582 ]]>

The most interesting thing about writing blog at SQLAuthority.com is follow up question. Just a day before I wrote article about SQL SERVER – Restore Master Database – An Easy Solution, right following it, I received email from user requesting reason for importance of backing up master database.

Master database contains all the system level information of server. Information about all the login account, system configurations and information required to access all the other database are stored in master database. If master database is damaged, it will be difficult to use any other database in SQL Server and that makes it most important database of the SQL Server.

Let us understand the important of the master database using an example. We will take example of SQL Server DBA and follow his timeline. Make sure to understand it correctly, as I have small question at the end of the timeline.

9:00 AM – DBA takes backup of the master database.
10:00 AM – DBA creates new Database named AfterMaster.
11:00 AM – DBA restores the master database backup taken at 9:00 AM.
12:00 PM – I have following two questions for the DBA :

Question 1) What will be the state of the database AfterMaster? If AfterMaster database will be in active state after restoring master database?
Question 2) What should be the next step after restoring master database?

Let us understand the answer of question.

Answer 1) Once master database is restored it will have no record of AfterMaster database in its system database and it will not recognize it.
Answer 2) If master database is restored from backup all the operation which are done after last master database backup should be repeated in order to bring SQL Server in the current operational state. In our case, the database files (ldf and mdf) of AfterMaster database will still exists on server. They should be reattached to the server. You can search about how to attach mdf and ldf file at Search@SQLAuthority.com.

It is clear from our example that master database contains user login, files, filegroups and server wide settings.

In summary, it is extremely important to take backup of the master database.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

Today we will go over two step easy method to restore ‘master’ database. It is really unusal to have need of restoring the master database. In very rare situation this need should arises. It is important to have full backup of master database, without full backup file of master database it can not be restored.

It is necessary to start SQL Server in single user mode before master database can be restored. It is very easy to start SQL Server server in single user mode. Follow the tutorial SQL SERVER – Start SQL Server Instance in Single User Mode.

Once SQL Server instance is running in single user mode, immediately connect it using sqlcmd and run following command to restore the master database.

RESTORE DATABASE master FROM DISK = 'C:\BackupLocation\master.back' WITH REPLACE;
GO

I have tested it couple of times and it has worked fine for me. If you encounter any error please leave a comment and I will do my best to solve it.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

There are certain situation when user wants to start SQL Server Engine in “single user” mode from the start up.

To start SQL Server in single user mode is very simple procedure as displayed below.

Go to SQL Server Configuration Manager and click on  SQL Server 2005 Services. Click on desired SQL Server instance and right click go to properties. On the Advance table enter param ‘-m;‘ before existing params in Startup Parameters box.

Make sure that you entered semi-comma after -m. Once that is completed, restart SQL Server services to take this in effect. Once this is done, now you will be only able to connect SQL Server using sqlcmd.

Make sure to remove newly added params after required work is completed to restart it in multi user mode.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

Just a day ago I have received following email from Siddhi and I found it interesting so I am sharing with all of you.