{"id":4363,"date":"2015-02-10T16:15:00","date_gmt":"2015-02-10T15:15:00","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/"},"modified":"2015-02-10T16:15:00","modified_gmt":"2015-02-10T15:15:00","slug":"security-via-policies","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/","title":{"rendered":"Security via policies"},"content":{"rendered":"<p>Few weeks ago, I presented the session on security via Policies for<a href=\"http:\/\/guss.pro\/2014\/12\/01\/journees-sql-server-2014\/\"> &#8220;Les journ\u00e9es SQL Server 2014&#8221;<\/a>, organized by the<strong> French SQL Server User Group (GUSS)<\/strong> in Paris.<\/p>\n<p><a class=\"easyblog-thumb-preview\" title=\"presentation.JPG\" href=\"http:\/\/dbi-services.com\/blog\/images\/easyblog_images\/88\/presentation.JPG\"><img decoding=\"async\" title=\"b2ap3_thumbnail_presentation.JPG\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/b2ap3_thumbnail_presentation.jpg\" alt=\"b2ap3_thumbnail_presentation.JPG\" \/><\/a><\/p>\n<p>I promised to post our policies script on a blog.<\/p>\n<p>Security Policies are split into 4 categories:<\/p>\n<ul>\n<li>Server<\/li>\n<li>Instance<\/li>\n<li>Database<\/li>\n<li>Data<\/li>\n<\/ul>\n<p><a class=\"easyblog-thumb-preview\" title=\"architechture.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/architechture.png\"><img decoding=\"async\" title=\"architechture.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/architechture.png\" alt=\"architechture.png\" \/><\/a><\/p>\n<p>All policies follow this naming convention:<\/p>\n<p><strong>dbi_&#8221;Level number&#8221;_&#8221;Level name&#8221;_&#8221;Policy name&#8221;<\/strong><\/p>\n<p>I give you the policy name, the condition and the query or facet associated.<br \/>\nTo understand correctly all policies, I suggest you to read this blog. I advise you to understand policies level by level.<\/p>\n<h3>Level 1: Server<\/h3>\n<ul>\n<li>Enable Windows Firewall (3 policies &#8211; one per profile)\n<ul>\n<li>Policy name: dbi_security_l01_server_firewall_domain_profile<\/li>\n<li>Condition: is_firewall_domain_profile_enabled<\/li>\n<li>Query:<code> exec master.sys.xp_instance_regread @rootkey=N'HKEY_LOCAL_MACHINE',@key=N'SOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile', @value_name=N'EnableFirewall', @value=@get_value OUTPUT<\/code><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Policy name: dbi_security_l01_server_firewall_service_profile<\/li>\n<li>Condition: is_firewall_service_profile_enabled<\/li>\n<li>Query: <code>exec master..xp_instance_regread @rootkey=N'HKEY_LOCAL_MACHINE',@key=N'SOFTWAREPoliciesMicrosoftWindowsFirewallServiceProfile',@value_name=N'EnableFirewall', @value=@get_value OUTPUT<\/code><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Policy name: dbi_security_l01_server_firewall_public_profile<\/li>\n<li>Condition: is_firewall_public_profile_enabled<\/li>\n<li>Query: <code>exec master.sys.xp_instance_regread @rootkey=N'HKEY_LOCAL_MACHINE',@key=N'SOFTWAREPoliciesMicrosoftWindowsFirewall PublicProfile',@value_name=N'EnableFirewall', @value=@get_value OUTPUT<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Allow only required network protocol (one policy per protocol)\n<ul>\n<li>Policy name: dbi_security_l01_server_protocols_named_pipes<\/li>\n<li>Condition: is_named_pipes_enabled<\/li>\n<li>Facet: @NamedPipesEnabled<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Policy name: dbi_security_l01_server_protocols_shared_memory<\/li>\n<li>Condition: is_shared_memory_enabled<\/li>\n<li>Query:<code> SELECT count(*) from sys.dm_server_registry WHERE registry_key LIKE '%TCP' and value_name='Enabled' and convert (nvarchar(5),value_data) ='1'<\/code><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Policy name: dbi_security_l01_server_protocols_tcpip<\/li>\n<li>Condition: is_tcp_ip_enabled<\/li>\n<li>Facet: @TcpEnabled<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Change default SQL Server ports associated with the SQL Server installation ad use fixed port\n<ul>\n<li>Policy name: dbi_security_l01_server_protocols_fixed_ports<\/li>\n<li>Condition: is_fixed_port_in_the_range<\/li>\n<li>Query:<code> SELECT cast(convert (nvarchar(5),value_data) as int) from sys.dm_server_registry WHERE registry_key LIKE '%IPAll' and value_name='TCPPort'<\/code><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Policy name: dbi_security_l01_server_protocols_dynamic_ports<\/li>\n<li>Condition: is_dynamic_port_enabled<\/li>\n<li>Query: <code>SELECT count(*) from sys.dm_server_registry WHERE value_name='TcpDynamicPort' and registry_key NOT LIKE '%AdminConnection%' AND convert(nvarchar(5),value_data) !=0 AND convert(nvarchar(5),value_data)!=null<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Hide SQL server instances or disable the SQL Server Browser Services\n<ul>\n<li>Policy name: dbi_security_l01_server_protocols_hide_instance_or_browser<\/li>\n<li>Condition: is_instance_hide<\/li>\n<li>Facet for the SQL Server Browser Service: @BrowserStartMode<\/li>\n<li>Query for the hide instance option:<code> exec master.sys.xp_instance_regread @rootkey=N'HKEY_LOCAL_MACHINE',@key=N'SOFTWAREMicrosoftMicrosoft SQL ServerMSSQLServerSuperSocketNetLib',@value_name=N'HideInstance',@value=@get_value OUTPUT<\/code><\/li>\n<li>In this case, I also create 2 distinct policies for each clause:\n<ul>\n<li>dbi_security_l01_server_browser_service<\/li>\n<li>dbi_security_l01_server_hide_instance<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Use &#8220;Extended Protection for Authentication&#8221;\n<ul>\n<li>Policy name: dbi_security_l01_server_protocols_extended_protection<\/li>\n<li>Condition:is_extended_protection<\/li>\n<li>Query:<code> exec master..xp_instance_regread @rootkey=N'HKEY_LOCAL_MACHINE',@key=N'SOFTWAREMicrosoftMicrosoft SQL ServerMSSQLServerSuperSocketNetLib',@value_name=N'ExtendedProtection',@value=@get_value OUTPUT<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Only enable required SQL Server services\n<ul>\n<li>Policy name: dbi_security_l01_server_service_brocker_disabled<\/li>\n<li>Condition:is_service_brocker_disabled<\/li>\n<li>Facet: @ServiceBrokerEndpointActive<\/li>\n<\/ul>\n<ul>\n<li>Policy name: dbi_security_l01_server_vss_writer<\/li>\n<li>Condition:is_service_vss_writer_enabled<\/li>\n<li>Query:<code> exec master..xp_instance_regread @rootkey=N'HKEY_LOCAL_MACHINE',@key=N'SOFTWAREMicrosoftMicrosoft SQL ServerMSSQLServerSuperSocketNetLib',@value_name=N'ExtendedProtection',@value=@get_value OUTPUT<\/code><\/li>\n<\/ul>\n<ul>\n<li>Policy name: dbi_security_l01_server_soap_endpoints_disabled<\/li>\n<li>Condition: is_soap_endpoints_disabled<\/li>\n<li>Facet: @SoapEndpointsEnabled<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Install last Service Pack and Security Fix\n<ul>\n<li>Policy name:dbi_security_l01_server_last_update<\/li>\n<li>Condition:is_last_update<\/li>\n<li>Query:<code>SELECT SERVERPROPERTY('productversion')<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Level 2: Instance<\/h3>\n<ul>\n<li>Choose Windows Authentication vs mixed mode\n<ul>\n<li>Policy name: dbi_security_l02_instance_sql_server_login_mode<\/li>\n<li>Condition: is_windows_authentication_mode<\/li>\n<li>Facet: @LoginMode<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Use complex passwords for SQL Server logins\n<ul>\n<li>Policy name: dbi_security_l02_instance_sql_server_password_policy<\/li>\n<li>Condition: is_password_policy_enforced<\/li>\n<li>Facet: @PasswordPolicyEnforced<\/li>\n<\/ul>\n<ul>\n<li>Policy name: dbi_security_l02_instance_sql_server_password_expiration<\/li>\n<li>Condition: is_password_expiration_enabled<\/li>\n<li>Facet: @PasswordExpirationEnabled<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Revoke extended and OLE Automation stored procedures for the public role\n<ul>\n<li>Policy name: dbi_security_l02_instance_execute_right_extended_store_procedure<\/li>\n<li>Condition:is_execute_rights_for_public_for_extended_store_procedure<\/li>\n<li>Query:<code> SELECT count(*) FROM sys.database_permissions WHERE OBJECT_NAME(major_ID) IN ('sp_OACreate','sp_OADestroy','sp_OAGetErrorInfo','sp_OAGetProperty','sp_OAMethod', 'sp_OASetProperty','sp_OAStop','sp_sdidebug','xp_availablemedia','xp_cmdshell','xp_deletemail','xp_dirtree','xp_dropwebtask','xp_dsninfo','xp_enumdsn','xp_enumerrorlogs','xp_enumgroups','xp_enumqueuedtasks','xp_eventlog','xp_findnextmsg','xp_fixeddrives','xp_getfiledetails','xp_getnetname','xp_grantlogin','xp_logevent','xp_loginconfig','xp_logininfo','xp_regread','xp_perfend','xp_perfmonitor','xp_perfsample','xp_perfstart','xp_readerrorlog','xp_readmail','xp_revokelogin','xp_runwebtask','xp_schedulersignal','xp_sendmail','xp_servicecontrol','xp_snmp_getstate','xp_snmp_raisetrap','xp_sprintf','xp_sqlinventory','xp_sqlregister''xp_sqltrace','xp_sscanf','xp_startmail','xp_stopmail','xp_subdirs','xp_unc_to_drive','xp_dirtree') AND USER_NAME(grantee_principal_id) LIKE 'PUBLIC'<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Remove the BuiltinAdministrators Windows Group\n<ul>\n<li>Policy name: dbi_security_l02_instance_builtin_administrators<\/li>\n<li>Condition: is_builtin_administrators_removed<\/li>\n<li>Facet: @Name<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>sa account disabled or locked\n<ul>\n<li>Policy name: dbi_security_l02_instance_sa_locked<\/li>\n<li>Condition: is_account_locked<\/li>\n<li>Target: is_sa_account<\/li>\n<li>Facet: @IsLocked or @IsDisabled<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Removed orphaned Logins\n<ul>\n<li>Policy name: dbi_security_l02_instance_orphaned_logins<\/li>\n<li>Condition: is_orphaned_logins<\/li>\n<li>Target: is_sa_account<\/li>\n<li>Query: see the blog <a href=\"\/sql-server-tips-how-to-list-orphaned-logins\">here<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Options &amp; Configurations\n<ul>\n<li>Policy name: dbi_security_l02_instance_xp_cmdshell_disabled<\/li>\n<li>Condition: is_xp_cmdshell_disabled<\/li>\n<li>Facet: @XPCmdSellEnabled<\/li>\n<\/ul>\n<ul>\n<li>Policy name: dbi_security_l02_instance_cross_db_ownership_chaining<\/li>\n<li>Condition: is_cross_db_ownership_chaining_enabled<\/li>\n<li>Facet: @CrossDBOwnershipChainingEnabled<\/li>\n<\/ul>\n<ul>\n<li>Policy name: dbi_security_l02_instance_web_assistant_disabled<\/li>\n<li>Condition: is_web_assistant_disabled<\/li>\n<li>Facet: @WebAssistantEnabled<\/li>\n<\/ul>\n<ul>\n<li>Policy name: dbi_security_l02_instance_clr_integration<\/li>\n<li>Condition: is_clr_integration_enabled<\/li>\n<li>Facet: @ClrIntegrationEnabled<\/li>\n<\/ul>\n<ul>\n<li>Policy name: dbi_security_l02_instance_ad_hoc_remote_queries<\/li>\n<li>Condition: is_ad_hoc_remote_queries_enabled<\/li>\n<li>Facet: @AdHocRemoteQueriesEnabled<\/li>\n<\/ul>\n<ul>\n<li>Policy name: dbi_security_l02_instance_defaut_trace<\/li>\n<li>Condition: is_default_trace_enabled<\/li>\n<li>Facet: @DefaultTraceEnabled<\/li>\n<\/ul>\n<ul>\n<li>Policy name: dbi_security_l02_instance_auditing_logins<\/li>\n<li>Condition: is_auditing_logins_enabled<\/li>\n<li>Query:<code> SELECT count(*) FROM sys.server_audit_specification_details sasd JOIN sys.server_audits sa on sa.audit_id=sasd.server_specification_id WHERE sa.name='Audit-Logins' and (sasd.audit_action_id='LGFL' or sasd.audit_action_id='LGSD')<\/code><\/li>\n<\/ul>\n<ul>\n<li>Policy name: dbi_security_l02_instance_number_logins_failed<\/li>\n<li>Condition: is_number_login_failed_acceptable<\/li>\n<li>Query:<code>Exec master.sys.xp_ReadErrorLog, 0,1, N'Login',N'Failed'<\/code><\/li>\n<\/ul>\n<ul>\n<li>Policy name: dbi_security_l02_instance_containment<\/li>\n<li>Condition: is_containment_enabled<\/li>\n<li>Facet:@ContainmentEnabled<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Choose &#8220;Both failed and successful login for audit&#8221;\n<ul>\n<li>Policy name: dbi_security_l02_instance_errorlog_failed_successful_logins<\/li>\n<li>Condition: is_failed_successful_logins_enabled<\/li>\n<li>Target: is_sa_account<\/li>\n<li>Query: <code>exec master.sys.xp_instance_regread @rootkey='HKEY_LOCAL_MACHINE', @key='SOFTWAREMicrosoftMSSQLServerMSSQLServer', @value_name='AuditLevel', @value=@AuditLevel output<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Level 3: Database<\/h3>\n<ul>\n<li>Not all databases should be owned by SA or by any other users in sysadmin server role\n<ul>\n<li>Policy name: dbi_security_l03_database_database_owner_is_service_account<\/li>\n<li>Condition: is_database_owner_is_service_account<\/li>\n<li>Facet: @Owner<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Have distinct owners for databases\n<ul>\n<li>Policy name: dbi_security_l03_database_default_schema_owner<\/li>\n<li>Condition: is_default_schema_owner<\/li>\n<li>Facet: @Name=@Owner<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>No access to database for the user Guest\n<ul>\n<li>Policy name: dbi_security_l03_database_guest_permissions<\/li>\n<li>Condition: has_no_database_access<\/li>\n<li>Targets: is_guest + is_user_or_model<\/li>\n<li>Facet: @HasDBAccess<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Delete orphaned database-users\n<ul>\n<li>Policy name: dbi_security_l03_database_no_orphan_sql_database_user<\/li>\n<li>Condition: is_no_orphan_sql_database_user<\/li>\n<li>Query: <code> SELECT count(*) from sys.database_principals a LEFT OUTER JOIN sys.server_principals b ON a.sid = b.sid WHERE b.sid IS NULL AND a.type = 'S' AND a.principal_id &gt; 4 AND DATALENGH(a.sid) <\/code><\/li>\n<\/ul>\n<ul>\n<li>Policy name: dbi_security_l03_database_no_orphan_windows_database_user<\/li>\n<li>Condition: is_no_orphan_windows_database_user<\/li>\n<li>Query: <code> SELECT count(*) FROM sys.database_principals dp LEFT OUTER JOIN sys.server_principals sp ON dp.sid = sp.sid WHERE sp.sid IS NULL AND dp.type In ('U', 'G') AND dp.principal_id &gt; 4 <\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Remove database objects granted to public\n<ul>\n<li>Policy name: dbi_security_l03_database_objects_permissions_granted_to_public<\/li>\n<li>Condition: is_database_objects_permissions_granted_to_public<\/li>\n<li>Targets: is_guest + is_user_or_model<\/li>\n<li>Query: <code>SELECT COUNT(*) FROM sys.database_permissions dp WHERE USER_NAME(dp.grantee_principal_id) = 'public' AND dp.major_id &gt; 0 AND exists (select 1 from sys.all_objects ao where ao.object_id = dp.major_id and ao.is_ms_shipped = 0) AND OBJECT_NAME(dp.major_id) not in ('pbcattbl','pbcatcol','pbcatfmt','pbcatvld','pbcatedt') AND OBJECT_NAME(dp.major_id) not in ('sp_upgraddiagrams','sp_helpdiagrams','sp_helpdiagramdefinition','sp_creatediagram','sp_renamediagram','sp_alterdiagram','sp_dropdiagram','fn_diagramobjects','dt_properties') <\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Conclusion<\/h3>\n<p>Finally, you canfind all these policies in the package <a title=\"title\" href=\"http:\/\/dbi-services.com\/blog\/images\/easyblog_images\/88\/SecurityPolicies.zip\" target=\"_self\">SecurityPolicies.zip<\/a>. You can also find here the associated presentation <a title=\"title\" href=\"http:\/\/dbi-services.com\/blog\/images\/easyblog_images\/88\/Security_via_Policie-GUSS-2014.pdf\" target=\"_self\">Security_via_Policie-GUSS-2014.pdf<\/a>.<br \/>\nThe session is on Youtube <a href=\"https:\/\/www.youtube.com\/watch?v=Xg-bWJfGEBg\">here<\/a> for the explanation.<br \/>\nIt may be not an exhaustive list. So, you can send me your feedback and suggestions to complete the package. Or you also can buy us a consulting day.:roll:<\/p>\n<p><span style=\"color: #ff0000;\"><strong>IN ANY CASES DO NOT FORGET<\/strong><\/span><br \/>\nHowever people working with databases and protecting data remain always unsung heroes!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Few weeks ago, I presented the session on security via Policies for &#8220;Les journ\u00e9es SQL Server 2014&#8221;, organized by the French SQL Server User Group (GUSS) in Paris. I promised to post our policies script on a blog. Security Policies are split into 4 categories: Server Instance Database Data All policies follow this naming convention: [&hellip;]<\/p>\n","protected":false},"author":15,"featured_media":4364,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[198],"tags":[49,25,51,54,52],"type_dbi":[],"class_list":["post-4363","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-database-management","tag-microsoft","tag-security","tag-sql-server","tag-sql-server-2012","tag-sql-server-2014"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Security via policies - dbi Blog<\/title>\n<meta name=\"description\" content=\"Presentation of a lot of our policies to secure a SQL server Server\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security via policies\" \/>\n<meta property=\"og:description\" content=\"Presentation of a lot of our policies to secure a SQL server Server\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2015-02-10T15:15:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/b2ap3_thumbnail_presentation.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"375\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"St\u00e9phane Haby\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"St\u00e9phane Haby\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/\"},\"author\":{\"name\":\"St\u00e9phane Haby\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0bfb7484ae81c8980fc2b11334f803b\"},\"headline\":\"Security via policies\",\"datePublished\":\"2015-02-10T15:15:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/\"},\"wordCount\":1008,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2022\\\/04\\\/b2ap3_thumbnail_presentation.jpg\",\"keywords\":[\"Microsoft\",\"Security\",\"SQL Server\",\"SQL Server 2012\",\"SQL Server 2014\"],\"articleSection\":[\"Database management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/\",\"name\":\"Security via policies - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2022\\\/04\\\/b2ap3_thumbnail_presentation.jpg\",\"datePublished\":\"2015-02-10T15:15:00+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0bfb7484ae81c8980fc2b11334f803b\"},\"description\":\"Presentation of a lot of our policies to secure a SQL server Server\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2022\\\/04\\\/b2ap3_thumbnail_presentation.jpg\",\"contentUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2022\\\/04\\\/b2ap3_thumbnail_presentation.jpg\",\"width\":500,\"height\":375},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/security-via-policies\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security via policies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0bfb7484ae81c8980fc2b11334f803b\",\"name\":\"St\u00e9phane Haby\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g\",\"caption\":\"St\u00e9phane Haby\"},\"description\":\"St\u00e9phane Haby has more than ten years of experience in Microsoft solutions. He is specialized in SQL Server technologies such as installation, migration, best practices, and performance analysis etc. He is also an expert in Microsoft Business Intelligence solutions such as SharePoint, SQL Server and Office. Futhermore, he has many years of .NET development experience in the banking sector and other industries. In France, he was one of the first people to have worked with Microsoft Team System. He has written several technical articles on this subject. St\u00e9phane Haby is Microsoft Most Valuable Professional (MVP) as well as Microsoft Certified Solutions Associate (MCSA) and\u00a0Microsoft Certified Solutions Expert (MCSE) for SQL Server 2012. He is also Microsoft Certified Technology Specialist (MCTS) and Microsoft Certified IT Professional (MCITP) for SQL Server 2008 as well as ITIL Foundation V3 certified. He holds a Engineer diploma in industrial computing and automation from France. His branch-related experience covers Chemicals &amp; Pharmaceuticals, Banking \\\/ Financial Services, and many other industries.\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/author\\\/stephane-haby\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Security via policies - dbi Blog","description":"Presentation of a lot of our policies to secure a SQL server Server","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/","og_locale":"en_US","og_type":"article","og_title":"Security via policies","og_description":"Presentation of a lot of our policies to secure a SQL server Server","og_url":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/","og_site_name":"dbi Blog","article_published_time":"2015-02-10T15:15:00+00:00","og_image":[{"width":500,"height":375,"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/b2ap3_thumbnail_presentation.jpg","type":"image\/jpeg"}],"author":"St\u00e9phane Haby","twitter_card":"summary_large_image","twitter_misc":{"Written by":"St\u00e9phane Haby","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/"},"author":{"name":"St\u00e9phane Haby","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b"},"headline":"Security via policies","datePublished":"2015-02-10T15:15:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/"},"wordCount":1008,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/b2ap3_thumbnail_presentation.jpg","keywords":["Microsoft","Security","SQL Server","SQL Server 2012","SQL Server 2014"],"articleSection":["Database management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/security-via-policies\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/","url":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/","name":"Security via policies - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/b2ap3_thumbnail_presentation.jpg","datePublished":"2015-02-10T15:15:00+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b"},"description":"Presentation of a lot of our policies to secure a SQL server Server","breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/security-via-policies\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/b2ap3_thumbnail_presentation.jpg","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/b2ap3_thumbnail_presentation.jpg","width":500,"height":375},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/security-via-policies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security via policies"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b","name":"St\u00e9phane Haby","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g","caption":"St\u00e9phane Haby"},"description":"St\u00e9phane Haby has more than ten years of experience in Microsoft solutions. He is specialized in SQL Server technologies such as installation, migration, best practices, and performance analysis etc. He is also an expert in Microsoft Business Intelligence solutions such as SharePoint, SQL Server and Office. Futhermore, he has many years of .NET development experience in the banking sector and other industries. In France, he was one of the first people to have worked with Microsoft Team System. He has written several technical articles on this subject. St\u00e9phane Haby is Microsoft Most Valuable Professional (MVP) as well as Microsoft Certified Solutions Associate (MCSA) and\u00a0Microsoft Certified Solutions Expert (MCSE) for SQL Server 2012. He is also Microsoft Certified Technology Specialist (MCTS) and Microsoft Certified IT Professional (MCITP) for SQL Server 2008 as well as ITIL Foundation V3 certified. He holds a Engineer diploma in industrial computing and automation from France. His branch-related experience covers Chemicals &amp; Pharmaceuticals, Banking \/ Financial Services, and many other industries.","url":"https:\/\/www.dbi-services.com\/blog\/author\/stephane-haby\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/4363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=4363"}],"version-history":[{"count":0,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/4363\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media\/4364"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=4363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=4363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=4363"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=4363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}