Is Your SQL Server Using RC4 for Kerberos? Here’s How to Find Out
You probably haven’t thought about Kerberos encryption types recently. That’s fair; the protocol mostly “just works” and has for decades. But CVE-2026-20833 changed the calculus. Microsoft disclosed a Kerberos information disclosure vulnerability in January 2026…
Inspecting SQL Server TLS Certificates Without Credentials
If you’ve ever needed to check the TLS certificate on a SQL Server instance — whether it’s expired, misconfigured, missing SANs, or just plain self-signed — you’ve probably had to connect with SSMS, run some…
Detecting Locked or Expired Logins
SQL Server logins can be configured to use password policies enforced by Windows. These policies include determining when passwords expire, how many invalid passwords can be entered before lock-out, etc. The T-SQL code in this…
Auditing Login Events with Service Broker
Perhaps one of the most important aspects of running a secure SQL Server is auditing login events – essentially capturing who’s logging in, and who’s attempting to login. Being aware of who’s logging in, and…
dbo – Database Owner
In SQL Server, the dbo or Database Owner is a server-level principal that has full access to the owned database. Microsoft’s best practices recommend creating a discrete user, either an Active Directory domain user or…
Filesystem security for TDE Keys and Certificates
What is TDE, and why is filesystem security important? Transparent Database Encryption, or TDE, is used to encrypt an entire database. The encryption is “transparent” since once the database is loaded by SQL Server, anyone…