Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Login Security Checks ensure credentials from users and permissions, meet the organization's policy, and alert if there are changes.

...

Name

Description

Active Directory Helper Login Account Not AcceptableDetermine whether the Active Directory Helper account is acceptable
Analysis Services Login Account Not AcceptableDetermine whether the Analysis Services account is acceptable
Blank PasswordsDetermine whether any SQL Logins have blank passwords
DISTRIBUTOR_ADMIN LoginDetermine whether DISTRIBUTOR_ADMIN account should be deleted.
Ensure Windows BUILTIN Groups are not SQL LoginsDetermine whether the Windows BUILTIN groups and accounts are not SQL logins. Windows BUILTIN groups have broad memberships and should not be used to get access to the SQL Server Database Engine instance.
Ensure Windows Local Groups are not SQL LoginsDetermine whether Windows Local groups are used as logins. Allowing local Windows groups to be used as SQL Logins creates a loophole where an OS administrator could add users and give access to SQL Server instances.
Full-Text Search Login Account Not AcceptableDetermine whether the Full-Text Search Service account is acceptable
Integration Services Login Account Not AcceptableDetermine whether the Integration Services account is acceptable
Notification Services Login Account Not AcceptableDetermine whether the Notification Services account is acceptable
Orphaned usersDetermine whether any orphaned users exist in databases.
Reporting Services Login Account Not AcceptableDetermine whether the Reporting Services account is acceptable
sa Account Has Blank PasswordDetermine whether the SQL Server sa account has a blank password
sa Account Not Using Password PolicyDetermine whether password policy is enforced on the sa account
SQL Authentication EnabledDetermine whether SQL Authentication is allowed on the SQL Server
SQL Logins not using Must ChangeEnsure that all SQL Authentication Logins have the 'must_change' option set to ON.
SQL Logins Not Using Password ExpirationDetermine whether password expiration is enabled for all SQL Logins
SQL Logins Not Using Password PolicyDetermine whether password policy is enforced on all SQL Logins
SQL Server Agent Login Account Not AcceptableDetermine whether the SQL Server Agent Service account is acceptable
SQL Server Browser Login Account Not AcceptableDetermine whether the SQL Server Browser Service account is acceptable
SQL Server Service Login Account Not AcceptableDetermine whether the SQL Server Service account is acceptable
SQL Server SYSADMIN accountsDetermine whether SQL SYSADMIN accounts that are in the local Administrator role for the physical server.
Suspect LoginsDetermine whether suspect logins exist on the SQL Server
Unauthorized SQL Logins ExistDetermine whether unauthorized SQL Logins have been created on the SQL Server
VSS Writer Login Account Not AcceptableDetermine whether the VSS Writer account is acceptable
Weak PasswordsDetermine whether any SQL login passwords match the login name or a list of common and restricted passwords.

...