SQl Server触发器可以';不要改变
为了防止使用CHECK\u POLICY=OFF创建\更改SQL登录,我创建了一个服务器触发器:SQl Server触发器可以';不要改变,sql,sql-server,triggers,Sql,Sql Server,Triggers,为了防止使用CHECK\u POLICY=OFF创建\更改SQL登录,我创建了一个服务器触发器: GO SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TRIGGER [create_or_alter_login] ON ALL SERVER FOR CREATE_LOGIN, ALTER_LOGIN as begin DECLARE @data xml DECLARE @text nvarchar(max);
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE TRIGGER [create_or_alter_login] ON ALL SERVER
FOR CREATE_LOGIN, ALTER_LOGIN
as
begin
DECLARE @data xml
DECLARE @text nvarchar(max);
DECLARE @user nvarchar(max);
DECLARE @object_name nvarchar(max);
DECLARE @MESSAGE_LOG varchar(255);
DECLARE @MESSAGE_PRINT varchar(255);
SET @data = EVENTDATA();
SET @text = @data.value('(/EVENT_INSTANCE/TSQLCommand)[1]', 'nvarchar(max)');
SET @user = @data.value('(/EVENT_INSTANCE/LoginName)[1]', 'nvarchar(max)');
SET @object_name = @data.value('(/EVENT_INSTANCE/ObjectName)[1]', 'nvarchar(max)');
IF(@text LIKE N'%CHECK_POLICY=OFF%')
BEGIN
SET @MESSAGE_LOG = 'XXX Policy: CHECK_POLICY=OFF is a forbidden setting. Rollback for a batch ' + @text
exec xp_logevent 60000, @MESSAGE_LOG , warning
SET @MESSAGE_PRINT = '
************************************************************
' + 'XXX Policy: CHECK_POLICY=OFF is a forbidden setting.
' + 'Rollback SQL login change for '+ @object_name + '
************************************************************
'
Rollback
RAISERROR (@MESSAGE_PRINT,10,1)
END
ELSE
BEGIN
SET @MESSAGE_LOG = 'SQL Login has been created or changed: ' + @text
exec xp_logevent 60000, @MESSAGE_LOG , informational
END
end
谢谢大家! dbatools Commandlets发布了什么T-SQL?它在什么安全上下文下运行?我在测试系统上以具有sa permissons的active directory用户身份运行它。不幸的是,即使在多次探查器跟踪之后,我也没有看到确切的t-sql语句(“出于安全原因被替换,表示探查器”),只有一条关于它的事件消息,这是一个标准的t-sql:
CREATE LOGIN[XXXX],密码=0x*************散列,SID=XXXXX,默认的_数据库=[master],默认的_语言=[us_english],CHECK_EXPIRATION=OFF,CHECK_POLICY=OFF