Thursday, 17 April 2014

SSMS Auto Recovery

By David Postlethwaite

At my presentation on SQL Server Management Studio at SQL Saturday in Exeter I promised to write some articles on Gethyn’s blog about the bits I didn’t manage to cover.

SQL Server Management Studio will autosave your unsaved query every few minutes so if if your pc crashes you won’t have lost you work.
This is a similar idea to what we see in Word and Excel

Any new query will be added to the solution or project that is currently open. If you don’t have a solution open it will get save into a backup folder
My Documents\SQL Server Management Studio\Backup Files\Solution1

You can alter the recovery time
Tools -> Options -> Environment –> AutoRecover



There is a bug in Management Studio 2012 where the file must be saved first before it will starts to autosave it.
If you haven’t saved it at least once then it won’t autosave.

Management Studio 2008 and 2005 will autosave unsaved files without problem

Wednesday, 16 April 2014

From where does SSMS get its database defaults?

We can create a database simply by typing in the command

create database DB1 

We don’t have to provide any other parameters for SSMS to be able to create the database

My Question is from where does SQL get the default values when we create a database without any options?
We have always assumed that is was from the model database.

Here’s an interesting exercise:

Create an empty database using the command above and make a note of its size and autogrowth values.
Compare these to those of the model database. Assuming you have never changed the model database you’ll find they are identical.

Change the initial size and the autogrowth values in the model database to something obviously different.
Now create a new database DB2 with the script

create database DB2 

Take a look at the size and autogrowth of the new database and compare them to the values you put in the model database. The data file size will probably match but the rest will have taken the original values you saw in the model database.

SSMS hasn’t used the values in the model database which is what we all assumed it would do

Now create a database using the GUI
You will see in the GUI that the new database has taken its values from the model database
It seems that SSMS only uses the model database as its template when you use the GUI, you cannot guarantee the values that will be used when using a simple script
Which is why its best practice is to include all the parameters when creating database.

In case you need to reset mode back to the SQL defaults then run this

USE [model]
DBCC SHRINKFILE (N'modeldev' , 3)
DBCC SHRINKFILE (N'modellog' , 1)
USE [master]

Monday, 14 April 2014

Missing Database Owner

By David Postlethwaite

At my presentation on SQL Server Management Studio at SQL Saturday in Exeter I promised to write some articles on Gethyn’s blog about the bits I didn’t manage to cover.


A scenario
A DBA creates a new database and by doing so he become the owner of that database.
He then leaves the company and his Windows account is deleted.
When you try to view the database properties in SQL Server Management Studio you will receive the error “Property Owner is not available”

When SSMS tries to open the database it check the permissions of the owner and because it can no longer find it in Active Directory it aborts the request

You will not be able to view the properties until a new owner is assigned.
This is quite simple just issue this command on the database

sp_changedbowner 'sa' 

You cannot just create a new Windows user with the same name. The underlying SIDs will not match.

If the owner of the database is a SQL user then it’s not possible to delete that user but SQL Server can’t manage Active Directory so is unaware when an account has been deleted.

Also note that if the owner of an SQL Agent job is deleted that Agent job will not run because, once again, SQL checks the permissions of the owner and can’t find it in AD so will not continue.

To avoid this scenario it is best practice to ensure that all databases and agent jobs are owned by “sa” unless there is a good reason not to.

Thursday, 10 April 2014

Alter Table Not Permitted

By David Postlethwaite

At my presentation on SQL Server Management Studio at SQL Saturday in Exeter I promised to write some articles on Gethyn’s blog about the bits I didn’t manage to cover.


You may have come across this error message when using SQL Server Management Studio

It’s new in SSMS 2008.
You cannot, by default, make changes to a table that will require it to be dropped and re-created.
These changes are
Changing data type on existing columns
Or changing allow nulls on existing columns
Or changing order of columns

But you can turn this behaviour off
Tools Menu -> Options -> Designers
Untick "prevent saving changes that require table re-creation"

But beware.
If it is a table with large amount of data it could take some time to copy it from the old to the new table

Wednesday, 9 April 2014

Dedicated Administrator Connection

By David Postlethwaite

At my presentation on SQL Server Management Studio at SQL Saturday in Exeter I promised to write some articles on Gethyn’s blog about the bits I didn’t manage to cover.

If a SQL instance isn’t responding or you can’t login for some reason then SSMS has a back door called the Dedicated Administrator Connection or DAC.
The DAC uses a special reserved scheduler which has one thread for processing requests.
This essentially means that SQL Server is keeping a backdoor open just for this purpose.

To login using the DAC you must be a member of the sysadmin server role.
By default, for security, you can only use this from the local server, not from a remote connection.
You can enable remote connections using the command

sp_configure 'remote admin connections', 1

To use the DAC, in the SSMS connection window prefix the name of the server with “admin:”


You can’t connect using Object Explorer because it only allows one thread so you must use the Query Window Only

Only one use one admin connection at a time can use the DAC so if another DBA tries to connect using the admin option they will get an error

Also, you should only run simple, quick queries using the DAC.

If you are connecting remotely you many need to get firewall ports opened as well, depending on your environment.
This will probably be port 1434, but that will vary depending on your configuration.

SQLcmd also supports DAC
Sqlcmd – A

Check that you can use the DAC before you need to use it for real and that you have handy whatever admin scripts you require because, remember, you can’t use object explorer to help you diagnose your problem instance.

Monday, 7 April 2014

SQL Saturday Exeter

A couple weeks back was the second SQL Saturday to be held in Exeter. Although I wasn’t speaking this time, my friend, colleague and fellow contributor to this blog, David Postlethwaite was making his full speaking debut delivering a session entitle “Real DBAs Don’t need a GUI” it was a look at all the features of SQL Server Management Studio that you may not know existed. Unfortunately I was poorly on the day of the event and couldn’t make the session, but David did rehearse his talk with me and it went very well. It seems that his audience agreed and everyone seemed to give him positive feedback. It seems that the whole day was pretty successful and hopefully there will be another SQL Saturday in Exeter next year.

It seems David has caught the speaking bug so to speak. He has come back from Exeter and is keen to expand on this experience. He has put together two further talks. One on Oracle for the SQL Server DBA and another one called “Taming the Beast – How a SQL DBA can keep Kerberos under control.” He has submitted these sessions along with his SSMS talk to several SQL Saturdays around Europe.


If you are organising a SQL Saturday event and you have seen that David has submitted a session then maybe, just maybe, you can invite him along and he can show you how to “tame the beast” :D

Following on from David’s talk on SSMS, he was not able to cover everything in the 50 minute slot so he has kindly put together some blog posts covering the material and topics he was not able to get to during his talk. These will be published over the next few weeks, so stay tuned for more SSMS goodness from David P.

Monday, 13 January 2014

SQL Server 2012 and Virtual Service Accounts

This post is written by David Postlethwaite
If you are using SQL Server 2012 you will probably have noticed that the default account for the SQL services has changed from that used in previous versions. With SQL 2005 and 2008 the default account for SQL service and SQL Agent service was “NT Authority\System”. This is one the built in accounts on a Windows machine, managed by the machine and selectable from a dedicated dropdown list
The Network Service account was introduced in Windows 2003 as an alternative to using the LocalSystem account, which has full local system privileges on the local machine, a major security concern.
The Network Service has limited local privileges easing these security concerns but when many services on a machine use the Network Service account it becomes harder to track which service is actually accessing resources and performing actions, because all the services are using the one Network Service account.
Also, this account, by default, has sysadmin permissions on your instance.
Most people change their service accounts to a local or domain account with limited permissions. This introduces another security problem in that this account has a password that could be hacked and used to launch some sort of attack. Changing the password of a service account regularly can be problematic though programs like Secret Server can alleviate this (
To try and resolve some of these problems Windows 2008 R2 and above introduced a new type of account called a virtual account
Virtual accounts emulate creating many unique instances of the Network Service account, so each service runs with its own instance of the Network Service account. These unique instances of Network Service make auditing and tracking much easier.
You won’t find these virtual accounts listed in Local Users and Groups or Active Directory Users, they cannot be created, deleted, or edited and you can’t change their password. They are not in the built in account list and you won’t find them if you browse for an account.
When you install SQL 2012 on Windows Server 2008 R2 or Windows 7 and later you’ll see the services run with virtual service accounts named like:
NT Service\MSSQLSERVER or NT Service\MSSQL$<Instance Name>
NT Service\SQLSERVERAGENT or NT Service\SQLAGENT$<Instance Name>
If you change your service account and later want to switch back to using the virtual account you have to type the name in yourself since, because it doesn’t really exist anywhere, you can’t use the browse option to find it.
You also don’t know the password so you can’t type that into the appropriate box. If you do it will tell you it’s wrong. But if you leave the password fields blank and click Apply then Windows will apply the correct password for you and give the virtual account “login as a service” permissions.
One drawback of a virtual account is that it only has permissions to the local machine. If your SQL Server requires access to a network share or something on another machine then you will have to revert to a domain account.
But overall, virtual service accounts are a step in the right direction in securing our databases from attack.
More information can be found at