| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: tempdb ResultHash: A98892EF5388104C56E8D20C589B864AEFC2578F ~~~~~ No principals other than the standard MSSQL principals own database schemas. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: msdb ResultHash: A98892EF5388104C56E8D20C589B864AEFC2578F ~~~~~ No principals other than the standard MSSQL principals own database schemas. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: model ResultHash: A98892EF5388104C56E8D20C589B864AEFC2578F ~~~~~ No principals other than the standard MSSQL principals own database schemas. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: master ResultHash: A98892EF5388104C56E8D20C589B864AEFC2578F ~~~~~ No principals other than the standard MSSQL principals own database schemas. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: BEDB ResultHash: A98892EF5388104C56E8D20C589B864AEFC2578F ~~~~~ No principals other than the standard MSSQL principals own database schemas. Comments |
|||||
Check Text
Obtain a listing of schema ownership from the server documentation. Execute the following query to obtain a current listing of schema ownership. SELECT s.name AS schema_name, p.name AS owning_principal FROM sys.schemas s JOIN sys.database_principals p ON s.principal_id = p.principal_id WHERE p.name != 'dbo' AND (s.name != p.name or p.name not in ( 'db_accessadmin' , 'db_backupoperator' , 'db_datareader' , 'db_datawriter' , 'db_ddladmin' , 'db_denydatareader' , 'db_denydatawriter' , 'db_owner' , 'db_securityadmin' , 'guest' , 'INFORMATION_SCHEMA' , 'sys' , 'TargetServersRole' , 'SQLAgentUserRole' , 'SQLAgentReaderRole' , 'SQLAgentOperatorRole' , 'DatabaseMailUserRole' , 'db_ssisadmin' , 'db_ssisltduser' , 'db_ssisoperator' , 'replmonitor' , '##MS_SSISServerCleanupJobLogin##' ) ) ORDER BY schema_name If any schema is owned by an unauthorized database principal, this is a finding.
Fix Text
Transfer ownership of database schemas to authorized database principals. ALTER AUTHORIZATION ON SCHEMA::[<Schema Name>] TO [<Principal Name>]