| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: tempdb ResultHash: 1ECA956516DA093168EADA17AB3EA5E1C5ED41C1 ~~~~~ No results were returned by the check queries. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: msdb ResultHash: 1ECA956516DA093168EADA17AB3EA5E1C5ED41C1 ~~~~~ No results were returned by the check queries. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: model ResultHash: 1ECA956516DA093168EADA17AB3EA5E1C5ED41C1 ~~~~~ No results were returned by the check queries. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: master ResultHash: 1ECA956516DA093168EADA17AB3EA5E1C5ED41C1 ~~~~~ No results were returned by the check queries. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: Instance: MONT-BE-002\BKUPEXEC64 Database: BEDB ResultHash: F3ECBD3C11F8BAF819620F5F091A10379266B2E4 ~~~~~ DBA, Remove unauthorized users from roles database_name owner_name is_fixed_role_member ------------- ---------- -------------------- BEDB sa 1 Comments |
|||||
Check Text
Execute the following query to obtain a listing of user databases whose owner is a member of a fixed server role: SELECT D.name AS database_name, SUSER_SNAME(D.owner_sid) AS owner_name, FRM.is_fixed_role_member FROM sys.databases D OUTER APPLY ( SELECT MAX(fixed_role_member) AS is_fixed_role_member FROM ( SELECT IS_SRVROLEMEMBER(R.name, SUSER_SNAME(D.owner_sid)) AS fixed_role_member FROM sys.server_principals R WHERE is_fixed_role = 1 ) A ) FRM WHERE D.database_id > 4 AND (FRM.is_fixed_role_member = 1 OR FRM.is_fixed_role_member IS NULL) ORDER BY database_name If no databases are returned, this is not a finding. For each database/login returned, review the Server Role memberships 1. In SQL Server Management Studio, Expand “Logins” 2. Double-click the name of the Login 3. Click the “Server Roles” tab If any server roles are selected, but not documented and authorized, this is a finding.
Fix Text
Remove unauthorized users from roles: ALTER ROLE DROP MEMBER user; https://msdn.microsoft.com/en-us/library/ms189775.aspx Set the owner of the database to an authorized login: ALTER AUTHORIZATION ON database::DatabaseName TO login; https://msdn.microsoft.com/en-us/library/ms187359.aspx