1. View all users in SQL SERVER: (available for SQL 2000 or 2005)
Select * from sysusers;
2. View all users with empty passwords in SQL SERVER: (2000/2005 common)
select name,password from syslogins where password is null;
3. Set mssql so that only Windows local account can log in:
4. Set the database log audit:
Right-click the database, open the database properties, select Security, and adjust the audit level in Security to All.
5. Perform network protocol encryption:
6. View database information and version:
Select @@version;
7. Determine whether xp_cmdshell exists in the current database;
select count(*) from master.dbo.sysobjects where xtype=‘x’ and
name=‘xp_cmdshell’;
If the returned result is not 0, it means that xp_cmdshell exists in the server;
8. Enable xp_cmdshell on the server:
Exec sp_configure ‘show advanced options’,1;
Reconfigure;
Exec sp_configure ‘xp_cmdshell’,1;
Reconfigure;
9. Use xp_cmdshell to execute stored procedure commands:
10. Add xp_cmdshell: