| Author | Klaas Vandenberghe (@PowerDBAKlaas) |
| Availability | Windows, Linux, macOS |
Want to see the source code for this command? Check out Get-DbaPrivilege on GitHub.
Want to see the Bill Of Health for this command? Check out Get-DbaPrivilege.
Retrieves Windows security privileges critical for SQL Server performance from target computers.
Audits five Windows privileges that directly impact SQL Server performance and functionality: Lock Pages in Memory, Instant File Initialization, Logon as Batch, Generate Security Audits, and Logon as a Service. These privileges are essential for SQL Server service accounts to achieve optimal performance and proper operation.
Use this to verify that SQL Server service accounts have the necessary Windows privileges configured, troubleshoot performance issues related to missing privileges, or audit security configurations across your SQL Server environment. The function exports the local security policy using secedit and parses the results to show which users and groups hold these critical privileges.
Requires Local Admin rights on destination computer(s).
Get-DbaPrivilege
[[-ComputerName] <DbaInstanceParameter[]>]
[[-Credential] <PSCredential>]
[-EnableException]
[<CommonParameters>]
PS C:\> Get-DbaPrivilege -ComputerName sqlserver2014a
Gets the local privileges on computer sqlserver2014a.
PS C:\> 'sql1','sql2','sql3' | Get-DbaPrivilege
Gets the local privileges on computers sql1, sql2 and sql3.
PS C:\> Get-DbaPrivilege -ComputerName sql1,sql2 | Out-GridView
Gets the local privileges on computers sql1 and sql2, and shows them in a grid view.
Specifies the target computer names where you want to audit Windows privileges. Accepts multiple computer names for bulk privilege auditing.
Use this to check privilege configurations on SQL Server host machines, especially when troubleshooting performance issues related to missing Lock Pages in Memory or Instant File Initialization
rights.
| Alias | cn,host,Server |
| Required | False |
| Pipeline | true (ByValue) |
| Default Value | $env:COMPUTERNAME |
Credential object used to connect to the computer as a different user.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |