Get-SQLSysadminCheck

[Meatballs1]

This check may result in false negatives - I had a MSSQLServer service account login which was not listed as a specific username on the server.

I think I used sys.fn_my_permissions to confirm my access.

I worry that false negatives may stop some of the other queries from executing... e.g.

          # Check if xp_cmdshell is enabled
                if($IsSysadmin -eq 'Yes')

[nullbind]

Hrmm.. by default, I think the service account is added to the sysadmin role in all versions of SQL Server. Do you know what type of service account is was? For example, local, managed, or domain. Also, do you know what version was affected?

In the meantime, I'll take a peek at the Get-SQLSysadminCheck function. It may be that I haven't included default/implicit privileges in the check. Also, I would use sys.fn_my_permissions, but it sounds like it's only supported by SQL Server 2008 or above. I was hoping to support 2000-2014, so I'll see if I can come up with a version independent solutions. :) Thanks again

[Meatballs1]

Hmm i think maybe its just me not doing MSSQL in a while, I think when I tried to use IS_SRVROLEMEMBER('sysadmin','username') it didn't work, but I think you are calling it without a username which would probably do the job!

Anyway I'm looking forward to using this next time :)

[nullbind]

No worries - happy hunting :)