I'm new to Brent Ozar's sp_blitz and am trying to do some cleanup in my new job. I get tons of security findings about agent jobs owned by users. Most of these hits are system-type accounts (reportexec, webexec, sqlservice), rather than employee-associated accounts. Is there a problem with this approach? I'd love to reduce the number of hits I'm getting with sp_blitz, but am not sure it's worth changing some of these things that were purposely set up like this. Thanks for any help.
Sql-server – TSQL Agent jobs owned by users
sp-blitzsql-server-agentt-sql
Related Question
- Sql-server – SQL Agent Proxy – writing to logs is only allowed to jobs that are owned by sysadmin
- Sql-server – SQL Server Agent Jobs – Long running job delaying other jobs
- SQL Server – Always On: SQL Agent Running Stored Proc on Inactive Server
- Sql-server – SQL Agent Jobs hanging at last Run date and time
- Sql-server – SQL Agent using domain user for Jobs with TSQL
Best Answer
You should be fine as sp_blitz will highlight if jobs are owned by users since if their login is disabled or not available due to Active Directory problems, the job will stop working.
you can create your skip table and specify that to the sp_blitz
@SkipChecksTable
to skip checks.BTW, sp_blitz is on github and you can view the code as well.