T-SQL script to get statistics for mappings between databases and users

I am continuing the development of T-SQL script that I did in my previous post. A big colleague of mine pointed out how to run that script just in one row :) I was really amazed!!!

exec sp_MSForEachDB @command1='use [?] exec sp_helpuser'

So it shows the logins information for each database. I've developed it and have got one big table that keeps database, login , user, group, schema names, user IDs and SID.

I used object tables instead of variable tables, because it is not able to work with variable tables under the sp_MSForEachDB procedure.

Here it is:

create table #results
(
 [UserName] nvarchar(100),
 [GroupName] nvarchar(100),
 [LoginName] nvarchar(100),
 [DefDBName] nvarchar(100),
 [DefSchemaName] nvarchar(100),
 [UserID] int,
 [SID] varbinary(85)
)

create table #users
(
 [DBName] nvarchar(100),
 [UserName] nvarchar(100),
 [GroupName] nvarchar(100),
 [LoginName] nvarchar(100),
 [DefDBName] nvarchar(100),
 [DefSchemaName] nvarchar(100),
 [UserID] int,
 [SID] varbinary(85)
)

exec sp_MSForEachDB @command1='
use [?]
delete from #results
insert into #results 
 exec sp_helpuser

insert into #users
 select db_name(), * from #results'

And here is some useful queries for getting statistics.

Next query shows amount of databases to which the user is allowed to connect:

select LoginName, count(DBName) as Databases from #users
 where LoginName is not null
 group by LoginName order by Databases desc

Shows the databases which do not have any SQL user mappings, so users cant connect them:

select DBName from #users where DBName not in
 (select DBName from #users where loginName is not NULL group by dbname)
 group by DBName

Shows the users which are not mapped to any database:

select loginname from master.dbo.syslogins
 where loginname not in
 (select loginname from #users where loginname is not null group by loginname)

T-SQL to get user list for every database

Today I created a new T-SQL script that gets list of existing databases on SQL Server and via sp_helpuser queries each database for login information.

There is also used variable table @dbs which keeps database names with assigned IDs. IDs are being assigned with row_number() procedure.

It could be further developed to join logins to some temporary table etc, that would allow to see some statistics (user rights, user and database mappings).

declare @RowCnt int
declare @MaxRows int
declare @dbname nvarchar(50)

declare @dbs table
(
 ID int,
 [name] nvarchar(50)
)

insert into @dbs
select * from
(select row_number() over (ORDER BY [name]) as 'ID', 
[name] FROM master.dbo.sysdatabases WHERE dbid > 6) as tbl1

select @MaxRows=count(*) from @dbs
select @RowCnt = 1

while @RowCnt <= @MaxRows
begin
 select @dbname = [name] from @dbs where id = @RowCnt
 exec('use ['+@dbname+']; EXECUTE sp_helpuser;')
 Select @RowCnt = @RowCnt + 1
end

How to deny users in ASP.NET application to some path.

ASP.NET based solution has the web.config file in the root Web directory with the rich set of opportunities.

If you need to deny all the users except admin group to some location you could add next

< location path ="Admin" >
     <system.web>
           <authorization >
                <allow roles = "Admin" />
                <deny users = "*" />
          </authorization >
     </system.web>
</ location>

If you need to grant anonymous access to Extras/Services folder on some Forms or Windows based authorizated application

< location path ="Extras/Service" >
     <system.web>
           <authorization >
                <allow users = "*" />
          </authorization >
     </system.web>
</ location>

Useful Tf Command-Line Utility Commands

Tf Command line utility provide many useful operations that you can perform with Team Foundation Server. I am going to show you those ones which I used to use.

You can navigate the console here: Start / All Programs / Microsoft Visual Studio 2008 / Visual Studio Tools / Visual Studio 2008 x64 Win64 Command Prompt

Visual Studio 2005 and 2008
If you have both versions of VS installed, you need to add the TFS server to 'Team Explorer' on both of them, otherwise you would not be able to work with VS2005 projects from VS2008 console and vice versa. Also I recommend to use the same server aliace name on both of them. It would help you to avoid the situations when you have to add '/server:AnotherServerAliace' parameter while accessing VS2005 projects from VS2008 console and vice versa.

Common error: TF30076: The server name provided does not correspond to a server URI that can be found. Confirm that the server name is correct.


Working with project's environment
Here I demonstrate you 3 commands which you need to run under the project's root directory.

Watch who has uncommited and checkouted files for the project AxCMS_Sample
C:\Projects\AxCMS_Sample> tf status . /recursive /user:*

Get list of all the commities for user Bogdanov in AxCMS_Sample project
C:\Projects\AxCMS_Sample>tf history . /recursive /user:Bogdanov

Do 'get latest' for the project AxCMS_Sample
C:\Projects\AxCMS_Xtopia>tf get . /recursive


Working with workspaces
It is very often needed to install the solution to other (tester's or designer's) computer and it is very necessary not to mix workspaces otherwise when you logoff after successful installation - no one should be able to work with that solution (in VS2005/2008) on that machine - only you. Because solution is being associated with current machine and user who installed it. This information is named as "workspace" and stored into TFS server and will not allow anybody except you to work with that solution on that machine.

Common error: The working folder 'C:\Projects' already in use by the workspace 'MITCHELL;AXINOM\krolov' on computer 'MITCHELL'. Where MITCHELL is computer name and AXINOM\krolov or krolov is user.

Get the list of workspaces for user Bogdanov on all the computers
tf workspaces /owner:bogdanov

Open the workspace for editing
tf workspace lessing;bogdanov

Delete the unneeded workspace
tf workspace /delete ogawa;bogdanov


More about Tf Command-Line Utility Commands:
http://msdn.microsoft.com/en-us/library/z51z7zy0(VS.80).aspx

How to avoid IISREST from using on servers

Why should I avoid to use IISRESET?
In short, iisreset is bad. Running it on production servers is especially bad. Restarting or stopping IIS, or rebooting your Web server, is a severe action. When you restart the Internet service, all sessions connected to your Web server (including Internet, FTP, SMTP, and NNTP) are dropped. Any data held in Web applications is lost. All Internet sites are unavailable until Internet services are restarted. For this reason, you should avoid restarting, stopping, or rebooting your server if at all possible.

Known problems on Exchange Servers after IISRESET
Running IISRESET on Exchange Server will not affect to start back SMTP, POP3, MS Exchange Routine Engine services.

How to restart approporiate Web Site
You can restart the site in IIS manager or by editing web.config file under site's root directory - open it in notepad, add a space, remove the space, and save. The change to the file timestamp will cause the site to reload. In both cases workin process (application pool) will continue working.

How to restart approporiate Application Pool

Each Application Pool is completely separated from other App Pools by running in its own process called w3wp.exe (in IIS5 aspnet_wp.exe). Only problem if server has multiple sites under each application pool on staging and production servers. It could be done because it keeps the overheads to be minimal (each W3WP.exe process needs circa 25MB to run). But of course it increases the vulnerability even whether ASP.NET hosting server has medium trust level, because it allows to write data everywhere under the same Application Pool. But this is another threat.

IIS6

First of all you need to identify which application pool is associated with which w3wp.exe process. Open CMD, navigate system32 directory and type:

C:\Windows\System32> cscript iisapp.vbs

You will get a table like

W3WP.exe PID: 788   AppPoolId: N24
W3WP.exe PID: 4836   AppPoolId: Irbi
W3WP.exe PID: 2668   AppPoolId: BV
W3WP.exe PID: 2200   AppPoolId: Heise
W3WP.exe PID: 1716   AppPoolId: Roedl

Now you need to kill approporiate process. It will start again automatically after the next web site request. So run:

C:\Windows\System32> taskkill /PID 788

IIS7

Here steps are more easilly done. Get the needed name of the approporiate Application Pool in the IIS manager. Go to %windir%\system32\inetsrv and recycle an application pool by running

C:\Windows\System32\inetsrv> appcmd recycle apppool "apppool_name"

How to disalbe IISRESET from the command line

At a command prompt, type iisreset /disable, and press ENTER. This command disables IIS and prevents all iisreset calls from executing.

More links:
Restarting IIS (IIS 6.0)
What does iisreset do in IIS 7.0?

How to reset a session on remote server

W2K3 and W2K8 based systems allow only 2 administrators to be remotly connected to them. Sometimes could happen that someone forgot to logoff or your own session has broken and you are unable to log off by logoff button.

Fortunately there is an easy solution. Windows 2000+ (includes Windows XP, 2003 and 2008) have two command-line tools called qwinsta and rwinsta that can query and reset a remote session. Also for resetting sessions you able to use reset tool.

COMMANDS & SYNTAX

qwinsta - list local sessions
qwinsta /server:servername - list sessions on 'servername'
qwinsta /server:servername /counter - list sessions on 'servername' & provide connection counts

rwinsta sessionnid /server:servername - ends session 'sessionnid' on server 'servername'

reset session sessionid /server:servername - ends session 'sessionnid' on server 'servername'

For example:

>qwinsta /server:white

 SESSIONNAME    USERNAME    ID  STATE   TYPE
 console                     0  Conn    wdcon
 rdp-tcp                 65536  Listen  rdpwd
 rdp-tcp#41     lints        1  Active  rdpwd
 rdp-tcp#45     bogdanov     2  Active  rdpwd

>reset session 2 /server:white

or

>rwinsta 2 /server:white

Does Google recognize underscopes "_" as word separators?

I had one support case regarding this question where I spent a lot of time searching the info. Now I am going to share the answer here.

So i answer your question in the next sentence ;)

Underscores are seen by Google as word separators just like hyphens.

http://news.cnet.com/8301-10784_3-9748779-7.html

But Google recommends to use dashes...

http://www.google.com/support/webmasters/bin/answer.py?answer=76329&topic=15261

Search engine optimization? Keyword rich URLs are a very, very minor factor in Google's ranking algorithm. But as we all know there is not one thing that is going to make a page rank well... there are hundreds of things that must be done to rank well for a particular term. It is the sum of all of those things that make you rank. Google has always been pretty good at breaking down domain names and page names like mortgagerefinanceloans.html into "mortgage refinance loans" even without any type of word separator.

Ok, let's go to Google and let's search for "dogtraining", "dog training", "dog-training", "dog_training".

First 3 search queries showed us almost the same result. As you see in the beginning of results there is Wikipedia topic (http://en.wikipedia.org/wiki/Dog_training ). Take a look to wiki URL, they also use underlines. As this wiki page have been found with our search queries means, that underlines in page names are the same as separators.

So let's discuss our 4th query "dog_training". Why normal human should build search query as mortgage_refinance_loans? As you maybe know, PHP functions use underlines. So when we search for "dog_training" Google tries to find PHP function dog_training() instead of all search results for "dog training". So these underlines are used as symbols only in search queries.

I hope I answered your question.