Download Red Fire Screensaver Screensavergift.com Red Fire Logon Screen

Contents

Magic Submitter Update History

The Amazon Fire TV and Fire TV Stick’s “Factory Reset” option seems to be the source of a lot of confusion. Questions constantly come up on what it does or doesn’t do, and whether it is safe to do on a modded Fire TV running custom ROMs. Some of the confusion stems from the options label, since it most certainly does not reset the Fire TV to the state it was in when it left the factory. Hopefully this post will clear up some of the mystery behind this option.

Performing a Factory Reset will…

  • Remove Apps and App Data
    Performing a factory reset will delete all of your installed apps and the data associated with them. This includes both official apps downloaded from Amazon and sideloaded apps. Some games will save your progress to Amazon’s cloud servers, so reinstalling those games after a factory reset will restore your progress.
     
  • Disable ADBPerforming a factory reset will disable ADB access. This is important because it essentially locks you out of the Fire TV. Some of the first bricked Fire TVs became bricked because they were factory reset with modified system files. Without ADB, there is no way to access those system files. So if you’ve rooted and modded your Fire TV and run into issues, think twice before performing a factory reset since it will disable ADB and close the best venue you have to fixing your issues.
  • Re-Enable Updates
    Performing a factory reset will re-enable updates if you’ve disabled them using the “pm disable” method. This is why it is a good idea to also block updates in your router. This is not much of an issue if you are running ClockworkMod custom recovery since a stock update that gets downloaded will not be installed upon rebooting anyway if you have ClockworkMod installed. That said, the first thing you should do after performing a factory reset is to re-disable updates.
     
  • Force Initial Setup Process
    Performing a factory reset will cause you to go through the initial setup process again. This is important to realize because the Fire TV or Fire TV Stick will try to update during the initial setup. Depending on the software version you are running, the device may refuse to complete the initial setup without updating. A Fire TV that got through initial setup fine with updates blocked won’t necessarily do it everytime.
     

Performing a Factory Reset will NOT

  • Downgrade or Change Your Software VersionPerforming a factory reset will not change the software version currently running on your Fire TV or Fire TV Stick. It doesn’t matter what software version your device originally came with, or what software version is currently installed. It will still have whatever version is currently installed after the reset. This applies to both stock software and custom ROMs. If your Fire TV is running a custom ROM, it will not go back to a stock ROM by factory reseting.
  • Remove Root
    Performing a factory reset will not remove root access. However, if you are running a stock software version that has been rooted with towelroot, it may seem like you’ve lost root because the towelroot and SuperSU APKs will be gone. But in reality, root access survives because the SU binary remains in the system. The same goes for any pre-rooted ROM.
     
  • Remove ClockworkMod or the Kernel Boot Menu
    Performing a factory reset will not remove ClockworkMod custom recovery or the Kernel Boot Menu. With either one (or both) installed, it’s safe to do a factory reset. You can do it from either the Fire TV settings menu or from within ClockworkMod Mega Armpes 2013


     

ShareTweetShare 1

Read more - Voce pode criar um ponto de restauracao do Windows, assim, se nao gostar do programa ou se ele nao funcionar corretamente, voce pode simplesmente restaurar o .,Fatal Dallas (Texas) fire puts scrutiny on smart meters: Feb. 3, 2015. “James Humphrey Jr. was found dead on his bedroom floor Monday night.,Players Klub IPTV serves up over 1,000 live HD channels for only $5 per month. Enjoy full access to all sports season packages and Pay Per View events!

Read more Amenities. Oil central heating with electric fire in sitting room; Electric oven and hob, microwave, fridge/freezer, washing machine, 32" flat screen TV with Freeview .,Результаты поиска,Fortunately for most cases, there is a simple solution to why your mouse pointer would jump around the screen.

Read more Fortunately for most cases, there is a simple solution to why your mouse pointer would jump around the screen.,View and Download Toshiba WT8PE-B user manual online. WT8PE-B Tablet pdf manual download. Also for: Wt10pe-a.,Edmodo is an easy way to get your students connected so they can safely collaborate, get and stay organized, and access assignments, grades, and school messages.

[small_divider]
Downloaded 2146 times

OS: Windows 10, 8, 7, Vista, XP.

[small_divider]

Direct Download: Red Fire Screensaver

[toggle title=”Download Windows Theme Version“]Red Fire Windows Theme[/toggle]

[toggle title=”Download Logon Screen Version“]Red Fire Logon Screen[/toggle]

[toggle title=”Download Animated Wallpaper Version“]Red Fire Animated Wallpaper[/toggle]

[small_divider]
[tabs]

[tab title=”Video Preview”]



[/tab]

[tab title=”Image Preview”]

[fade_slider cats="454" width="610" height="320" timeout="5"]

[/tab]

[tab title=”Download Now”][small_divider]
[small_divider]

Direct Download: Red Fire Screensaver

[toggle title=”Download Windows Theme Version“]Red Fire Windows Theme[/toggle]

[toggle title=”Download Logon Screen Version“]Red Fire Logon Screen[/toggle]

[toggle title=”Download Animated Wallpaper Version“]Red Fire Animated Wallpaper[/toggle]

[/tab]

[/tabs]

[small_divider]

Red Fire is a unique screensaver that will bring the Fire to your computer screen. With 4 wonderful and beautiful fire scenarios for you.

[small_divider][notification type=”star”]4 Fire Scenes.High Quality Image and Effects.High Quality Music Actual Window Rollup

[/notification]

[small_divider]

Downloaded 2146 times

OS: Windows 8, 7, Vista, 2003, XP, 2000, 98, Me, NT

Direct Download: Red Fire Screensaver

[toggle title=”Download Windows Theme Version“]Red Fire Windows Theme[/toggle]

[toggle title=”Download Logon Screen Version“]Red Fire Logon Screen[/toggle]

[toggle title=”Download Animated Wallpaper Version“]Red Fire Animated Wallpaper[/toggle]

[small_divider]

#1 Free WordPress Theme – AccessPress Lite : Features Demo .

See below for the news on the latest developments and improvements to FirePlotter. If you want to see our future development plans for FirePlotter, please click here: RoadMap


January 2017 - FirePlotter 2.24 b180112 released!

Improvement:

- Added support for new HA reporting strings that appeared in later versions of FortiOS 5.4

Bug Fix:

- None.


February 2017 - FirePlotter 2.24 b170221 released!

Improvement:

- Added support for: new models:

Class 1 - ASA5506W, FGT-30E-MI, FWF-30E-MI, FGT-30E-MN, FWF-30E-MN, FWF-50E-2R, FGT-80E, FGT-81E, FGT-81E-POE

Class 2 - FGT-100E, FGT-100EF, FGT-101E, FGT-200E, FGT-201E

Class 3 - FGT-2000E, FGT-2500E, FGT-3800D

Bug Fix:

- None.


December 2016 - FirePlotter 2.24 b161201released!

Improvement:

- Added support for FG-52E (C1), FG-90E(C1), FG-91E(C1).

Bug Fix:

- None.


September 2016 - FirePlotter 2.24 b160916 released!

Improvement:

- Added support for FG-60E (C1), FG-61E(C1), FWF-60E(C1), and FWF-61E (C1).

- Allowed graph heading to be renamed via RegEdit String Values within HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings Graph.Left.Fortinet, Graph.Right.Fortinet, Graph.Left.Cisco, Graph.Right.Cisco .

Bug Fix:

- FortiOS 5.4 introduced Policy ID = 4294967295, to indicate 'local policy in' (SSL VPN, management etc.). FirePlotter can now handle filtering the Policy ID with such a large value. Policy ID 0, is FortiGate initiated session (DNS, AV update etc.).


July 2016 - FirePlotter 2.24 b160715 released!

Improvement:

- Added support for ASA5506-X (C1), ASA5506H (C1) ASA5506H-X (C1), ASA5506W-X (C1), ASA5508 (C1), ASA5508-X (C1), FG-800D (C3), FG-1200D (C3), FG-1500DT (C3), FG-3000D (C3), Fortigate-3100D (C3), FG-3200D (C3), FG-3700DX (C3), FG-3810D (C3), FG-3815D (C3), FG-5001C (C3), FG-5001D (C3).

- Added Registry entry HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings\RestrictCiscoConfigAccess (REG_DWORD). Set to 1 to disable menu option to view Cisco Firewall Configuration (via RMC (Right Mouse Click) in Session Table when connected to Cisco firewall).

- Alert email includes hyperlink to FPR file that initially triggered the alert, for quick access to alert triggering data. .FPR needs to be associated manually with FirePlotter.exe.

Bug Fix:

- Handle Cisco ASA auto-enable feature - 'aaa authorization exec LOCAL auto-enable', which removes need for 'enable' if logon privilege high enough.

- Corrected typo in Alert email text.


December 2015 - FirePlotter 2.24 b151214 released!

Improvement:

- Added support for ASA5516 (C2 - Class 2 License), ASA5516-X (C2).

Bug Fix:

- None


December 2015 - FirePlotter 2.24 b151208 released!

Improvement:

- Added support for ASA5506 (C1- Class 1 License), ASAv (C2), Fortigate-30D-POE (C1), FortiWiFi-30D-POE (C1), Fortigate-30E (C1), FortiWiFi-30E (C1), Fortigate-50E (C1), FortiWiFi-50E (C1), Fortigate-51E (C1), FortiWiFi-51E (C1), Fortigate-60C-POE (C1), FortiGate-60D-POE (C1), FortiWiFi-60D-POE (C1), FortiGate-70D-POE (C1) FortiGate-70D-LENC (C1), FortiGate-90D-POE (C1), FortiWifi-90D-POE (C1), FortiGate-98D-POE (C1), FortiGate-400D (C2), FortiGate-600D (C3), FortiGate-900D (C3), FortiGate-3000D-DC (C3), FortiGate-3100D-DC (C3).

- Change code so offline data is more easy to view. Save files in FP directory, remove PID references, create connection to non-existent firewall but specify ASA or FortiGate to activate correct data parsing component, Connect..

- Added File -> Global Settings. On exit, display "Changes to Global Settings require FirePlotter to be restarted to take effect.".

- Added File -> Open FirePlotter.ini. On exit, display "Changes to FirePlotter.ini require FirePlotter to be restarted to take effect."

- Fortinet have changed the way the SSH daemon operates, which needed an update to the SSH library used within FirePlotter.

Bug Fix:

- None


August 2015 - FirePlotter 2.24 b150806 released!

Improvement:

- Added support for FortiGate-VM64-Xen, FortiGate-VM32-Xen, FortiGate-1000D.

- Added flexability with Cisco enable prompt format.

- Added improve checking of stacked FirePlotter licenses.

- Added HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings\ScreenResIgnore (REG_DWORD) checking. 1 = do not check minimum screen resolution requirement.

Bug Fix:

- None


March 2015 - FirePlotter 2.24 b150310 released!

Improvement:

- Added FortiGate-VM64-HV, FortiGate-VM32-HV, ASA 5520.

Bug Fix:

- Cisco 'enable' command problem related to new feature in FirePlotter 2.24 b150304 that lets the 'enable' command to be changed to 'login' (or any string) - when connecting to a new Cisco firewall without a Connection Profile, this string (default: enable) wasn't being sent correctly - now fixed.


March 2015 - FirePlotter 2.24 b150304 released!

Improvement:

- Enable Cisco 'enable' command to be changed to 'login' (or any string). This is required for FirePlotter to login to Cisco firewalls that are using login instead of enable. This setting is associated with Connection Profile and is added through Registry (regedit.exe) using String Value (REG_SZ) CiscoEnableToString=login at (HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-Profiles\[Connection Profile Name]).

- Email Alert SMTP port. Allow option to specify SMTP port in Global Settings -> Email Notification -> SMTP server. Options , : or :. Also have added support for encrypted SMTP alert messages. This automatically happens if the mail server offer TLS support.

- "Unknown Firewall" warning message. The message has been changed, when an unknown firewall model is detected, new message suggests upgrading to the latest version of FirePlotter which most likely will fix the problem.

Bug Fix:

- None.


Jan 2015 - FirePlotter 2.24 b150126 released!

Improvement:

- Added the FortiOS build number to the status bar string.

- Auto export to CSV now includes First Seen (time/date) column.

Bug Fix:

- Added new models: FortiGate-VM, FortiGate-80D, ASA5525-K7, FortiGate-300D, FortiGate-70D, FortiGate-1000D, FortiGate-92D, FortiWiFi-92D, FortiGate-94D-POE, FortiGate-200D-POE, FortiGate-240D-POE, FortiGate-280D-POE, FortiGate-500D, FortiGate-1500D, FortiGate-3600C, FortiGate-3700D.


May 2014 - FirePlotter 2.24 b140515 released!

Improvement:

- Added support for FortiGate-3240C.

Bug Fix:

- Fix Bidirectional session filter which under certain circumstances didn't work. e.g. Source IP 192.168.10.50 Destination IP 192.168.10.50


April 2014 - FirePlotter 2.24 b140409 released!

Improvement:

- Added support for FortiGate-90D-POE.


March 2014 - FirePlotter goes DevNet

News:

- FirePlotter has joined Cisco's recently introduced Cisco DevNet: the new Developer Program from Cisco. Signing up and investing in Cisco Devnet means the FirePlotter development team can get access to Cisco technical information quickly which will help them to develop and design further new and exciting features for FirePlotter.


Jan 2014 - FirePlotter 2.24 Beta b140125 released!

Improvement:

- Added FirePlotter Startup password (File -> Global Settings -> Startup Password). If the password is lost, FirePlotter Startup password can be reset by uninstalling and re-installing FirePlotter. Note: Uninstall deletes all Connection Profiles. FirePlotter Registry Settings can be backed up via regedit.exe, by exporting HKEY_CURRENT_USER\Software\GISS-UK.com. Note: Connection Profile passwords are not included when HKEY_CURRENT_USER\Software\GISS-UK.com is restored (merge).

- FirePlotter Registry Settings now deleted on uninstall but not on upgrade.

- Added support for ScanSafe proxy data now included in Cisco ASA 9.1(3) session data.

- Added Support for bi-directional IP filters in Active or Session Filter Profile. Src and Dst IP filter value must be identical for bi-directional IP filter to operate. Note will not work for *not* (!) filter option.

- Added local time and date field to the message boxes reporting errors to aid technical support identify exactly when a message occured so it can be cross referenced in the debug log.

- If HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings\SessionDoubleClick (DWORD) = 1 then user can use double click to Zoom on sessions instead of single click.

- Change IP Information site to http://cqcounter.com/whois/ip/.html as default but allow user definable with [pre][ip][post]

HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings\IP-Information-Pre (String) HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings\IP-Information-Post (String)

- If HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings\SendAlertFPR (DWORD) = 1 then we will send .FPR file with Alert email.

- .FPR can be loaded on command line with quoted full path. Allows Alert .FPR to be launched as long as .FPR has been associated with FirePlotter.exe in Windows Explorer.

- Remove File -> Global Settings -> Online Help reference and change Help buttons to be context sensitive.

- Remove orange colour from Connect button as can't work as default button (key that reacts to Enter key).

- Added support for FortiGate-3950B, ASA5580-40.

Bug Fix:

- 32x32, 24 bit, BMP had a black dot pixel which is now changed to red.

- If default Connection profile (not Auto Connect) has Alert Profile, and then another Connection profile is loaded without Alert Profile then original Alert profile is used.

- /Profile: on command line has stopped working - now fixed.


Aug 2013 - FirePlotter 2.24 Beta b130808 released!

Improvement:

- Add File -> Global Settings ->Email Notification.

- Add graph total bandwidth (black line).

- Add Alerts Profile Editor: Session Count, Total Bandwidth.

- Add Alert profile to File -> Global Settings -> Default Profiles.

- Add Alert Profile to Connection Profile Editor.

- Add Total Bandwidth values to main screen.

- Add * when alert triggered for Sessions and Bandwidth on main screen.

- Add Global Settings -> Graph Scale.

- Add RMC to graph which offers Help - Graphical Bandwidth Plotting Explained.

- Add LMC on Session Table to Zoom with DoNotShow option for experienced users.

- Various other minor improvements.

- Add support for FGT-30D, FWF-30D, FGT-60D, FWF-60D, FGT-90D, FWF-90D, FGT-140D, FGT-240D, FGT-200D.

Bug Fix:

- Various minor bug fixes.


Jun 2013 - FirePlotter 2.23 b130619 released.

Improvement:

- Added support for ASA-5545, FGT-60D, FWF-60D, FGT-800C, FortiWiFi-60CX-ADSL, FortiGate-VM32, FortiGate-VM64.

Bug Fix:

- On FortiGate FortiOS V5.x handle '--more--' in output data.

- For Cisco added check for IPv6 addresses ':' in 'name' string and ignore for now (will support later).


Jan 2013 - FirePlotter 2.23 b130131 released.

Improvement:

- Add ASA5525, Fortigate-800C, ASA5555

- Adapt better to Cisco and FortiNet firewall BIOS model name (individual letter) case changes. e.g. accept Fortigate-110C and FortiGate-110C

Bug Fix:

- None


Dec 2012 - FirePlotter 2.23 b121214 released.

Improvement:

- None

Bug Fix: - Fixed displayed sessions fluctuating around 0 which could cause a crash.

- Fixed coping with FortiGate default action of automatically backing up the configuration introduced in v4.3 firmware - the 'Auto Config Backup...' message in CLI could cause connection failure. If detected, we now change delay wait for login prompt to 30 seconds.


Nov 2012 - FirePlotter 2.23 b121123 released.

Improvement:

- Add support for ASA-5515, ASA-5512, FortiGate-80C, FortiGate-200B and FortiGate-300C

Bug Fix: - Add parsing support for Cisco OS 9.0.1 - format of data changed slightly by Cisco.

- Adapt to changes to ASA sub-interfaces e.g. insideE0/1.


Aug 2012 - FirePlotter 2.23 b120830 released.

Improvement:

- Validate path for .FPR when clicked on graph - must be ...\yy-mm-dd\xx-hour\ - Default click column sorting to Descending - Add 'TimeZoneOffset' in Registry for FP-GlobalSettings HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings (checked 1st) and connection profiles within FP-Profiles HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-Profiles\ (checked 2nd) DWORD to hold hour offset between recorded data and player timezone e.g. 3 or -1 etc.

- Add check for 0.0.0.0 in IsValidIP() as Cisco seem to have this as valid in session table and need to avoid 111.111.111.111 for invalid address .

Bug Fix:

- None.


Aug 2012 - FirePlotter 2.23 b120813 released.

Improvement:

- Added quick implement feature to handle 'enable ' in Cisco ASA/PIX, where is 1-15. is included after a in the SSH Login name. If is included in the SSH Login name then 'enable ' is sent to the Cisco host.

Bug Fix:

- Allow '.' along with other limited characters in profile name.


Aug 2012 - FirePlotter 2.23 b120806 released.

Improvement:

- New firewalls: FortiWifi-60CM.

Bug Fix:

- Change Connections Profile Editor and Quick Profile Save to only allow alphanumeric, space - _ characters in profile name (some characters, e.g. colon, were previously crashing FirePlotter as connection profile name is used in .fpr folder name).


Jul 2012 - FirePlotter 2.23 b120727 released.

Improvement:

- New firewalls: FG-100D, FG-621B, FortiGate-60C.

Bug Fix:

- None.


May 2012 - FirePlotter 2.23 b120521 released.

Improvement:

- Improvments in banner handling during authentication process to Cisco Firewalls.

Bug Fix:

- None.


April 2012 - FirePlotter 2.23 b120404 released.

Improvement:

- Right Mouse Click over session table now includes Edit Active Filter. - Record interval, added 1, 5 and 10 minutes.

- New firewalls: FGT-621B, ASA 5512-X, 5515-X, 5525-X, 5545-X, 5585-X, 5585-SSP-20, 5585-SSP-40, 5585-SSP-60.

Bug Fix:

- None.


February 2012 - FirePlotter 2.23 b120213 released.

Improvement:

- Add new FortiGate 3040B.

Bug Fix: - When trace lines showing only one protocol were being processed, one trace line wasn't being plotted. - FortiGate banner wasn't being checked after FortiToken.

- FortiGate two-factor authentication wasn't working for FortiToken for FGT admin login.


November 2011 - FirePlotter 2.23 Beta b111121 released.

Improvement:

- Add "Pause on Session Filter Match" feature. - Add support for FortiGate Two-Factor authentication and prompt for additional Token (set in Connectin Manager). - Reduce complexity of Quick Connect Profile screen. - Add "Reset cumulative totals when FirePlotter starts" option (set in Global Settings, Cumulative Totals). - Switch byte counters for UINT64 allowing 20 digits (rather than UINT32 only 10 digits).

- Add to FP.INI TCP/515 LPD.

Bug Fix:

- Trace colour would be used for wrong traffic as IP Protocol wasn't being considered. - Filters column sort were wrong for ascending/descending icon. - Trying to edit first connection profile didn't actually load any data.

- SessionID wasn't being correctly converted (Hex to UINT) - might get wrong colours on session table.


November 2011 - FirePlotter 2.22 b111121 released.

Improvement:

- Add support for new FortiGates: 20C, 40C, 81CM, 300C, 600C, 1000C, 3140B, 5060SM, 5060FA, 5060SAP.


November 2011 - FirePlotter 2.22 b111114 released.

Improvement:

- The limit for [Port] definition in .INI was 2000 chars – it is now set to 4000.
- Add support for firewall Cisco ASA5585-SSP-10.


May 2011 - FirePlotter 2.22 b110513 released.

Improvements: - We now support complex filters in Filter -> Session Filter Manager. (SrcIPFlt, DstIPFlt, DstSvcPrt, SourcePrtFlt, IPProtFlt LogLevel=255 to FirePlotter.INI. Bug Fix

- QuickSave wasn't toggling MonitorHA between FGT and Cisco.


March 2010 - FirePlotter 2.01 b100226 released.

Improvements:

- New connection Profiles (File -> Manage Profiles) including encrypted passwords. - New command line profile loading. Use "/Profile: " - New moving parameters from FirePlotter.INI to the GUI interface (File -> Global Settings) - Support for FortiGate Clusters/High Availability. Must be enabled in Manage Profiles - New Download Filter to Connection Profiles: - ASA filter e.g. 'address 192.168.68.0 netmask 255.255.255.0 port 25' for ASA 7 , - FortiGate filter e.g.'diagnose system session filter policy 27' for 3.0 MR6 . - Changes to main screen to show ‘Download Filter’ and more detail for ‘Table Build Progress’ for larger firewalls. - Update session decoding to handle FortiOS 4.2 new format. - Number of performance and stability bugs fixed. - Add Manage Profiles option - Add password encryption for SSH/Telnet and Enable. - Add Quick Connect Save option. - Add Global Settings -> Cisco Direct Connects to control which direct connections are displayed in ASA 8 . - Add Global Settings -> Monitoring Connection to control if FPs own monitor connect is displayed. - Add Global settings - Do Not Show Messages. - Add Global Settings -> Misc Automatically check for FirePlotter update. - Add Monitor HA to profile which defaults to off. - Add more details to the Table Build Progress with Loading, Filtering, Sorting Summarising (only actually seen with large amounts of data). - Add Download filter: to main screen. - Add support for FortiOS 4.0 MR2 (4.2) as session table changed format. - Add FGT-310B, FGT-620B, FGT-311B, FGT-1240B, FGT-60C, FGT-200B, Fortigate-3810A. - When deleting unwanted rolling FPR files delete empty directories too. - If FPRMaxFileCount=1 user will not be asked about deleting FPR files it will just be done. Bug Fix - Front End would scan disk until last file found and then take the next file in the list to be displayed. - With FPR File Count set to 1 the last file may have already been deleted so couldn't be found. - Routine now still uses last file name as starting point (date/hour etc) but locates next greater filename. - If FPR loaded from non FPR directory structure then would get stuck in loop trying to find next file by walk tree that didn't exist. - If Hostname was used for firewall connection only the first 15 characters were saved. - Trailing space in Profile name caused problems - now delete leading and trailing spaces before save or rename. - Starting to rename a Profile and cancelling at the last stage resulted in the new name still being created. - Summarise by PolicyID wasn't '...' for Source Port. - Loading another profile with new refresh time still kept old one. - Password encryption into Registry had flaw - Setup was insisting on .NET 3.5 changed to 2.0.50727 as VS08 SP1 insist on a version - File -> Exit didn't offer user options to delete .fpr files.

September 2009 - FirePlotter 2.01 b090917 released.

Bug Fix: - Firewall model licensing bug for FGT 80C 80CM 82C caused licensing error (Class 0) - now fixed.

August 2009 - FirePlotter 2.01 b090818 released.

Improvements: - Add FPRMaxFileCount to [Data] section of INI to limit the number of .FPR files stored, and so manage disk space usage. Default setting is 250, Max value is 20,000, 0 means keep all data (and user has to manage disk space themselves). - When Exit, if FPRMaxFileCount > 0 then we give user option to keep or delete data. - When FirePlotter first starts, popup window appears after 120 seconds telling user FPRMaxFileCount is active and offer example setting to store data for 1 hour or 24 hours based on sample data, and how much disk space that will take. Bug Fix: - Removed 'Use double click to Zoom into session details...' from table to make screen refresh yet more stable. - Add ExcludeConnectionSession to INI in [Display] section. - Watch only mode popup firewall class when Auto-reconnect, now has 10 seconds timeout otherwise it stops FirePlotter processing until user cleared window.

July 2009 - FirePlotter 2.01 b090721 released.

Improvements: - Fireplotter now records all data to .fpr files (one file per "session list" snapshot - manage your diskspace carefully - this can be a lot of data!). - Click on graph now permits replay of historical data. - File, Open Recorded data permits replay of historical data. - FirePlotter can set replay interval period (0 1,2 seconds). - FirePlotter.ini [Data] FPRDataLocation= gives option on where to store FirePlotter data. - FirePlotter when playing historical data now has "Reset to Real-time" button option. - FirePlotter reports on estimated disk space consumption in 24 hour period, a few minutes after it connects to firewall. - Basic and Advanced View mode options now on Right Mouse Click. - Screen flicker no longer occurs on session table refresh. - FirePlotterLog.txt now called FirePlotterDebug.txt - Added support for FortiGate models: FGT-51B, FG-111C, FG-80C, FG-80CM, FW-80CM, FG-51B-LENC, FG-30B, FG-50B-HD, FG-82C FW-30B. Bug Fix: - Update wodSSH library to 2.7.4.114 and change some code to fix the "Not enough memory" error and Telnet connection problem to some Cisco Firewalls.

June 2009 - FirePlotter 1.42 b090630 released.

Improvements: - Support for FortiGate 111C, 80C,80CM and Wifi 80CM added. Bug Fix: - WODSSH.dll fixed "not enough memory" error that affected some Cisco ASA/PIX login sequences. - Right Mouse Click TraceRT fixed.

June 2009 - FirePlotter 2.0 featuring historical logging (record replay) - beta testing started.


Jan 2009 - FirePlotter 1.41 b090105 released.

Improvements: - Auto-reconnect feature. Upon connection loss, FirePlotter will auto-reconnect to the firewall, incrementing time between attempts until successful (preparation for logging and replay). - Add "Auto-Reconnect" (true/false) to fireplotter.INI under [Connection]. Default: True. - New FirePlotter Data Directory (better suited for Vista) - Defaults: Vista: C:\Users\\AppData\Roaming\FirePlotter, XP: C:\Documents and Settings\\Application Data\FirePlotter - New File Menu option to access this directory (for easy license file placement). - Change version to 1.41 as change to data location. - Change PIX configuration query to 'show running' rather than 'show config' to we get uncommitted changes too. - Add undocumented 'UseShowConfig' to fireplotter.INI under [Connection]. Default: False. - Now shows "Policy ID" from FortiOS (MR5 onwards). Cisco and previous versions of FortiOS will just have 0 in new column as feature unsupported by Cisco (Column sort, Filter and Summaries is supported). - In App Help Menu added more links. - Add slight delay to DNS conversion to keep CPU down. - Add ports 636 = LDAPs, 993 = IMAPs. 873 = Rsync to INI. Bug Fix: - About showing license for Category 1 didn't have \n between it and Concurrent count. - Add Fortigate-110C, Fortigate-620B, Fortigate-3016B, FortiWiFi-60B. - If auto-reconnected when unlicensed don't pop-up message just switch modes if necessary. - On manual n connect (to another fw or reconnect) connection routine wasn't fully initialised which could result in connection hang after 'Authenticated' status. - Double click on ranged column ('...') wasn't using the same summary mode as the column clicked i.e. DblClick on SourceIP got a Direction Summary. - Fix auto-reconnect when LAN interface disabled.

- Fix Telnet field name when switching from SSH to Telnet for Cisco.


August 2008 - FirePlotter 1.40 b080827 released.

Improvements: - Save windows resize on exit and restore on load. - Added Dialog to warn users not to use Telnet as SSH is much more secure and stable. - Format table counter with comma separated thousands. - Add additional FP application Help. - Add Right mouse click (RMC) to query IP address on DNSstuff.com. - Added new ports to INI - 111=SunRPC, 993=IMAPS, 563=NNTPS, 465=SMTPS, 8080=HTTP Alt, 5190=AOL, 3052=APC, 2049=NFS, 1935=Flash CS, 1023=Reserved, 57=Terminal, 158=PCMail Srv. - If run into windows resize problem then delete HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-WindowPosition. Bug Fix: - Ping counts jump due to negative calculation resulting is large positive value. - Found n updates can have Byte count less than n for same session! Cisco problem seen in 7.2(2). - Ping duplicate entries with Cisco 7.2(2), changed code to ignore second entry of ANY duplicate. - Sessions for FWSM Firewall Version 3.1(7) weren't being decoded properly.

- FWSM firmware version wasn't being decoded properly.


July 2008 - FirePlotter 1.40 b080728 released.

Improvements: - Add exit confirmation if Esc (Cancel) or Close [x] is pressed. Bug Fix: - If FTP doesn't have a bandwidth colour then don't bother checking for Fixup sessions.

- Fixed FP (b080630) crashing on start-up in W2K.


June 2008 - FirePlotter 1.40 b080630 released.

Improvements: - Add checking routine so cope with invalid PIX configuration hostname cross reference. - If name can't be resolved it is returned as 111.111.111.111. - Change PIX configuration processing to cope with 8.0 Description in 'name' entry. - Add Protocol=SSH to ready to use INI fields.

- Add two Dameware ports to INI list.


June 2008 - FirePlotter 1.40 b080610 released.

Improvements: - Fixed issues with Cisco PIX/ASA 7.2(4) not displaying correctly.

- We can now display ICMP for PIX/ASA.


June 2008 - FirePlotter 1.40 b080603 released.

Improvements:
- Added FirePlotter.ini parameter in [Display] section to control IP address to name resolution: DNS=6 (default) where using BINARY logic: 1=NetBIOS and Internet reverse DNS, 2=Internet reverse DNS only, 4=firewall configuration (Cisco only). e.g. DNS=6 means 2 (Internet reverse DNS) 4 (firewall configuration).


June 2008 - FirePlotter 1.40 b080602 released.

Bug Fix:
- Update code to interpret new 'dev=' interface direction introduced in FortiOS 3.0 MR6 Patch2 by FortiNet.


May 2008 - FirePlotter 1.40 b080529 released.

Improvements: - Add Training video link to FP Help. - Add user message if fp.ini isn't found and abort.

- Add abort option for download loop to allow graceful connect to new firewall.


May 2008 - FirePlotter 1.40 b080519 released.

Improvements: - Added SSH support. - Add to Right Mouse Click on table the option to Copy the IP address. - Add following model: Fortigate-1000AFA2, Fortigate-5001FA2, Fortigate-60M. - Add to ini Protocol = ssh or telnet. This is not the same as port. - Add to ini Port = x. Used in conjunction with Protocol i.e. 22, 23 or other. - Add option to open fireplotterlog.txt from File menu. - Changing Protocol will revert Port to default. - Changed INI Firewall= from PIX to ASA/PIX. - SocketTimeout= in INI in now in seconds rather than 100th of seconds. Default 5 seconds. - Indicate license type in log file Licensed or Unlicensed and Evaluation or Annual. Bug Fixes: - Change the socket timeout detection routines to make more robust. - Add Sleep to DNS check loop as there can be nothing to do which took utilization high for several milliseconds. - Cisco authentication if user prompt not found was reporting telnet prompt error now says users prompt error.

- Improved Cisco configuration file hostname processing and lookup threads using semaphores (Mutex) to reduce conflict possibilities.


Feb to May 2008 - SSH integration.


Mar 25th 2008 - FirePlotter Fortiverified.

FirePlotter has completed FortiNet's Fortiverified certification process. FirePlotter has been tested and certified in FortiNet's product development labs for interoperability with the FortiNet product range. It also means GISS (developers of FirePlotter) are now accredited as Technology Partners with FortiNet. More >>


Feb 2008 - FirePlotter 1.3 b080207 released.

Improvements: - Add following model: Fortigate-3600. - Added some more debugging information for LogLevel=255 in [Connections]that includes dumping the basic FortiGate session table each time it's processed. Note LogLevel=255 significantly reduces FirePlotter performance, so for debug only. - Updated status bar when processing offline data to include a count of session processed so when handling large data 130,000 session you can see FP is processing. - Setup change. Default to Everyone rather than Just me. If 1st copy is installed at Everyone and upgrade as Just me they will get two copies installed. It must always be the same. Bug Fixes: - PIX authentication code as expecting Telnet Password to be in first buffer received from PIX if it wasn't then assumption was that the device responding to Telnet thought wasn't actually a supported firewall i.e. UNIX etc.

- Change code to use Recv timeout to know connection attempt has failed.


Jan 2008 - FirePlotter 1.3 b080121 released.

Improvements: - Increase the default column width of Service/Destination Port and wasn't wide enough show Basic view friendly names. - Set TCP default timeout to 5 seconds instead 2 seconds. - Add following model: Fortigate-800F. Bug Fixes: - IP address field while processing PIX connection file was only 16 bytes but host 'name' from connection file can be 63. Result was that 'name' in table wasn't complete and never showed actual IP address - FGT interface lookup was failing if last interface in list was actually being used and could cause FP to crash. - Column width save and restore were not aligned with correct columns.

- PIX connection would hang then crash if system prompt was split across multiple download buffers.


Jan 2008 - FirePlotter 1.3 b080104 released.

Improvements: - Protect Interface variable overrun when reading from Interface file. - Improved TCP error reporting. Bug Fixes: - FGT interface lookup was assuming interfaces were sequential - now we know they're not so lookup routine was changed.

- FGT 2.80 now reporting correct model, firmware, serial etc.


Nov 2007 - FirePlotter 1.3 b071130 released.

Improvements: - Move Service/Dest Prt and Session next to Direction to ensure first glance at FP in intuitive. - Add 'Port=' notes to INI. to allow non-standard telnet port usage. This has been in FP for ages though not documented. - Change status bar session count to show x/y, so how many sessions in current display against total session. - In INI move Telnet user field before Telnet password. - Change main dialog text from 'Connection Port' to 'Connection Type'. - Change main dialog text for firewall from PIX/ASA to ASA/PIX. - In FP.ini enhance some of the explanations of parameters. - Change status bar text from 'Next update in' to 'Refresh in:' and 'Sessions' to 'Sessions:'. Bug Fixes: - ProcessPIXSystem changed to cope with format changes on ASA Failover with 8.0(2). - Enhance ProcessPIXSessions to do some more reliable validation of session data before processing. - Enhance Cisco and FGT validation of parameters and prevent over run of string lengths.

- Change Class of firewalls to reflect the web site buying model (Move ASA 5510 -> C2, Move ASA 5530 -> C3).


Nov 2007 - Cisco reveals bug in PIX/ASA v7.01 to 7.22 relevant to FirePlotter. More >>


Aug 2007 - FirePlotter 1.2.0 b070822 released.

Improvements: - Add FGT-50B, FGTWifi-50B, FGT-60B, FGTWifi-60B to C1 list. - Add Basic and Advanced View Mode. Default Basic. 'BasicViewMode=true' added to FirePlotter.ini. - Added 'Fortigate-5001' to C3 list. - Change Watch only mode startup dialog to include 'Advanced View Mode '. - Change from 'Active Filters' to 'Filters' in status bar. Bug Fixes:

- PIX 8 wasn't reading in version information correctly as yet again CR LF at end of lines have changed.


July 2007 - FirePlotter 1.2.0 b070721 released.

Improvements: - Change Default View to sort by Direction then Service/Dest Prt rather than In Bytes/s. - Change commented out Auto-Connect parameter in INI to true. Bug Fixes:

- Increase the buffer from 1024 to 4096 in the routine that handles the ASA/PIX login as large disclaimers banners were causing a connection failure.


March 2007 - FirePlotter 1.2.0 b070320 released.

Improvements: - Add support for Cisco ASA-5505, ASA-5505-K8, ASA-5510, ASA-5510-K8, ASA-5520, ASA-5520-K8, ASA-5530, ASA-5530-K8, ASA-5540, ASA-5540-K8, ASA-5550, ASA-5550-K8. - Add message if FP switches to Unlicensed mode if fw Class higher than license. - Add 'Default view' button to main dialog. - Add Right Mouse Click Options. - Manage Firewall via HTTP or HTTPS. - If PIX then allow to view the configuration. - If on Source or Destination IP and not ... allow Ping, TraceRt and HTTP to IP. - Move Block and Session % download into 'Next update' status bar panel. - Force immediate Refresh after connection so Table counter show values ASAP. Bug Fixes: - If unlicensed ExternalInterface parameter was still read from fireplotter.ini. - Fixed problem where Session could would count I extra line if last in list. - 'Refresh' moved on screen resize.

- Table and graph are now cleared when connecting to another firewall and an error (user etc) occur Brutal Legend Update 3


Feb 2007 - New FirePlotter logo design completed


Nov 2006 - FirePlotter website active

Why does the mouse pointer jump around the screen - Ask Leo!

EASY CUSTOMIZATION

A FREE THEME WITH POWERFUL THEME OPTIONS FOR CUSTOMIZATION. STYLE YOUR WORDPRESS AND SEE CHANGES LIVE!

ACCESSPRESS LITE

FREE RESPONSIVE, MULTI-PURPOSE, BUSINESS WORDPRESS THEME, PERFECT FOR ANY BUSINESS ON ANY DEVICE.

AccessPress Lite is a HTML5 CSS3 Responsive WordPress Business Theme with clean, minimal yet highly professional design. With our years of experience, we've developed this theme and given back to this awesome WordPress community. It is feature rich, multi purpose and flexible responsive theme Suitable for Agencies, Small Biz, Corporates, Bloggers – Anyone and Everyone! The theme is complete with many useful features. The intuitive theme options let you manage all the possible options/features of the theme. You can use it to create your next superb website in no time and all for FREE.

Read More

The AccessPress Lite is clean and smart WordPress theme that look awesome throughout the multiple devices or screen resolution. It adapts automatically in your tablet and mobile phones. It's got several theme options which can be customize simply. It is the sm...

Read More

Responsive website design is technique of developing websites which are hugely functional and the development that interact to user's behavior depending on screen sizes platform and orientation. It uses fluid grids, flexible images and a smart usage of CSS me...

Read More

AccessPress Lite features extensive styling option and flexible layout options so every page in your website can be unique. It's a multi-purpose Responsive Flexible WordPress theme which you can use to create almost any kind of websites. It features are intuit.. Dead Pixels OUTLAWS

Read More
  • Theme Options Panel
  • Responsive Design
  • Featured Slider
  • Sidebar custom Logo/favicon Option
  • Multiple Homepage Layouts
  • Portfolio, Event/News Layout
  • CSS3 Animations
View All Testimonials

MyON

SQL Server Agent is a job scheduling agent that ships with SQL Server. Its infrastructure consists of a Windows service that is used to execute tasks (called jobs in SQL Server parlance), and a set of SQL Server tables that house the metadata about these jobs. The agent can execute numerous types of jobs, either on a schedule, or on-demand. In this article, we will look at some of the best practices for security that should be followed when installing and setting up SQL Server Agent. I’m assuming you already have a working knowledge of configuring and using SQL Server Agent.

Who sees what

A common request that DBAs get is to grant the development team access to SQL Server Agent. As with all database access, you should grant only as much access as required, because of the inherent security risks of a task scheduler.

SQL Server contains 3 fixed database roles on the MSDB database, which gives administrators fine control over access to SQL Server Agent. The SQL Server Agent node in SSMS is visible only to users in one of these 3 roles (except sysadmins, who can see everything irrespective of role membership). Here is an explanation of the roles, in order from the most restrictive to least restrictive:

  • SQLAgentUserRole – Users in this role are granted view/edit/delete/execute access to only jobs owned by them. Users in this role cannot view any jobs owned by system administrators, or by users in the other two roles. Grant this role when you want users to only see jobs owned by them.
  • SQLAgentReaderRole – Users in this role get all the privileges of theSQLAgentUserRole, i.e. they get access to owned jobs. In addition to that, they can also view (but not modify or execute) all jobs on SQL Server Agent, irrespective of ownership. Grant this role when you want users to be able to view, but not execute, all jobs in the system, but modify/execute only jobs owned by them.
  • SQLAgentOperatorRole – Users in this role get all the privileges of the SQLAgentReaderRole. In addition to that, they can also execute, or enable/disable any job in the system. However, users in this role can modify only owned jobs. Grant this role for super users who can view/execute all jobs on the system.

Always start by granting users the most restrictive role – SQLAgentUserRole, and upgrade membership to higher roles if required. Use the below table to determine the type of access you should grant:

Action SQLAgentUserRole SQLAgentReaderRole SQLAgentOperatorRole
Create/modify/delete Only owned jobs Only owned jobs Only owned jobs
View List Only owned jobs All jobs All jobs
Enable/Disable Only owned jobs Only owned jobs All jobs
View Properties Only owned jobs All jobs All jobs
Edit Properties Only owned jobs Only owned jobs Only owned jobs
Start / Stop Only owned jobs Only owned jobs All jobs
View job history Only owned jobs All jobs All jobs
Delete job history No No Only owned jobs
Change Ownership No No No

What service account to use

The core of the SQL Server Agent infrastructure is the SQL Agent Service. This is a windows service that is responsible for executing the different types of job steps supported by SQL Server Agent. The service account defines the Microsoft Windows account used to execute the SQL Agent service.

You select an account for the SQL Server Agent service by using SQL Server Configuration Manager, where you can choose from the following options:

  • Local System– This is the NT AUTHORITY\System account on the local machine. It is a member of the Windows Administrators group on the local machine, and therefore, is a member of the SQL Server sysadmin fixed server role. Since the account is a Windows administrator, it has permissions beyond what is required for running SQL Server Agent, and it is therefore not recommended to be used as a service account.
  • Local Service– not recommended. Has minimum privileges on local machine.
  • Network Service – not recommended. Has minimum privileges on local machine.
  • Windows Domain Account – You can also choose a windows domain account as the service account for SQL Server Agent. Using a windows domain account and granting it the necessary permissions is the best practice when choosing a service account. It is also recommended that this account not be a member of the Windows Administrators group.

Further, the service account is required to be a member of the SQL Server sysadmin fixed server role on the SQL Server instance.

SQL Server Agent also supports proxies, which allows it to execute processes in the context of other windows users. Proxies are addressed in detail later in this article, but from a security perspective, the service account should have the following windows permissions to be able to support proxies:

  • Permission to log on as a service (SeServiceLogonRight)
  • Permission to replace a process-level token (SeAssignPrimaryTokenPrivilege) – this permission allows a windows account to launch a new process under a different user account. This permission enables the SQL Server Agent service account to launch processes that “run as” the user accounts defined in the proxy.
  • Permission to bypass traverse checking (SeChangeNotifyPrivilege) – this permission allows a windows account to traverse a directory structure, even though the account may not have access on the individual levels of the directory tree. To understand why this is required, consider this example – SQL Server Agent is trying to execute an SSIS package residing on a shared folder \\TOP_SECRET\For_SQL_Agent.dtsx. In this scenario, the service account is granted access only to the “For_SQL_Agent.dtsx” file, and does not have any access whatsoever to the “TOP_SECRET” folder. Since the agent service account has the bypass traverse checking permission, it can still traverse the directory structure to get to the .dtsx file, and execute the package.
  • Permission to adjust memory quotas for a process (SeIncreaseQuotaPrivilege) – required so that SQL Server agent can adjust memory quotas for memory-intensive jobs.
  • Permission to log on using the batch logon type (SeBatchLogonRight) – when executing scheduled tasks in the context of a different user, SQL Server Agent will first create a new “batch logon session” that runs in the security context of this user. A batch logon session is a session created without any interaction from the user, as opposed to an “interactive” logon session, which is created when a user physically logs on to the machine. This permission enables SQL Server Agent to create a batch logon session.

Note that there are special considerations when setting up the service account for multiserver job processing. You can refer to the documentation here for a complete list of the permissions required..

Who should own what job

Job ownership is an important concept in SQL Server Agent. SQL Server Agent sets the security context for job execution based on the role of the user owning the job. By default, SQL Server Agent executes job steps under the SQL Server Agent service account irrespective of job ownership, or under the context of a proxy account, as we will see later in this article.

The exception to this rule is T-SQL job steps, which execute under the security context of the job owner. If the job owner is a member of the sysadmin role, then the job step executes in the context of the SQL Server Agent service account. A common mistake when setting up jobs is to make “sa” the job owner – this will cause all T-SQL job steps to execute as the SQL Agent service account, which is a system administrator account. A better option is to set a non-sysadmin account as the job owner, and explicitly grant only the required database permissions to this account.

If you have a single instance of SQL Server Agent hosting jobs for multiple applications, you should consider using job ownership for access control of T-SQL steps. Each group of jobs for an application should be owned by an account specific to that application, which is granted access only to database objects relevant to that application. This approach will prevent jobs for one application inadvertently modifying database objects from another application. Access control for other types of job steps (SSIS, replication etc.) can be enforced by using proxies, as we will see later in this article.

Logging to file

SQL Server Agent maintains job history for each job execution, which includes job start and end times, a log of the job activity etc. There are a couple of ways you can view job history:

  • Right-click on the job in SSMS, and choose View job history, or,
  • By querying the msdb.dbo.sysjobhistory table. The View job history option in SSMS internally queries this table to get the job history.

One of the problems with the sysjobhistory table is that it can store only up to a maximum of 4000 characters per log entry, because the message column in the table is defined as nvarchar(4000). If this is exceeded, it may cause problems with subsequent job steps because errors will be lost. This simple test will illustrate the point:

select 1/0 -expression that will trigger an error.

In the above t-SQL, we execute the DBCC CHECKALLOC command to check disk space allocation consistency for the msdb database. The command also prints an allocation summary for each index and partition in each file, which will go past the 4000 character limit on most databases. At the end of the DBCC command, the job step in our test intentionally fails with a divide by zero error. Upon execution, the job will obviously fail, but you will never see the divide by zero error in the job history, because the error message gets truncated at 4000 characters.

To prevent this from happening, it is always a good practice to log your job output to a file. You can set this option from the Advanced tab on the job step, as shown in the figure. Setting this option will write all your job output to a text file, and enable you to look at the complete log with no limit on the number of characters.

When choosing this option, ensure that the SQL Agent service account has write access to the log file. There is also an option to log to a table instead, which basically writes the same log entry to the msdb.dbo.sysjobstepslogs table instead of a file.

If you choose to write the log output to a file or a table, it is a good idea to setup an archiving mechanism to archive the log file or table – failure to do so may lead to situations where the log file or table uses up all your disk space and brings down your entire SQL Server instance.

Using Alerts

SQL Server Agent provides an alert system that allows database administrators to configure outgoing alerts for various system events. The alert can be used to notify database administrators about certain error conditions. It can also execute other SQL Server Agent jobs to fix the problem, or take other remedial action.

Setting up alerts for errors

You can setup alerts to send out notifications when certain errors occur in the system. Alerts can be triggered when:

  • An error with a predefined error number occurs
  • An error with a predefined severity occurs
  • An error containing a predefined text occurs

SQL Server Agent reads the Windows application log periodically and checks if an error satisfying one of the above criteria has occurred. If it finds an entry, it initiates the action listed on the Response tab of the alert.

The Response allows you to notify a database administrator of the situation via email. Or, if the problem can be fixed, the alert can be configured to execute another SQL Server Agent job to fix the problem.

Note – It is important to remember that SQL Server Agent alerts are triggered only for errors that are logged to the windows application log. If you setup alerts for errors that are not logged to the windows log (such as the divide by zero error), your alert will never fire. If you explicitly want an error to be logged to the windows application log, you can call RAISERROR with the LOG option, which will log the error and fire any alerts configured to listen for the specific error.

The best practice is to configure alerts for errors with severity 19 to 25. Errors with severity greater than 19 are always logged to the event log, and the alert should be configured to notify the database administrator(s).

Setting up performance alerts

Another useful feature of SQL Server Agent is the ability to send out alerts when certain performance counters are affected. Alerts can be configured to fire when certain performance counters values exceed/equal/go below a limit. For e.g., the accompanying screenshot shows an alert configured to fire when the tempdb log file size exceeds 1 GB. On the response screen, you can execute a SQL Server Agent job to truncate the log and fix the problem.

USING PROXIES

SQL Server Agent uses Proxies to define the security context for job steps. Basically, a proxy is an object that provides SQL Server Agent access to stored credentials for a Windows user. When running a job step that is configured to use a proxy, SQL Server Agent impersonates the credentials defined in the proxy, and then runs the job step using that security context.

SQL Server Agent uses Subsystems to define the security context for proxies. By default, SQL Server agent provides 11 subsystems, as shown in the figure. Each subsystem represents a type of external process that can be executed in a job step.

By default, all T-SQL job steps in SQL Server Agent execute using the account that owns the job. For job steps that execute processes in one of the other subsystems (e.g. SSIS, PowerShell etc.), the default execution account is the SQL Server Agent execution account. For job steps in non T-SQL subsystems, the SQL Server Agent service account would have to be granted access to these other subsystems as well. This is almost always a bad practice – it significantly increases the security risk if the service account is compromised.

A better option is to configure a proxy for each subsystem, and grant the appropriate privileges to the proxy account. When a proxy is granted access to a subsystem, it becomes available to all job steps using that subsystem.

Creating a proxy for SSIS Package Execution

You can follow these steps to create a proxy for the SSIS subsystem, and use it in job steps.

  • Create a credential – In SSMS, expand the Security node, and right-click on Credentials. Choose New Credential to launch the new credential dialog, and enter the credential name. In the Identity box, enter the name of the windows account that you will be using for the proxy – this is the account that SQL Server Agent will use when connecting to the external subsystem. Enter, and re-enter the account password to create the credential.
  • Create the proxy – In SSMS, expand the Proxies node under SQL Server Agent. Right-click on the SSIS Package Execution node, and choose New Proxy to launch the new proxy dialog. Type in a proxy name. In the Credential name box, type in the name of the credential created earlier. In the Active to the following subsystems list, check the subsystems where the proxy can be used – you must first make sure that the credential used by the proxy has access to the selected subsystems. In the above screenshot, I added the proxy to the SQL Server Integration Services Package subsystem.
  • Create the job – Right-click on the Jobs node under SQL Server Agent in SSMS to launch the New Job dialog. Enter a name for the job and navigate to Steps tab. On the Steps tab, add a new job step by clicking New, and enter a job step name. Under the Type dropdown, select SQL Server Integration Services Package, since we added the proxy to the SSIS subsystem. Under the Run As drop down, you should automatically see two accounts – the SQL Server Agent Service account, and the proxy we just created. You can then select a package of your choice from either the SSIS Catalog or the file system. Once you have selected the SSIS package, hit Ok on the New Job Step and New Job dialogs to create the job.

When you execute the job we created, SQL Server Agent actually impersonates the account used by the proxy, and executes the SSIS package under the security context of the impersonated account.

Conclusion

In this article we discussed the security implications when choosing a service account for SQL Server Agent, and looked at the security permissions that should be granted to the service account. We also delved into setting up job visibility for different users by adding them to one of the 3 fixed database roles in MSDB, and we also touched upon the importance of the job owner. We also looked at the options available for logging in SQL Server Agent, and how this enables you to get over the 4000-character limit in log messages. We went over the different types of alerts that you can configure in SQL Server Agent. Lastly, we looked at the steps to setup proxies and configure your jobs to use proxies.

I hope that these tips will enable you to create a secure and efficient SQL Server Agent environment Video To iPad Converter exe

Related articles

ALLPlayer для 4K Ultra HD - free-players.ru ALLPlayer 5.5ALLPlayer is one of the most popular programs for watching movies with matching subtitles. It plays all known media formats, RAR files, and futhermore has an .,Free Download ALLPlayer 8.2 - Modern-looking multimedia player which enables you to look for matching subs on the Internet and features an option th., :ALLPlayer :8.2 : :() :http://www.allplayer.org .

Convert Edit Or Compose Bitmap Images ImageMagick ImageMagickDetailed Vulnerability Information. Nikolay Ermishkin from the Mail.Ru Security Team discovered several vulnerabilities in ImageMagick. We've reported these issues to .,The Definitive Guide to ImageMagick [Michael Still] on Amazon.com. *FREE* shipping on qualifying offers. * The Definitive Guide to ImageMagick is the first book to .,ImageMagick es una coleccion de librerias y utilidades para leer, escribir y manipular una imagen de casi cualquier formato, incluyendo los mas populares: TIFF .

Microsoft Office 2013 - Phone Activation ~ Free Crack Corner Activation Office 2013IT News Corner already published many serial and product keys of Microsoft Office. With Microsoft Office 2013, there is a new option of activation your .,Never go scrambling for the details again. In the office or on the road, by yourself or with an assistant, access your synchronized data on any device.,office 2013 pro plus activation code, office 2013 pro plus free key, office 2013 pro plus product key, amazon

<< Go back to the previous page