Security Compliance Manager (SCM) 3.0 now available for beta download!
New baselines for securing Windows Server 2012 and Windows 8 environments now available for beta review!
Security Compliance Manager 3.0 (SCM 3.0) is now available for download! SCM 3.0 is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage both desktops and servers using Group Policy and Microsoft System Center Configuration Manager. In addition to key features from the previous version, SCM 3.0 offers new Windows Server 2012, Windows 8, and Internet Explorer 10 baselines!
Secure your environment with new product baselines for Windows Server 2012, Windows 8, and Internet Explorer 10. The latest version of SCM offers all the same great features as before, plus an enhanced setting library for Windows 7 SP1 and Windows 2008 R2 and bug fixes. The updated setting library gives you the ability to further customize baselines, and also improves GPO Import feature affinity. SCM 3.0 provides a single location for creating, managing, analyzing, and customizing baselines to secure your environment quicker and more efficiently.
To learn more about the Security Compliance Manger tool, visit the TechNet Library.
SCM 3.0 provides ready-to-deploy policies and DCM configuration packs that are tested and fully supported. Our product baselines are based on Microsoft security guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats.
Easily configure Windows operating systems, Microsoft Office applications, and Internet Explorer with industry leading knowledge and fully supported tools.
Next steps:
Join the SCM 3.0 beta. Click here to join the beta and get the latest version of the tool.
Tell us what you think! Test drive the beta release, and send your constructive feedback to secwish@microsoft.com. We value your input; this is the perfect opportunity to be heard.
Tell your peers and customers about Security Solution Accelerators! Please forward this to anyone who wants to learn more about security and Microsoft Solution Accelerators.
Already using Security Solution Accelerators? We’d like to hear about your experiences. Please send comments and suggestions to secwish@microsoft.com. Want more information on a specific feature? Interested in speaking with the development team? Please contact Venkat Ganti.
Passing multiple/dynamic values to Stored Procedures & Functions | Part 4 – by using TVP
This is the last fourth part of this series, in previous posts we talked about passing multiple values by following approaches: CSV, XML, #table. Here we will use a new feature introduced in SQL Server 2008, i.e. TVP (Table Valued Parameters).
As per MS BOL, TVPs are declared by using user-defined table types. We can use TVPs to send multiple rows of data to Stored Procedure or Functions, without creating a temporary table or many parameters. TVPs are passed by reference to the routines thus avoiding copy of the input data.
Let’s check how we can make use of this new feature (TVP):
-- First create a User-Defined Table type with a column that will store multiple values as multiple records:
CREATE TYPE dbo.tvpNamesList AS TABLE
(
Name NVARCHAR(100) NOT NULL,
PRIMARY KEY (Name)
)
GO
-- Create the SP and use the User-Defined Table type created above and declare it as a parameter:
CREATE PROCEDURE uspGetPersonDetailsTVP (
@tvpNames tvpNamesList READONLY
)
AS
BEGIN
SELECT BusinessEntityID, Title, FirstName, MiddleName, LastName, ModifiedDate
FROM [Person].[Person] PER
WHERE EXISTS (SELECT Name FROM @tvpNames tmp WHERE tmp.Name = PER.FirstName)
ORDER BY FirstName, LastName
END
GO
-- Now, create a Table Variable of type created above:
DECLARE @tblPersons AS tvpNamesList
INSERT INTO @tblPersons
SELECT Names FROM (VALUES ('Charles'), ('Jade'), ('Jim'), ('Luke'), ('Ken') ) AS T(Names)
-- Pass this table variable as parameter to the SP:
EXEC uspGetPersonDetailsTVP @tblPersons
GO
-- Check the output, objective achieved 🙂
-- Final Cleanup
DROP PROCEDURE uspGetPersonDetailsTVP
GO
So, we saw how we can use TVPs with Stored Procedures, similar to this they are used with UDFs.
TVPs are a great way to pass array of values as a single parameter to SPs and UDFs. There is lot of know and understand about TVP, their benefits and usage, check this [link].
Passing multiple/dynamic values to Stored Procedures & Functions | Part 3 – by using #table
In my previous posts we saw how to pass multiple values to an SP by using CSV list and XML data, which are almost of same type. Here in this post we will see how we can achieve the same objective without passing values as parameters and by using temporary (temp, #) tables.
Here in the third part of this series the Stored Procedure will be created in such a way that it will use a Temporary Table, which does not exist in compile time. But at run time the temp-table should be created before running the SP. In this approach there is no need to pass any parameter with the SP, let’s see how:
-- Create Stored Procedure with no parameter, it will use the temp table created outside the SP:
CREATE PROCEDURE uspGetPersonDetailsTmpTbl
AS
BEGIN
SELECT BusinessEntityID, Title, FirstName, MiddleName, LastName, ModifiedDate
FROM [Person].[Person] PER
WHERE EXISTS (SELECT Name FROM #tblPersons tmp WHERE tmp.Name = PER.FirstName)
ORDER BY FirstName, LastName
END
GO
-- Now, create a temp table, insert records with same set of values we used in previous 2 posts:
CREATE TABLE #tblPersons (Name NVARCHAR(100))
INSERT INTO #tblPersons
SELECT Names FROM (VALUES ('Charles'), ('Jade'), ('Jim'), ('Luke'), ('Ken') ) AS T(Names)
-- Now execute the SP, it will use the above records as input and give you required results:
EXEC uspGetPersonDetailsTmpTbl
-- Check the output, objective achieved 🙂
DROP TABLE #tblPersons
GO
-- Final Cleanup
DROP PROCEDURE uspGetPersonDetailsTmpTbl
GO
This approach is much better than the previous 2 approaches of using CSV or XML data.
The values will be entered in temp tables and then will be accessed inside the SP. There is no parsing involved as the records are directly read from temp table and used in SQL query just like normal queries. Also there is no limit of records if you compare with CSVs & XML data.
But, the catch here is, the temp table should exist before executing the SP, if for some reason it is not there the code will crash. But its rare and can be handled by some checks.
In my next and last [blog post] of this series we will see a new feature of SQL Server 2008 i.e. TVP, which can be used in such type of scenarios, check here.
Passing multiple/dynamic values to Stored Procedures & Functions | Part 2 – by passing XML
In my previous post [Part 1] we saw how to pass multiple values to a parameter as a CSV string in an SP.
Here in the second part of this series we will use XML string that will contain the set of values and pass as an XML param variable to the SP. Then inside the SP we will parse this XML and use those values in our SQL Queries, just like we did in previous post with CSV string:
USE [AdventureWorks2012]
GO
-- Create an SP with XML type parameter:
CREATE PROCEDURE uspGetPersonDetailsXML (
@persons XML
)
AS
BEGIN
--DECLARE @persons XML
--SET @persons = '<root><Name>Charles</Name><Name>Jade</Name><Name>Jim</Name><Name>Luke</Name><Name>Ken</Name></root>'
SELECT T.C.value('.', 'NVARCHAR(100)') AS [Name]
INTO #tblPersons
FROM @persons.nodes('/root/Name') as T(C)
SELECT BusinessEntityID, Title, FirstName, MiddleName, LastName, ModifiedDate
FROM [Person].[Person] PER
WHERE EXISTS (SELECT Name FROM #tblPersons tmp WHERE tmp.Name = PER.FirstName)
ORDER BY FirstName, LastName
DROP TABLE #tblPersons
END
GO
-- Create XML string:
DECLARE @xml XML
SET @xml = '<root>
<Name>Charles</Name>
<Name>Jade</Name>
<Name>Jim</Name>
<Name>Luke</Name>
<Name>Ken</Name>
</root>'
-- Use the XML string as parameter which calling the SP:
EXEC uspGetPersonDetailsXML @xml
GO
-- Check the output, objective achieved 🙂
-- Final Cleanup
DROP PROCEDURE uspGetPersonDetailsXML
GO
This approach looks much cleaner and more stable to me than the previous one (CSV). XML is a de-facto standard to store and transmit data in a more structured way. Thus I prefer XML string over the CSV string on these type of cases.
The CSV approach is no different than this one, it internally converts the CSV string to an XML then parse it. Thus, like CSV if the XML string becomes lengthy it will also take time to parse the whole XML and then use the values in SQL queries in the SP.
In next [blog post] we will see how we can perform the same operation by using temporary (temp, #) tables.
Passing multiple/dynamic values to Stored Procedures & Functions | Part 1 – by passing CSV
Here in the first Part of this series we will use a CSV string that will contain comma separated list of values and pass as a VARCHAR datatype param variable to the SP. Then inside the SP we will parse this VARCHAR CSV string and use those values in our SQL Queries:
-- As always I will use the AdventureWorks database 🙂
USE [AdventureWorks2012]
GO
-- Create an SP with NVARCHAR(MAX) parameter:
CREATE PROCEDURE uspGetPersonDetailsCSV (
@persons NVARCHAR(MAX)
)
AS
BEGIN
--DECLARE @persons NVARCHAR(MAX)
--SET @persons = 'Charles,Jade,Jim,Luke,Ken'
SELECT T.C.value('.', 'NVARCHAR(100)') AS [Name]
INTO #tblPersons
FROM (SELECT CAST ('<Name>' + REPLACE(@persons, ',', '</Name><Name>') + '</Name>' AS XML) AS [Names]) AS A
CROSS APPLY Names.nodes('/Name') as T(C)
SELECT BusinessEntityID, Title, FirstName, MiddleName, LastName, ModifiedDate
FROM [Person].[Person] PER
WHERE EXISTS (SELECT Name FROM #tblPersons tmp WHERE tmp.Name = PER.FirstName)
ORDER BY FirstName, LastName
DROP TABLE #tblPersons
END
GO
-- No execute this SP by passing a list of values comma separated as a single string:
EXEC uspGetPersonDetailsCSV 'Charles,Jade,Jim,Luke,Ken'
GO
-- Check the output, objective achieved 🙂
-- Final Cleanup
DROP PROCEDURE uspGetPersonDetailsCSV
GO
This is the most simplest and common method to pass multiple values to an SP, but not ideal. If there are multiple values with count ranging to thousands, then storing them in VARCHAR will not be possible and parsing them would be a big trade off.
So, to perform this operation we have another method by using XML String. Check this in my next [blog post].
Current Visitors
StatCounter …since April 2012
Leisure blog: Creek & Trails
- NMDC Hyderabad Marathon – My first 42k FM, cramps, training and fuelling
- Singapore (Part 2) – 6 days itinerary, sightseeing & attractions
- Singapore (Part 1) – Tickets, Visa, Hotel, Forex Card/Cash, Metro/Bus cards
- I got full refund of my flight tickets during COVID lockdown (AirIndia via MakeMyTrip)
- YouTube – Your Google Ads account was cancelled due to no spend
- YouTube latest update on its YPP (YouTube Partner Program) which may affect your channel
- Starting your own blog !!!
- How to file ITR (Income Tax Return) online AY 2017-18 (for simple salaried)
- Scam – Become a kin/hier and earn a fortune – via LinkedIn and Email
- Places to visit in and around Vizag (aka Visakhapatnam)
SQL with Manoj 