Configure Policy Based Management - SQL-FineBuild/Common GitHub Wiki
| Previous Configure Management Data Warehouse | Manual Configuration | Configure Generic Maintenance Processes Next |
|---|
Policy Based Management allows the configuration of SQL Server to be controlled by policies that can be audited and enforced.
A set of best-practice policies is provided by Microsoft, and these have been modified to provide the additional facilities for FineBuild. However, the Microsoft PBM framework is of limited usefulness with modern server builds, and many of the Policies that get installed may need to be switched off to avoid unnecessary alerts.
FineBuild Policy Based Management Configuration
The Generic Maintenance Processes configuration relates to Process Id 5EE and is controlled by the parameters below:
| SQL Version | Parameter | FULL Build | WORKSTATION Build | CLIENT Build |
|---|---|---|---|---|
| SQL2019 | /SetupPBM: | Yes | Yes | N/A |
| SQL2017 | /SetupPBM: | Yes | Yes | N/A |
| SQL2016 | /SetupPBM: | Yes | Yes | N/A |
| SQL2014 | /SetupPBM: | Yes | Yes | N/A |
| SQL2012 | /SetupPBM: | Yes | Yes | N/A |
| SQL2008R2 | /SetupPBM: | Yes | Yes | N/A |
| SQL2008 | /SetupPBM: | Yes | Yes | N/A |
| SQL2005 | /SetupPBM: | Yes | Yes | N/A |
In order to maintain compatibility with older versions of SQL FineBuild, the parameter /ConfigPBM: can also be used.
The SQL FineBuild Policy Based Management install delivers the following:
- A clear naming standard to identify and separate Conditions, Restrictions, and Targets
- Most policies are installed as activated and scheduled for evaluation, rather than inactive
- Configuration of SQL Agent jobs to process the policies. The most sensitive policies are checked every 10 minutes, with the rest checked each midnight
- Additional configuration checks beyond those supplied by Microsoft
- Automatic purge of policy Evaluation History after 30 days
Manual Policy Based Management Configuration
The following steps show what you would have to do for manual Configure Policy Based Management. FineBuild does all of this work for you automatically.
-
Extract all files from Build Scripts\FineBuildPBM.Cab into a temporary folder.
-
Run the FineBuildPBM script to install the PBM facets and policies. A single set of these routines is created for each SQL Server instance.
The following are installed:
- 60 Condition facets
- 13 Restriction facets
- 16 Target facets
- 58 Policies
- Schedules and jobs to process the policies
The job names created when a PBM policy is scheduled include the Schedule GUID as part of the job name. The FineBuild installation process for PBM renames these jobs to include the Schedule name instead of the GUID, to make it easier for the DBA to understand what work is being done
Copyright FineBuild Team © 2014 - 2020. License and Acknowledgements
| Previous Configure Management Data Warehouse | Top | Configure Generic Maintenance Processes Next |
|---|