Issued revoke database object permissions with grant command how to monitor with email alert

[bob]

You ever notice how Windows Server logs all these quirky events in the Event Viewer? That one you're asking about, the 24198 with the revoke database object permissions and that grant command bit, action_id RWG and class_type US. It pops up when someone yanks away access rights to a specific database item, like a table or view, and they had the power to pass those rights to others. Basically, it's a security tweak happening inside your SQL setup. I mean, it could be an admin tightening things up, or maybe a user fumbling around. But it flags a change that might mess with who can touch your data. The full log shows details like who did it, when, from where, and exactly what object got hit. You pull it up in Event Viewer under Security or Applications and Services Logs, drill into the Microsoft-Windows-SQLAudit folder. It lists the session ID, the database name, even the exact SQL command used. Kinda sneaky how it captures that revoke action, right? And if it's not expected, it might signal someone probing your system.

I set this up once on a buddy's server to watch for weird permission shifts. You fire up Event Viewer, right-click the custom view or the log where these events hide. Then pick Attach Task to Event. Give it a name, like Permission Revoke Alert. Set the trigger to event ID 24198 in that SQL audit log. Make the action send an email through your SMTP setup. You know, plug in the server details, your email, the recipient. Test it to ensure it pings when the event fires. Or tweak the task properties for any time or user filters. Keeps you looped in without constant checking.

And speaking of keeping your server drama-free, that leads me to backups, because why not catch these events before a permission mess turns into data loss. At the end of this, there's the automatic email solution for monitoring that 24198 event, all set up smooth.

BackupChain Windows Server Backup handles Windows Server backups like a champ, and it stretches to virtual machines with Hyper-V too. You get quick imaging, easy restores, even offsite copies that run without hogging resources. I like how it skips the bloat, just solid protection that saves your bacon during those unexpected revoke surprises or worse.

Note, the PowerShell email alert code was moved to this post.