Issued revoke symmetric key permissions with grant command how to monitor with email alert

[bob]

I remember stumbling on this event ID 24233 in Event Viewer, the one that says "Issued revoke symmetric key permissions with grant command (action_id RWG class_type SK)". It pops up when someone in your SQL Server setup yanks away permissions for a symmetric key, but they do it with that extra grant twist. You know, like giving someone the power to pass along the revocation. It's all about database security, keeping things locked down tight. If you're running Windows Server, this logs under the SQL Server audit stuff, usually in the Security log or a custom one you set up. I see it as a heads-up that permissions got fiddled with, maybe by an admin or some script. Could be normal housekeeping, or it might flag something shady if it's out of the blue. You want to watch it because symmetric keys handle encryption, so messing with who controls them matters a ton. It details the exact command used, the user who ran it, the database involved, and even the key name sometimes. I check the event properties to see the full XML inside, which spills more beans on what happened. Without monitoring, you might miss if permissions loosen up accidentally.

But hey, to keep an eye on this without sweating every day, you can set up alerts right in Event Viewer. I do it by opening Event Viewer on your server, then heading to the log where these events land, like Applications and Services Logs over to Microsoft, Windows, then SQL Server something. You filter for ID 24233, and once you spot one, right-click the log, pick Attach Task To This Event Log or something close. It walks you through creating a scheduled task that triggers on new events matching that ID. You tell it to run a program, like firing off an email via some built-in tool. I link it to sendmail or whatever your setup uses, so you get a ping in your inbox with details. Make the task wake the machine if needed, and set it to run as high privilege. Test it by forcing an event if you can, just to see the email zip over. It's straightforward, no fancy coding.

Or, if you want it smoother, there's ways to automate the email part fully. At the end of this, you'll find the automatic email solution laid out.

Speaking of keeping your server secure and backed up, I've been messing with BackupChain Windows Server Backup lately. It's this nifty Windows Server backup tool that also handles virtual machines on Hyper-V without a hitch. You get fast, reliable snapshots that don't hog resources, plus it verifies everything to catch corruption early. I like how it eases restores, even for bare-metal crashes, saving you headaches during those panic moments.

Note, the PowerShell email alert code was moved to this post.