Configures all of the settings required by the SQL 2014 Draft STIG excluding the Logon Trigger requirement (I find this to essentially break everytime) and TDE.

Run both the Set-SQLInstanceStigItems and Set-SQLDatabaseStigItems to completely STIG the Instance. Requires some prior setup for Database Mail and Windows Groups.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name SqlStig -RequiredVersion

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More


Michael Haken


(c) 2016 . All rights reserved.

Package Details



Set-SQLInstanceStigItems Set-SQLDatabaseStigItems Set-SQLInstanceForceEncryption Set-SQLInstanceDatabaseFilePermissions Set-SQLInstanceInstallationFilesPermissionsAndAuditing Set-SQLInstanceAuditFilePermissions Set-SQLInstanceAuditors Set-SQLInstanceAuditing Set-SQLDatabaseAuditing Set-SQLInstanceManagementRoles Rename-SQLInstanceAccount Disable-SQLInstanceAccount Set-SQLInstanceXPCmdShell Set-SQLInstanceLoginPasswordPolicies Set-SQLInstanceProtocols Set-SQLInstanceDefaultTrace Add-SQLInstanceLogin Add-SQLInstanceServerRole New-SQLInstanceJobCategory New-SQLAgentJob New-SQLAgentJobStep New-SQLAgentJobSchedule Set-SQLDatabaseTrustworthy Get-SQLInstanceServerRoleMembership New-SQLDatabaseDDLTrigger Get-SQLInstanceErrorLogPath Get-SQLServer Get-SQLInstanceVersion Get-SQLInstanceDetails Get-SQLInstanceDataDirectories Get-SQLInstanceDefaultTraceFile Get-SQLInstanceAuditCommandText Get-SQLDatabaseDdlTriggerCommandText New-SQLInstanceDatabaseDirectoryAccessRuleSet New-SQLInstanceAuditLogAccessRuleSet New-SQLInstanceInstallationDirectoryAccessRuleSet New-SQLInstanceInstallationDirectoryAuditRuleSet Get-SQLAuditObjectTypes Import-SqlModule Get-AccountSid Set-FilePermissions Reset-InheritedPermissions Set-Auditing Where-NotMatchIn


This module has no dependencies.

Release Notes

Updated several cmdlets to not use Invoke-SqlCmd and fixed some minor bugs. Allowed the Get-SQLServer command to accept a credential for connecting to SQL authentication logins and also added a port parameter.


Version History

Version Downloads Last updated 1,112 3/4/2017 31 3/2/2017 217 5/13/2016 (current version) 15 5/12/2016 17 5/11/2016