Blitz Result: Linked Servers Configured
Linked servers let your users query from one SQL Server to another (or even to other database platforms.) There’s nothing wrong with linked servers by themselves, but often they get set up using powerful logins. People set up a linked server over to another server, set it up to use the SA login by default, and then they don’t realize that every query that gets executed across those linked servers uses SA permissions.
This part of our SQL Server sp_Blitz script checks sys.servers looking for is_linked = 1.
To Fix the Problem
You have to investigate each linked server to check its security configuration. We can’t easily tell from SQL whether we’re using a login that’s a sysadmin (or just an overly powerful login) on another server. You can check each one by going into SQL Server Management Studio, Server Objects, Linked Servers. Right-click on each server and look at its security information. That’s the account it’s using to connect to the other SQL Server.
If that account has more permissions than you’re comfortable with on the other server, start asking questions about what permissions it really needs.