| From the query prompt: |
SELECT name AS [Database Name]
WHERE name NOT IN ('tempdb', 'ReportServerTempDB')
AND state = 0
Repeat for each database:
From the query prompt:
USE [Database Name]
SELECT s.name AS [Schema], o.name AS [Object], u.type_desc AS [TYPE], o.create_date AS [Create Date]
FROM sys.schemas s
JOIN sys.database_principals u ON s.principal_id = u.principal_id
JOIN sys.all_objects o ON s.schema_id = o.schema_id
WHERE u.name NOT IN ('dbo', 'INFORMATION_SCHEMA', 'sys')
AND o.is_ms_shipped = 0
ORDER BY s.name, o.name, o.create_date
View the list of objects listed by the queries above. If any object creation dates do not coincide with the software maintenance and upgrade logs or are not objects documented as supporting dynamic object creation functions, investigate the circumstances under which the object was created. If the object is created using static definitions to store temporary data or indicates that the application uses unauthorized DDL statements, this is a Finding.
The results of these queries will just give an indication of what objects were created since the database installation or its most recent upgrade. It should not be used as a complete result. For example, using the queries listed above, application objects created with the database installation will not be reported as well as objects owned by default application owner accounts.
If the creation dates are more recent than the installation or latest upgrade of the application, the application may be using DDL statements.
If the listed objects are not documented in the System Security Plan, this is a Finding.