Geeks With Blogs
My Place For SQL Lets Talk SQL

It has been long time that I am back on my Blog... But trust me I missed it more than it might have missed me..

Okay here is a kwel  finding.. For those who are confused about Guest account in SQL server Databases..

Well we need GUEST account in Master and TEMPDB  ...  because when when we create login that person should get authenticated at least w.r.t Public Profile..  then onwards  suppose if he/she hasnt been added to any Database then he will keep on looking at Master DB from Public profile with no rights or rights conferred on Guest  Account.

IS IT A SECURITY THREAT? Partially  yes .. I feel so thats why I deny permission on all SYS OBJECT in these two Databases for Guest Account..  but it is mandatory to keep Guest account we cant remove it...

I wish Microsoft comes out with some other model and GUest account is taken off  because it effects DBAs thought process more than it effects my SQL Server 

 

 

Posted on Thursday, May 24, 2007 8:36 PM CHECK it | Back to top


Comments on this post: Why GUEST ACCOUNT SQL Server

# re: Why GUEST ACCOUNT SQL Server
Requesting Gravatar...
Try to disable the GUEST account. That way we are better off ...
Left by Vinod Kumar on May 24, 2007 6:57 PM

# re: Why GUEST ACCOUNT SQL Server
Requesting Gravatar...
Even in the 10 step to secure SQL it is not mentioned anywhere except Excessive rights...

https://www.microsoft.com/sql/prodinfo/previousversions/securingsqlserver.mspx

Only place which mentions about the Guest Accounts on Windows and Guest account on Master/tempDb is

http://www.sans.org/top20/2002/mssql_checklist.pdf

Looks better
Left by VeerJi wangoo on May 24, 2007 7:06 PM

Your comment:
 (will show your gravatar)


Copyright © Veer Ji Wangoo | Powered by: GeeksWithBlogs.net