locking down public and guest accounts
-
I'm trying to COMPLETELY!! lock down the guest & public accounts so that when I create a new user (without any privledges what so ever) that new user can't access anything. The problem I see is that no matter what I do, the new user can still access certain system tables in the master database. I don't want anyone having access to the master database what so ever.
Here is what I did to lock down both accounts. I denied all from both the guest and puclic accounts, then revoke connect from the guest account, then I disabled the guest account in the computer management console in administrative tools.
Am I doing something wrong?
EXEC sp_MSforeachdb 'use
deny all from guest'EXEC sp_MSforeachdb 'use
deny all from public'EXEC sp_MSforeachdb
'use
if db_id() not between 1 and 2 begin REVOKE CONNECT FROM GUEST end' -
My opinion would be to say if you do not want some one to see anything in your db do not create the account in the first place .
-
I realize that...but I want to be the one to give them their permissions, not any defaults to give them permissions.
-
At a minimum, the user must have access to their default database. If you don't want them to see anything in master, create an empty database and make it their default.
deny all from guest'Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply