Guest Login

  • Hi,

    I want to know whether it is correct to drop Guest Login from MasterDB Users (Ofcourse It is just member of Public Role).

    Any suggestions will be appriciated.

    SaNaZ

  • Should be fine. If you need to grant permissions to everyone, you will need to reenable it.

    Steve Jones

    sjones@sqlservercentral.com

    http://www.sqlservercentral.com/columnists/sjones

  • WHoops. Missed that. Disable the account then.

    Steve Jones

    sjones@sqlservercentral.com

    http://www.sqlservercentral.com/columnists/sjones

  • Hi,

    Tanx for all reply 🙂

    SaNaZ

  • I'm busy doing an inhouse security doc and I have a question regarding the guest account. When I click on the guest login account it shows the guest user as having databases access to some of my custom db's. When I try remove (untick) access, I get "The name guest was not found in the users collection . . ." So I tried doing a sp_grantdbaccess and then a sp_dropuser, after which it says "user has been dropped" but if I do a query on sysusers it's still there. MS says "by default the guest account does not have access to model and therefore the guest user does not have access to any of the new databases. This does not seem the case, any ideas how I can remove guest from my db's?.

  • The guest account, like dbo, will be in sysusers because it is a special account. However, even though the entry is in sysusers, the guest account doesn't necessarily have access. SQL Server takes some additional measures with respect to the "guest" user. Here are some code excerpts which show it's supposed to be in sysusers:

    From sp_grantdbaccess:

    
    
    -- CHECK FOR SPECIAL USER GUEST --
    if @name_in_db = 'guest'
    begin
    -- ERROR IF NOT USER, OR ALREADY ADDED --
    if @loginame <> 'guest'
    begin
    raiserror(15062,-1,-1)
    return(1)
    end
    if exists (select * from sysusers where hasdbaccess = 1 and name = 'guest')
    begin
    raiserror(15023,-1,-1,'guest')
    return (1)
    end
    
    
    -- ENABLE USER GUEST --
    update sysusers set status = (status & ~1) | 2, updatedate = getdate()
    where name = 'guest'
    return (0)
    end

    From sp_revokedbaccess:

    
    
    -- DROP USER: SPECIAL HANDLING FOR GUEST (REMOVE HASDBACCESS) --
    if lower(@name_in_db) = 'guest'
    update sysusers set status = status & ~2, updatedate = getdate()
    where uid = user_id('guest')

    K. Brian Kelley

    bkelley@sqlservercentral.com

    http://www.sqlservercentral.com/columnists/bkelley/

    K. Brian Kelley
    @kbriankelley

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply