July 14, 2011 at 12:13 am
Hi All,
we are having production server auditing in place. i am getting RED mark for few SQL instances because of the existence of guest login in that. please help me to delete the guest login from sql server 2005 instances.. i have disabled the guest login but i have asked to remove it .. is there any way ?:crying:
July 14, 2011 at 1:40 am
The short answer would be don't do it.
SQL 2005 needs the guest user at least in master and tempdb (and in some cases msdb too) in order to work properly. You can disable (or even remove) the guest user in all of you're user databases, but with system databases you I would advise to leave them.
And don't remove guest from the model database either, because if you do that only sysadmins will have access to your tempdb after the next server restart.
You can find some more information about this at
http://www.mssqltips.com/tip.asp?tip=1172
and
http://support.microsoft.com/kb/2539091/en-us
[font="Verdana"]Markus Bohse[/font]
July 18, 2011 at 3:54 am
Your auditors need to be educated that the Guest login is needed for system databases and should result in a red mark if it is NOT present. This may also apply to databases that are critical to SQL Server operation but are not flagged as system databases, such as the Report Services databasees, MDS database, Semantic Search database, etc.
For user databases the Guest login is a security issue and should result in a red mark if it IS present. Using a one-size-fits-all approach to the Guest login for SQL Server does not give the right answer for the audit.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
July 18, 2011 at 4:55 am
[font="Times New Roman"]
Guest account can not be deleted but you can disable it.
[/font]
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply