Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SQL Default Login?

Status
Not open for further replies.
robWhitz

robWhitz

MIS
Oct 23, 2001
23
0
0
SG
Hi guys,

I executed the stored procedure 'xp_loginconfig' in the Master Database. It shows that the default login for the database is 'guest'. This is a security concern, as allowing 'guest' is as good as allowing annonymous access.

A couple of questions here:-
- Can I delete the 'guest' account in SQL Server?
- How can I change the default login to another account?

Would appreciate if someone can respond to my queries. I have searched the MS website, but can't seem to find the answers. Thanks!!
 
Sort by date Sort by votes
Hi

Here is some info on the Guest account:

guest User
The guest user account allows a login without a user account to access a database. A login assumes the identity of the guest user when both of the following conditions are met:

The login has access to an instance of Microsoft® SQL Server™ but does not have access to the database through his or her own user account.


The database contains a guest user account.
Permissions can be applied to the guest user as if it were any other user account. The guest user can be deleted and added to all databases except master and tempdb, where it must always exist. By default, a guest user account does not exist in newly created databases.

For example, to add a guest user account to a database named Accounts, run the following code in SQL Query Analyzer:

USE Accounts
GO
EXECUTE sp_grantdbaccess guest

-----

Therefore you can remove the Guest account from all your other databases with the following cmd:

Use Accounts
GO
EXEC sp_revokedbaccess guest

Another thing the guest users is defaulted to teh public dbrole, so if public doesn't have permissions on objects the guest user can't do to much damage.

Hope this helps

John

 
Upvote 0 Downvote
Hi John,

Thanks for your reply.

But just 2 questions:-
- If I were to remove guest from all other databases except master and tempdb, it does not resolve the issue on the default login. Can I change it?
- If I were to revoke guest from accessing master, what are the implications?

Cheers
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gbaughma
  • Locked
  • Question
SQL Performance
Replies
11
Views
167
pjw001
pjw001
V
  • Question
xp_cmdshell vs psexec - this SQL server forgets credential to an W10 share
Replies
0
Views
205
Volvere
V
elly00
  • Locked
  • Question
create sql view using batch file
Replies
5
Views
119
Mike Lewis
Mike Lewis
grnzbra
  • Locked
  • Question
T-SQL Dialog Box
Replies
8
Views
102
Chris Miller
Chris Miller
Andrzejek
  • Locked
  • Question
Eliminate pesky [ ] in SQL Management Studio
Replies
5
Views
119
SaltyTheFrog
SaltyTheFrog

Part and Inventory Search

Sponsor

Back
Top