As a matter of security, it is typically recommended to disable the guest account across your user databases. For system databases, of course you have a tough time disabling guest access for tempdb
and master
, which are peripherally required for a lot of different types of activity. You have probably felt quite confident in disabling guest access to msdb
as well, but this might be more trouble than it's worth, for the same reason: guest access to msdb
is required for some SQL Server functionality to work. This applies to SQL Server 2005, 2008, 2008 R2, 2012 and, almost certainly, beyond.
Yesterday, Microsoft published a KB article to underscore this point, and to complement the advice found in Books Online. It describes the types of symptoms you might see (or that your users might be experiencing, but not complaining loudly enough about – yet) if you disable guest access to msdb:
Here is a somewhat relevant article in Books Online (and I recommend browsing all of the checklists). Note that the "Limiting Access to Data" checklist does not cover this topic as specifically as the KB article might otherwise imply:
There may be far more overwhelming factors to consider when implementing security in your environment, and you might already have a tight enough reign on access that this isn't a concern. But if disabling the guest account is part of your policy, make sure you are aware of the consequences.
Hey AaronBertrand thanks, I will 😉
I would take a look at this article, it covers a few bases:
http://www.mssqltips.com/tip.asp?tip=1172
I still don't really get how disabling guest users in a DB might increase your security? And is this also the case in .i.e. MySQL databases?
I'm not really a pro on this…