If you disable the guest user, please read this!
April 29th, 20113
If you disable the guest user, please read this!
April 29th, 20113
 
 

As a matter of security, it is typically recommended to disable the guest account across your user databases. For system databases, of course you have a tough time disabling guest access for tempdb and master, which are peripherally required for a lot of different types of activity. You have probably felt quite confident in disabling guest access to msdb as well, but this might be more trouble than it's worth, for the same reason: guest access to msdb is required for some SQL Server functionality to work. This applies to SQL Server 2005, 2008, 2008 R2, 2012 and, almost certainly, beyond.

Yesterday, Microsoft published a KB article to underscore this point, and to complement the advice found in Books Online. It describes the types of symptoms you might see (or that your users might be experiencing, but not complaining loudly enough about – yet) if you disable guest access to msdb:

Here is a somewhat relevant article in Books Online (and I recommend browsing all of the checklists). Note that the "Limiting Access to Data" checklist does not cover this topic as specifically as the KB article might otherwise imply:

There may be far more overwhelming factors to consider when implementing security in your environment, and you might already have a tight enough reign on access that this isn't a concern. But if disabling the guest account is part of your policy, make sure you are aware of the consequences.

By: Aaron Bertrand

I am a passionate technologist with industry experience dating back to Classic ASP and SQL Server 6.5. I am a long-time Microsoft MVP, write at Simple Talk, SQLPerformance, and MSSQLTips, and have had the honor of speaking at more conferences than I can remember. In non-tech life, I am a husband, a father of two, a huge hockey and football fan, and my pronouns are he/him.

3 Responses

  1. Livetvkijken says:

    Hey AaronBertrand thanks, I will 😉

  2. AaronBertrand says:

    I would take a look at this article, it covers a few bases:
    http://www.mssqltips.com/tip.asp?tip=1172

  3. Livetvijken says:

    I still don't really get how disabling guest users in a DB might increase your security? And is this also the case in .i.e. MySQL databases?
    I'm not really a pro on this…