This isn't one. It's revoked from public.

quote:

---

But I think I'm wrong about this, because if I was right, you could just run DENY SELECT ON SPT_SERVER_INFO TO GUEST in the master database if you wanted to lock this down.

---

In keeping with what I said:

REVOKE ALL ON [dbo].[spt_server_info] to public

The permissions given back to public:

GRANT SELECT on spt_values to public

GRANT EXEC on sp_MSHasDBAccess to public

quote:

---

By the way, I just used my sandbox server to conduct an interesting test. I turned on 'allow updates' and ripped guest out of sysusers. That was interesting. I think maybe I should've just changed it's status, but that would've required research. Am I the only one who tries stuff like this? Fortunately, I was barely clever enough to back out the cataclysmic problems that I was stupid enough to cause ... and like I said, it was just a sandbox anyway (and I had fresh backups of master!)...

---

Yup. I spent over a year doing this stuff every waking hour when I was working on a SQL Server Security book with APress (now cancelled, unfortunately, due to market and time constraints). Guest is in every database and the 0 or 1 determines whether it's active.

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide to SQL Server Performance Monitoring

http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1