Thanks for that, I particularly like the closing statement "...and pray!".

It mentions three or four extended stored procs to block.

I notice xp_dirtree isn't documented anywhere. Come to think of it there are a hell of a lot of stored procs that simply aren't documented.

I am tempted to create a role in the master database called copypublic and copy the permissions from public into copypublic.

I can then revoke the permissions on various procs until something breaks safe in the knowledge that at least I have a definitive list of permissions somewhere.