Thanks Brian,

I'm not so concerned with Access users hitting my box, but I am concerned with breaking something inside SQL itself.

I have to admin that prior to sifting through the master database I didn't even know that sp_Tables existed. I always used SELECT Name FROM SysObjects WHERE Type='U'

I feel ignorance is probably the biggest security problem. When I did the SQL 6.5 courses security was dealt with at a beginners level i.e. "Thou shalt not use the SA account", but it wasn't gone into in any great depth. I don't know if the course content has changed much for SQL 2000.

I feel that SQL Security could not be covered adequately in one day and therefore there should be a SQL Course especially for security.