{"id":18356,"date":"2022-08-08T15:30:11","date_gmt":"2022-08-08T13:30:11","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=18356"},"modified":"2022-09-21T14:54:36","modified_gmt":"2022-09-21T12:54:36","slug":"sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/","title":{"rendered":"SQL Server Security: Check if the guest is active on all user-databases through the CMS"},"content":{"rendered":"\n
Today, a customer asks me to have look on each SQL Server instance to control if the user-database Guest is active or not. The easiest way is to go through the CMS (Central Management Servers) with a query but witch query\u2026.<\/p>\n\n\n\n
The CIS (Center for Internet Security) provides guidance to secure SQL Server.<\/p>\n\n\n\n
One of the points is to ensure that the CONNECT permission on the GUEST user database is Revoked within all SQL Server databases excluding the master, msdb and tempdb.<\/p>\n\n\n\n
CIS give a query to verify the status of this permission with sys.database_permissions.<\/p>\n\n\n\n
I suggest to use a more simple request with the value hasdbaccess from the system view sys.sysusers.<\/p>\n\n\n\n
The result is the same because the value hasdbaccess is at 1 if the user has the CONNECT permission and 0 if not. I think is more readable on this way.<\/p>\n\n\n\n
I use sp_MSforeachdb to go through all databases and create a temporary table to put in the result. After I just filter it on the value hasdbaccess.<\/p>\n\n\n\n
Create table #temp\n(\n\tdatabase_name sysname,\n\tname sysname,\n\thasdbaccess int\n)\n\ninsert into #Temp\nexec sp_MSforeachdb N'select ''[?]'' as database_name, name, hasdbaccess from [?].sys.sysusers WHERE name = ''guest'''\n\nSELECT * from #temp where hasdbaccess=1\n\nSELECT * from #temp where hasdbaccess=0\n\ndrop table #temp\n<\/code><\/pre>\n\n\n\n
Example:<\/p>\n\n\n\n<\/figure>\n\n\n\n
The most important is that model and every user database has 0.<\/p>\n\n\n\n
Let the system databases master, tempdb and msdb with the connect permission to the database-user guest. It can be some issues, if you revoke it from the master or msdb.<\/p>\n","protected":false},"excerpt":{"rendered":"
Today, a customer asks me to have look on each SQL Server instance to control if the user-database Guest is active or not. The easiest way is to go through the CMS (Central Management Servers) with a query but witch query\u2026. The CIS (Center for Internet Security) provides guidance to secure SQL Server. One of […]<\/p>\n","protected":false},"author":15,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[229,149,99],"tags":[2564,2550],"type_dbi":[],"class_list":["post-18356","post","type-post","status-publish","format-standard","hentry","category-database-administration-monitoring","category-security","category-sql-server","tag-security-3","tag-sql-server-2"],"acf":[],"yoast_head":"\n
SQL Server Security: Check if the guest is active on all user-databases through the CMS - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SQL Server Security: Check if the guest is active on all user-databases through the CMS\" \/>\n<meta property=\"og:description\" content=\"Today, a customer asks me to have look on each SQL Server instance to control if the user-database Guest is active or not. The easiest way is to go through the CMS (Central Management Servers) with a query but witch query\u2026. The CIS (Center for Internet Security) provides guidance to secure SQL Server. One of […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-08T13:30:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-21T12:54:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/image-5.png\" \/>\n<meta name=\"author\" content=\"St\u00e9phane Haby\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"St\u00e9phane Haby\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/\"},\"author\":{\"name\":\"St\u00e9phane Haby\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b\"},\"headline\":\"SQL Server Security: Check if the guest is active on all user-databases through the CMS\",\"datePublished\":\"2022-08-08T13:30:11+00:00\",\"dateModified\":\"2022-09-21T12:54:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/\"},\"wordCount\":229,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/image-5.png\",\"keywords\":[\"Security\",\"SQL Server\"],\"articleSection\":[\"Database Administration & Monitoring\",\"Security\",\"SQL Server\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/\",\"name\":\"SQL Server Security: Check if the guest is active on all user-databases through the CMS - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/image-5.png\",\"datePublished\":\"2022-08-08T13:30:11+00:00\",\"dateModified\":\"2022-09-21T12:54:36+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#primaryimage\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/image-5.png\",\"contentUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/image-5.png\",\"width\":604,\"height\":310},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Server Security: Check if the guest is active on all user-databases through the CMS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b\",\"name\":\"St\u00e9phane Haby\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g\",\"caption\":\"St\u00e9phane Haby\"},\"description\":\"St\u00e9phane Haby has more than ten years of experience in Microsoft solutions. He is specialized in SQL Server technologies such as installation, migration, best practices, and performance analysis etc. He is also an expert in Microsoft Business Intelligence solutions such as SharePoint, SQL Server and Office. Futhermore, he has many years of .NET development experience in the banking sector and other industries. In France, he was one of the first people to have worked with Microsoft Team System. He has written several technical articles on this subject. St\u00e9phane Haby is Microsoft Most Valuable Professional (MVP) as well as Microsoft Certified Solutions Associate (MCSA) and\u00a0Microsoft Certified Solutions Expert (MCSE) for SQL Server 2012. He is also Microsoft Certified Technology Specialist (MCTS) and Microsoft Certified IT Professional (MCITP) for SQL Server 2008 as well as ITIL Foundation V3 certified. He holds a Engineer diploma in industrial computing and automation from France. His branch-related experience covers Chemicals & Pharmaceuticals, Banking \/ Financial Services, and many other industries.\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/stephane-haby\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SQL Server Security: Check if the guest is active on all user-databases through the CMS - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/","og_locale":"en_US","og_type":"article","og_title":"SQL Server Security: Check if the guest is active on all user-databases through the CMS","og_description":"Today, a customer asks me to have look on each SQL Server instance to control if the user-database Guest is active or not. The easiest way is to go through the CMS (Central Management Servers) with a query but witch query\u2026. The CIS (Center for Internet Security) provides guidance to secure SQL Server. One of […]","og_url":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/","og_site_name":"dbi Blog","article_published_time":"2022-08-08T13:30:11+00:00","article_modified_time":"2022-09-21T12:54:36+00:00","og_image":[{"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/image-5.png","type":"","width":"","height":""}],"author":"St\u00e9phane Haby","twitter_card":"summary_large_image","twitter_misc":{"Written by":"St\u00e9phane Haby","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/"},"author":{"name":"St\u00e9phane Haby","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b"},"headline":"SQL Server Security: Check if the guest is active on all user-databases through the CMS","datePublished":"2022-08-08T13:30:11+00:00","dateModified":"2022-09-21T12:54:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/"},"wordCount":229,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/image-5.png","keywords":["Security","SQL Server"],"articleSection":["Database Administration & Monitoring","Security","SQL Server"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/","url":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/","name":"SQL Server Security: Check if the guest is active on all user-databases through the CMS - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/image-5.png","datePublished":"2022-08-08T13:30:11+00:00","dateModified":"2022-09-21T12:54:36+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/image-5.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/image-5.png","width":604,"height":310},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-check-if-the-guest-is-active-on-all-user-databases-through-the-cms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"SQL Server Security: Check if the guest is active on all user-databases through the CMS"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b","name":"St\u00e9phane Haby","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g","caption":"St\u00e9phane Haby"},"description":"St\u00e9phane Haby has more than ten years of experience in Microsoft solutions. He is specialized in SQL Server technologies such as installation, migration, best practices, and performance analysis etc. He is also an expert in Microsoft Business Intelligence solutions such as SharePoint, SQL Server and Office. Futhermore, he has many years of .NET development experience in the banking sector and other industries. In France, he was one of the first people to have worked with Microsoft Team System. He has written several technical articles on this subject. St\u00e9phane Haby is Microsoft Most Valuable Professional (MVP) as well as Microsoft Certified Solutions Associate (MCSA) and\u00a0Microsoft Certified Solutions Expert (MCSE) for SQL Server 2012. He is also Microsoft Certified Technology Specialist (MCTS) and Microsoft Certified IT Professional (MCITP) for SQL Server 2008 as well as ITIL Foundation V3 certified. He holds a Engineer diploma in industrial computing and automation from France. His branch-related experience covers Chemicals & Pharmaceuticals, Banking \/ Financial Services, and many other industries.","url":"https:\/\/www.dbi-services.com\/blog\/author\/stephane-haby\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/18356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=18356"}],"version-history":[{"count":1,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/18356\/revisions"}],"predecessor-version":[{"id":18360,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/18356\/revisions\/18360"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=18356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=18356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=18356"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=18356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/image-5.png\")
<\/figure>\n\n\n\n