3.2 Ensure CONNECT permissions on the 'guest' user is Revoked within all SQL Server databases excluding the master, msdb and tempdb

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Remove the right of the guest user to connect to SQL Server databases, except for master, msdb, and tempdb.


A login assumes the identity of the guest user when a login has access to SQL Server but does not have access to a database through its own account and the database has a guest user account. Revoking the CONNECT permission for the guest user will ensure that a login is not able to access database information without explicit access to do so.


When CONNECT permission to the guest user is revoked, a SQL Server instance login must be mapped to a database user explicitly in order to have access to the database.


The following code snippet revokes CONNECT permissions from the guest user in a database. Replace <database_name> as appropriate:

USE <database_name>;

Default Value:

The guest user account is added to each new database but without CONNECT permission by default.

See Also