Remove the right of the guest user to connect to SQL Server databases, except for master, msdb, and tempdb. Rationale: A login assumes the identity of the guest user when a login has access to SQL Server but does not have access to a database through its own account and the database has a guest user account. Revoking the CONNECT permission for the guest user will ensure that a login is not able to access database information without explicit access to do so. Impact: When CONNECT permission to the guest user is revoked, a SQL Server instance login must be mapped to a database user explicitly in order to have access to the database.
The following code snippet revokes CONNECT permissions from the guest user in a database. Replace <database_name> as appropriate: USE <database_name>; GO REVOKE CONNECT FROM guest; Default Value: The guest user account is added to each new database but without CONNECT permission by default.