Comments on: SQL SERVER – Identifying guest User using Policy Based Management

By: SQL SERVER – Weekly Series – Memory Lane – #018 | SQL Server Journey with SQL Authority

Sat, 02 Mar 2013 01:31:26 +0000

[...] Identifying guest User using Policy Based Management One of the requests I received was whether we could create a policy that would prevent users unable guest user in user databases. Well, here is a quick tutorial to answer this. Let us see how quickly we can do it. [...]

By: Brent McCracken

Brent McCracken — Wed, 16 Jan 2013 00:14:35 +0000

This is already covered by one of the Microsoft Best Practice Policies – Guest Permissions

By: dineshvishe1Dinesh

dineshvishe1Dinesh — Wed, 02 Jan 2013 04:52:39 +0000

I am sys admin of server still Error come like’ can not create the trigger ‘syspolicy_server_trigger’,because you do not have permission’.what permission required?

By: Ashish jain

Ashish jain — Tue, 28 Feb 2012 05:42:31 +0000

Hello Sir,

This is very Good post. I learnt about using policy based management after reading this post. This looks very strong feature indeed. Thanks for this gyaan.

Following is the answer of your question, according to me.

First Condition should be like this..

1) First Condition

Facet: User
Expression:
@Name = ‘guest’
AND @hasDBAccess = False

2) Second Condition

Facet: Database
Expression:
@Name != ‘msdb’
AND @Name != ‘tempdb’
AND @Name != ‘master’

Thanks,
Ashish

By: Ganesh Narim

Ganesh Narim — Mon, 27 Feb 2012 05:47:46 +0000

Thank you sir,

my guess is right on this topic..????

and my best friend and myself we both are awaiting for your reply on this..!!!

http://blog.sqlauthority.com/2012/02/26/sql-server-standards-support-protocol-data-portability-3-important-sql-server-documentations-for-downloads/#comments

Please suggest him..!!!

By: pinaldave

pinaldave — Mon, 27 Feb 2012 05:25:47 +0000

I agree my friend.

I fixed it. It was indeed a typo and I missed it.

By: Subramanya Sharma

Subramanya Sharma — Mon, 27 Feb 2012 04:55:57 +0000

We can merge condition 1 and 2 as one condition. As the facets of the conditions are same, we can combine using the And operator. By this we can implement the same thing in two conditions.

By: Ganesh Narim

Ganesh Narim — Mon, 27 Feb 2012 04:41:04 +0000

Hi Pinal Sir,

I guess the only databases that should ever have the guest account enabled are databases the ‘master’,'msdb’ and ‘tempdb’ databases.These enables users access to create job’s,temporary objects,and connect to SQL server. so only the guest user have permissions by default in the ‘model’ database because ‘model’ is template for the all databases so this guest user will include all new databases.

So I think this is the best way to clear the guest user….!!!!

If i’m not wrong that above code should be like with…(!=) instead of (=), screen shot is Ok sir.

Facet: Database
Expression:
@Name != ‘msdb’
AND @Name != ‘tempdb’
AND @Name != ‘master’

Thanks.