GUEST account in SQL Server

If you know that server level logins to a specific SQL Server instance are all trusted/authorised staff, then is there any risk at all in enabling the GUEST account on certain user databases. My understanding of GUEST was its not "anyone in the network", you need to already be a SQL server level login anyway, hence if they are all authorised, is there any risk whatsoever in leaving GUEST enabled on these databases?
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vitor MontalvãoMSSQL Senior EngineerCommented:
you need to already be a SQL server level login anyway,
Not true. The GUEST means anybody with no login will use GUEST login to access the SQL Server instance. There's a reason for why Microsoft disable this account by default. Enable it at your own risk.
microheadCommented:
In your case there would be no risk, if you really trust everyone. But if a new staff member joins the team they would also automatically gain access. Depending on your security, they would also be able to grant more rights to the guest account(up to sa) without your knowledge.

see:
https://support.microsoft.com/en-us/kb/2186935   

but to make thing interesting, also read the following:
https://support.microsoft.com/en-us/kb/2539091

Again MS let's us choose the best option for your situation. I would leave Guest security intact and disable the account. of course that's my two cents.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TimorosCommented:
You should not enable the Guest account for access in you SQL server.
It's better to create an account to access your databases and give it to the users that you want to have access.
Need More Insight Into What’s Killing Your Network

Flow data analysis from SolarWinds NetFlow Traffic Analyzer (NTA), along with Network Performance Monitor (NPM), can give you deeper visibility into your network’s traffic.

pma111Author Commented:
So a user with literally no access to the SQL Server whatsoever can access the database via the GUEST account?
pma111Author Commented:
top 2 respones some to contradict one another...
Vitor MontalvãoMSSQL Senior EngineerCommented:
Sorry, my comment was wrong. Guest account can be used by any existing SQL Server Login. So, if the Guest has more rights than another SQL Server Login it can be used to perform not permissioned actions.
draesCommented:
Same here. Any SQL user not mapped to a specific database. could use the guest account to gain access
EugeneZ ZhitomirskySQL SERVER EXPERTCommented:
you have everything what you need to know about
"Guest" sql user
from microhead post
as it said:
"guest" is sql server "default" built-in feature  for master, msdb, and tempb system databases:
 do not worry  about these system DBS
Just delete from user DBS ( including from model if you have)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server

From novice to tech pro — start learning today.