Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

GUEST account and cmdexec

I need an SQL for 2008 R2 to list all databases on an instance, and whether the GUEST account is enabled in these DB or not.

Also I need a way to determine if cmdexec is available to the PUBLIC role, ideally via a query.
Avatar of EugeneZ
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
please clarify Q#2
Do you mean cmdexec in the context of a SQL Agent job? Or xp_cmdshell extended proc

check for now

MS Article
INF: SQL Security - Restricting access to public on server/database objects, its implications and ownership chains

---You can use the following query to check server permissions for public role,

State_Desc, Permission_Name, class_desc,
COALESCE(OBJECT_NAME(major_id),DB_NAME(major_id)) SecurableName, SCHEMA_NAME(O.schema_id) [Schema],
Grantees.Name GranteeName, Grantees.Type_Desc GranteeType
FROM sys.server_permissions Perms
INNER JOIN sys.server_principals Grantees ON Perms.Grantee_Principal_Id = Grantees.Principal_Id
LEFT OUTER JOIN sys.all_objects O ON Perms.major_id = O.object_id
where Grantees.Name = 'public'
ORDER BY SecurableName

Open in new window

pma111, do you still need help with this question?