Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

GUEST account and cmdexec

I need an SQL for 2008 R2 to list all databases on an instance, and whether the GUEST account is enabled in these DB or not.

Also I need a way to determine if cmdexec is available to the PUBLIC role, ideally via a query.
ASKER CERTIFIED SOLUTION
Avatar of EugeneZ
EugeneZ
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of EugeneZ
EugeneZ
Flag of United States of America image
please clarify Q#2
      
Do you mean cmdexec in the context of a SQL Agent job? Or xp_cmdshell extended proc

check for now

MS Article
INF: SQL Security - Restricting access to public on server/database objects, its implications and ownership chains
http://blogs.msdn.com/b/sqlserverfaq/archive/2010/08/31/inf-sql-security-restricting-access-to-public-on-server-database-objects-its-implications-and-ownership-chains.aspx

---You can use the following query to check server permissions for public role,

SELECT
State_Desc, Permission_Name, class_desc,
COALESCE(OBJECT_NAME(major_id),DB_NAME(major_id)) SecurableName, SCHEMA_NAME(O.schema_id) [Schema],
Grantees.Name GranteeName, Grantees.Type_Desc GranteeType
FROM sys.server_permissions Perms
INNER JOIN sys.server_principals Grantees ON Perms.Grantee_Principal_Id = Grantees.Principal_Id
LEFT OUTER JOIN sys.all_objects O ON Perms.major_id = O.object_id
where Grantees.Name = 'public'
ORDER BY SecurableName

Open in new window

Avatar of Vitor Montalvão
Vitor Montalvão
Flag of Switzerland image
pma111, do you still need help with this question?