• Out of the box installation is a stand-alone PC with the OS and 1 user account: the administrator. So in reality, until you create the user account (you wouldn't give a user root in a *nix system) or you join it to a domain, the end-user doesn't have rights to do anything.

    Keep in mind that OS files are protected, services aren't accessible, network and computer settings may be viewable, but they aren't changeable by an account that is just a member of users. Therefore, what the user can do is limited. Sure, the user can wipe out non-critical files (in the sense of the OS running), but then again, this can happen in the *nix world as well. When I create an account in the *nix world, thereby giving user access, usually the user has a home directory, etc. and it amounts basically to the same thing... not quite because the users tend to have access to files under \Program Files in the Windows world. So it's not as quite wide open as its painted to be.

    Also, from a SQL Server perspective, run a query to find out what the public role has access to. I also should point out that the guest account is active in the master database (it is necessary), meaning anyone you give the ability to log on to SQL Server has access to these tables and stored procedures.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley