When using SQL Server Management Studio to connect to a SQL2000 database using a user/password that has only permissions for its database and default permission on the master database, it lists all the databases on the server, not a huge problem.
Though if you right click your database and go to "Tasks" >> "Back Up..." now click the "Add" button under destination and in the "Select Database Destination" dialogue click the "..." button.
You are now able to browse the entire drives file stucture.
You are also able to overwrite other backup files or restore other backup files from any other database.
If I do this with Enterprise Manager I get the following error :
error 229: EXECUTE permission denied on object 'xp_availablemedia', database 'master', owner 'dbo'
And with Enterprise Manager I only see a list of databases I have access to.
Anybody got any suggestions on how to make my SQL2000 servers more secure?