Understanding the Guest Username
I said at the beginning of this article that a login doesn't allow you to access any databases, and yet when you log in, you can access all the system databases as well as the sample pubs and Northwind databases. How is this possible? You can do so because of the guest username.
Running sp_grantdbaccess 'guest' in a database adds a special user account known as guest to the database. Notice this guest account in the results of the sp_helpuser system stored procedure in Figure 1. You can also see that it's not mapped back to a login; it's mapped to a NULL login. It's a special user and not subject to normal rules. When a guest user account exists in a database, any login that requests access to the database and doesn't have a username specifically created in the database (either via group membership or an individual account) is allowed in as guest. Hence, during setup, a guest account is built into each default database on your server.
You can't remove the guest username from the master or tempdb database. If you did, where would a user go when she had a login but no specific database access?