Someone got into one of our servers and executed a query along the lines of
select exec('nc.exe -a bunch of parameters') from ...;
which apparently was an attempt to get access to run other commands on one of our Windows 2003 Servers.

We are working on all of the issues as to how they managed to get into the server and get access to run queries in the first place.

However, on top of that, we would like to disable the ability for anyone to ever run a query that could launch another program. This is not something we would ever use this database for. Is there anyway to do that - that couldn't be easily undone by someone getting the ability to run a query as root and just giving themselves permission again? Of course, we're hoping to get all the other measures in place so that noone can ever get that kind of access... but we thought we'd taken care of that before this.

Thanks for any suggestions on this,
Corey