SQL injection with sql 2000 sp3

[dsan <dsan () dev ugc-labs co uk>]

hey all, 

I'm struggling with a test on a app that uses sql2k with sp3.
im able to do execute SELECT statements with no problem, yet when i try with anything else i get syntax error messages 
(even though they seem to be valid statements)

when trying the traditional @@version i get,

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
<snip> Incorrect syntax near '@@version@


Has sp3 changed all the rights for the default user to only allow SELECT queries, or are there options you can do to 
remove all these options from the DB?


Appreciate any help on this