• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 323
  • Last Modified:

Removing xp_cmdshell

I have a SQL Server 2000 database that was recently audited and they suggested we remove the xp_cmdshell stored proc.  I don't think I have an issue with that because I am not using it for anything that I know of.  Can anyone tell me what the impact of removing that and how can I remove it in a perminate way.  

Thanks
Jym
0
jymmealey
Asked:
jymmealey
  • 3
  • 3
  • 3
  • +1
2 Solutions
 
Einstine98Commented:
No impact except that y ou can't run command shell scripts from within your SQL... if you are not using you may not need it for now.
0
 
jymmealeyAuthor Commented:
I am using it at all, how do I remove it?
0
 
Einstine98Commented:
try this : sp_dropextendedproc "xp_cmdshell"
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
jymmealeyAuthor Commented:
I read that it would be possible to re-install the proc unless you remove the dll?   Any problems there?  Which dll?

Thanks
0
 
Scott PletcherSenior DBACommented:
You have to have 'sa' authority to use xp_cmdShell (or be GRANTed EXEC authority).  So, unless other users on the box have 'sa' authority, there is no danger to cmdshell, and it can come in handy for administrators at times.

Btw, if another user does have 'sa' authority, he/she might be able to re-add xp_cmdShell even if you deleted it (not sure about the details of that for a system xp like cmdshell, but it may be possible).
0
 
Scott PletcherSenior DBACommented:
The .DLL is  xplog70.dll
0
 
jymmealeyAuthor Commented:
Is there anything else in that DLL besides xp_cmdshell?

0
 
Scott PletcherSenior DBACommented:
That's a *good* q.  Not that I know of off the top of my head, but I have *not* investigated any.
0
 
Einstine98Commented:
I wouldn't remove the DLL, this may cause Micorosoft to be unhappy and refuse support... (not sure, but I know with the sendmail one they used to refuse support...)

you can keep the dll with no right for anywone (including SQL) to access it and see what happens.
0
 
Eugene ZCommented:
Agree with Einstine98 :
              the xp_cmdshell is very good proc for dba tasks:
you just need to keep it safe: review execute permissions,etc.



0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 3
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now