Solved

Removing xp_cmdshell

Posted on 2006-11-21
10
282 Views
Last Modified: 2010-07-27
I have a SQL Server 2000 database that was recently audited and they suggested we remove the xp_cmdshell stored proc.  I don't think I have an issue with that because I am not using it for anything that I know of.  Can anyone tell me what the impact of removing that and how can I remove it in a perminate way.  

Thanks
Jym
0
Comment
Question by:jymmealey
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 12

Expert Comment

by:Einstine98
ID: 17991021
No impact except that y ou can't run command shell scripts from within your SQL... if you are not using you may not need it for now.
0
 
LVL 2

Author Comment

by:jymmealey
ID: 17991105
I am using it at all, how do I remove it?
0
 
LVL 12

Accepted Solution

by:
Einstine98 earned 250 total points
ID: 17991128
try this : sp_dropextendedproc "xp_cmdshell"
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 2

Author Comment

by:jymmealey
ID: 17991154
I read that it would be possible to re-install the proc unless you remove the dll?   Any problems there?  Which dll?

Thanks
0
 
LVL 69

Assisted Solution

by:Scott Pletcher
Scott Pletcher earned 250 total points
ID: 17991246
You have to have 'sa' authority to use xp_cmdShell (or be GRANTed EXEC authority).  So, unless other users on the box have 'sa' authority, there is no danger to cmdshell, and it can come in handy for administrators at times.

Btw, if another user does have 'sa' authority, he/she might be able to re-add xp_cmdShell even if you deleted it (not sure about the details of that for a system xp like cmdshell, but it may be possible).
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 17991256
The .DLL is  xplog70.dll
0
 
LVL 2

Author Comment

by:jymmealey
ID: 17991684
Is there anything else in that DLL besides xp_cmdshell?

0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 17991722
That's a *good* q.  Not that I know of off the top of my head, but I have *not* investigated any.
0
 
LVL 12

Expert Comment

by:Einstine98
ID: 17991824
I wouldn't remove the DLL, this may cause Micorosoft to be unhappy and refuse support... (not sure, but I know with the sendmail one they used to refuse support...)

you can keep the dll with no right for anywone (including SQL) to access it and see what happens.
0
 
LVL 42

Expert Comment

by:Eugene Z
ID: 17992403
Agree with Einstine98 :
              the xp_cmdshell is very good proc for dba tasks:
you just need to keep it safe: review execute permissions,etc.



0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Having an SQL database can be a big investment for a small company. Hardware, setup and of course, the price of software all add up to a big bill that some companies may not be able to absorb.  Luckily, there is a free version SQL Express, but does …
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question