Solved

Removing xp_cmdshell

Posted on 2006-11-21
10
273 Views
Last Modified: 2010-07-27
I have a SQL Server 2000 database that was recently audited and they suggested we remove the xp_cmdshell stored proc.  I don't think I have an issue with that because I am not using it for anything that I know of.  Can anyone tell me what the impact of removing that and how can I remove it in a perminate way.  

Thanks
Jym
0
Comment
Question by:jymmealey
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 12

Expert Comment

by:Einstine98
ID: 17991021
No impact except that y ou can't run command shell scripts from within your SQL... if you are not using you may not need it for now.
0
 
LVL 2

Author Comment

by:jymmealey
ID: 17991105
I am using it at all, how do I remove it?
0
 
LVL 12

Accepted Solution

by:
Einstine98 earned 250 total points
ID: 17991128
try this : sp_dropextendedproc "xp_cmdshell"
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Author Comment

by:jymmealey
ID: 17991154
I read that it would be possible to re-install the proc unless you remove the dll?   Any problems there?  Which dll?

Thanks
0
 
LVL 69

Assisted Solution

by:Scott Pletcher
Scott Pletcher earned 250 total points
ID: 17991246
You have to have 'sa' authority to use xp_cmdShell (or be GRANTed EXEC authority).  So, unless other users on the box have 'sa' authority, there is no danger to cmdshell, and it can come in handy for administrators at times.

Btw, if another user does have 'sa' authority, he/she might be able to re-add xp_cmdShell even if you deleted it (not sure about the details of that for a system xp like cmdshell, but it may be possible).
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 17991256
The .DLL is  xplog70.dll
0
 
LVL 2

Author Comment

by:jymmealey
ID: 17991684
Is there anything else in that DLL besides xp_cmdshell?

0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 17991722
That's a *good* q.  Not that I know of off the top of my head, but I have *not* investigated any.
0
 
LVL 12

Expert Comment

by:Einstine98
ID: 17991824
I wouldn't remove the DLL, this may cause Micorosoft to be unhappy and refuse support... (not sure, but I know with the sendmail one they used to refuse support...)

you can keep the dll with no right for anywone (including SQL) to access it and see what happens.
0
 
LVL 42

Expert Comment

by:EugeneZ
ID: 17992403
Agree with Einstine98 :
              the xp_cmdshell is very good proc for dba tasks:
you just need to keep it safe: review execute permissions,etc.



0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Let's review the features of new SQL Server 2012 (Denali CTP3). It listed as below: PERCENT_RANK(): PERCENT_RANK() function will returns the percentage value of rank of the values among its group. PERCENT_RANK() function value always in be…
I have a large data set and a SSIS package. How can I load this file in multi threading?
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question