Removing xp_cmdshell

I have a SQL Server 2000 database that was recently audited and they suggested we remove the xp_cmdshell stored proc.  I don't think I have an issue with that because I am not using it for anything that I know of.  Can anyone tell me what the impact of removing that and how can I remove it in a perminate way.  

Thanks
Jym
LVL 2
jymmealeyAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Einstine98Connect With a Mentor Commented:
try this : sp_dropextendedproc "xp_cmdshell"
0
 
Einstine98Commented:
No impact except that y ou can't run command shell scripts from within your SQL... if you are not using you may not need it for now.
0
 
jymmealeyAuthor Commented:
I am using it at all, how do I remove it?
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
jymmealeyAuthor Commented:
I read that it would be possible to re-install the proc unless you remove the dll?   Any problems there?  Which dll?

Thanks
0
 
Scott PletcherConnect With a Mentor Senior DBACommented:
You have to have 'sa' authority to use xp_cmdShell (or be GRANTed EXEC authority).  So, unless other users on the box have 'sa' authority, there is no danger to cmdshell, and it can come in handy for administrators at times.

Btw, if another user does have 'sa' authority, he/she might be able to re-add xp_cmdShell even if you deleted it (not sure about the details of that for a system xp like cmdshell, but it may be possible).
0
 
Scott PletcherSenior DBACommented:
The .DLL is  xplog70.dll
0
 
jymmealeyAuthor Commented:
Is there anything else in that DLL besides xp_cmdshell?

0
 
Scott PletcherSenior DBACommented:
That's a *good* q.  Not that I know of off the top of my head, but I have *not* investigated any.
0
 
Einstine98Commented:
I wouldn't remove the DLL, this may cause Micorosoft to be unhappy and refuse support... (not sure, but I know with the sendmail one they used to refuse support...)

you can keep the dll with no right for anywone (including SQL) to access it and see what happens.
0
 
Eugene ZCommented:
Agree with Einstine98 :
              the xp_cmdshell is very good proc for dba tasks:
you just need to keep it safe: review execute permissions,etc.



0
All Courses

From novice to tech pro — start learning today.