Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

Removing xp_cmdshell

I have a SQL Server 2000 database that was recently audited and they suggested we remove the xp_cmdshell stored proc.  I don't think I have an issue with that because I am not using it for anything that I know of.  Can anyone tell me what the impact of removing that and how can I remove it in a perminate way.  

Thanks
Jym
0
jymmealey
Asked:
jymmealey
  • 3
  • 3
  • 3
  • +1
2 Solutions
 
Einstine98Commented:
No impact except that y ou can't run command shell scripts from within your SQL... if you are not using you may not need it for now.
0
 
jymmealeyAuthor Commented:
I am using it at all, how do I remove it?
0
 
Einstine98Commented:
try this : sp_dropextendedproc "xp_cmdshell"
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
jymmealeyAuthor Commented:
I read that it would be possible to re-install the proc unless you remove the dll?   Any problems there?  Which dll?

Thanks
0
 
Scott PletcherSenior DBACommented:
You have to have 'sa' authority to use xp_cmdShell (or be GRANTed EXEC authority).  So, unless other users on the box have 'sa' authority, there is no danger to cmdshell, and it can come in handy for administrators at times.

Btw, if another user does have 'sa' authority, he/she might be able to re-add xp_cmdShell even if you deleted it (not sure about the details of that for a system xp like cmdshell, but it may be possible).
0
 
Scott PletcherSenior DBACommented:
The .DLL is  xplog70.dll
0
 
jymmealeyAuthor Commented:
Is there anything else in that DLL besides xp_cmdshell?

0
 
Scott PletcherSenior DBACommented:
That's a *good* q.  Not that I know of off the top of my head, but I have *not* investigated any.
0
 
Einstine98Commented:
I wouldn't remove the DLL, this may cause Micorosoft to be unhappy and refuse support... (not sure, but I know with the sendmail one they used to refuse support...)

you can keep the dll with no right for anywone (including SQL) to access it and see what happens.
0
 
Eugene ZCommented:
Agree with Einstine98 :
              the xp_cmdshell is very good proc for dba tasks:
you just need to keep it safe: review execute permissions,etc.



0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 3
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now