Solved

Removing xp_cmdshell

Posted on 2006-11-21
10
286 Views
Last Modified: 2010-07-27
I have a SQL Server 2000 database that was recently audited and they suggested we remove the xp_cmdshell stored proc.  I don't think I have an issue with that because I am not using it for anything that I know of.  Can anyone tell me what the impact of removing that and how can I remove it in a perminate way.  

Thanks
Jym
0
Comment
Question by:jymmealey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 12

Expert Comment

by:Einstine98
ID: 17991021
No impact except that y ou can't run command shell scripts from within your SQL... if you are not using you may not need it for now.
0
 
LVL 2

Author Comment

by:jymmealey
ID: 17991105
I am using it at all, how do I remove it?
0
 
LVL 12

Accepted Solution

by:
Einstine98 earned 250 total points
ID: 17991128
try this : sp_dropextendedproc "xp_cmdshell"
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 2

Author Comment

by:jymmealey
ID: 17991154
I read that it would be possible to re-install the proc unless you remove the dll?   Any problems there?  Which dll?

Thanks
0
 
LVL 69

Assisted Solution

by:Scott Pletcher
Scott Pletcher earned 250 total points
ID: 17991246
You have to have 'sa' authority to use xp_cmdShell (or be GRANTed EXEC authority).  So, unless other users on the box have 'sa' authority, there is no danger to cmdshell, and it can come in handy for administrators at times.

Btw, if another user does have 'sa' authority, he/she might be able to re-add xp_cmdShell even if you deleted it (not sure about the details of that for a system xp like cmdshell, but it may be possible).
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 17991256
The .DLL is  xplog70.dll
0
 
LVL 2

Author Comment

by:jymmealey
ID: 17991684
Is there anything else in that DLL besides xp_cmdshell?

0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 17991722
That's a *good* q.  Not that I know of off the top of my head, but I have *not* investigated any.
0
 
LVL 12

Expert Comment

by:Einstine98
ID: 17991824
I wouldn't remove the DLL, this may cause Micorosoft to be unhappy and refuse support... (not sure, but I know with the sendmail one they used to refuse support...)

you can keep the dll with no right for anywone (including SQL) to access it and see what happens.
0
 
LVL 43

Expert Comment

by:Eugene Z
ID: 17992403
Agree with Einstine98 :
              the xp_cmdshell is very good proc for dba tasks:
you just need to keep it safe: review execute permissions,etc.



0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Incorrect syntax near the keyword 'INNER' 3 38
SQL syntax for max(date) 3 39
What is GIS method of Geometry data type? 6 36
SqlServer amend PK column 5 14
Let's review the features of new SQL Server 2012 (Denali CTP3). It listed as below: PERCENT_RANK(): PERCENT_RANK() function will returns the percentage value of rank of the values among its group. PERCENT_RANK() function value always in be…
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question