Solved

Removing xp_cmdshell

Posted on 2006-11-21
10
268 Views
Last Modified: 2010-07-27
I have a SQL Server 2000 database that was recently audited and they suggested we remove the xp_cmdshell stored proc.  I don't think I have an issue with that because I am not using it for anything that I know of.  Can anyone tell me what the impact of removing that and how can I remove it in a perminate way.  

Thanks
Jym
0
Comment
Question by:jymmealey
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 12

Expert Comment

by:Einstine98
ID: 17991021
No impact except that y ou can't run command shell scripts from within your SQL... if you are not using you may not need it for now.
0
 
LVL 2

Author Comment

by:jymmealey
ID: 17991105
I am using it at all, how do I remove it?
0
 
LVL 12

Accepted Solution

by:
Einstine98 earned 250 total points
ID: 17991128
try this : sp_dropextendedproc "xp_cmdshell"
0
 
LVL 2

Author Comment

by:jymmealey
ID: 17991154
I read that it would be possible to re-install the proc unless you remove the dll?   Any problems there?  Which dll?

Thanks
0
 
LVL 69

Assisted Solution

by:ScottPletcher
ScottPletcher earned 250 total points
ID: 17991246
You have to have 'sa' authority to use xp_cmdShell (or be GRANTed EXEC authority).  So, unless other users on the box have 'sa' authority, there is no danger to cmdshell, and it can come in handy for administrators at times.

Btw, if another user does have 'sa' authority, he/she might be able to re-add xp_cmdShell even if you deleted it (not sure about the details of that for a system xp like cmdshell, but it may be possible).
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 69

Expert Comment

by:ScottPletcher
ID: 17991256
The .DLL is  xplog70.dll
0
 
LVL 2

Author Comment

by:jymmealey
ID: 17991684
Is there anything else in that DLL besides xp_cmdshell?

0
 
LVL 69

Expert Comment

by:ScottPletcher
ID: 17991722
That's a *good* q.  Not that I know of off the top of my head, but I have *not* investigated any.
0
 
LVL 12

Expert Comment

by:Einstine98
ID: 17991824
I wouldn't remove the DLL, this may cause Micorosoft to be unhappy and refuse support... (not sure, but I know with the sendmail one they used to refuse support...)

you can keep the dll with no right for anywone (including SQL) to access it and see what happens.
0
 
LVL 42

Expert Comment

by:EugeneZ
ID: 17992403
Agree with Einstine98 :
              the xp_cmdshell is very good proc for dba tasks:
you just need to keep it safe: review execute permissions,etc.



0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now