Calvin Day
asked on
xp_cmdshell MD Make Dir Access is denied
Trying to create a new sub fold on another computer on the same domain.
Created a Domain User Account xpcmd. Granted full control to the target drive and folder to Domain User Account xpcmd.
EXECUTE AS LOGIN = 'domain\xpcmd'
EXEC master..xp_cmdshell 'MD "\\NetworkComputer\c$\Temp \Test"'
GO
REVERT
GO
This has been tried on two different domains and networks. One being a Windows 7 Box as a target, the other being another Windows 2003 SQL 2005 Server as the target.
In every case still returns “Access is denied.”
Created a Domain User Account xpcmd. Granted full control to the target drive and folder to Domain User Account xpcmd.
EXECUTE AS LOGIN = 'domain\xpcmd'
EXEC master..xp_cmdshell 'MD "\\NetworkComputer\c$\Temp
GO
REVERT
GO
This has been tried on two different domains and networks. One being a Windows 7 Box as a target, the other being another Windows 2003 SQL 2005 Server as the target.
In every case still returns “Access is denied.”
ASKER
>>Have you enabled xp_cmdshell ?
Yes.
>>Is the startup account for the SQL Server
Local System account
Yes.
>>Is the startup account for the SQL Server
Local System account
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Daniel_PL, suggestion is consistent with Microsoft Documentation and one would expect it to work.
However acperkins final comment is the silver bullet.
Creating a new SQLAdmins Domain user account with the required privileges.
Changing the SQL Server Service to run under that account mitigates the problem.
This did require a Server Reboot to fully take effect.
Somehow I knew this was going to be the answer, just don’t like making changes to a production server.
Thanx,
Folk’s,
Greg
However acperkins final comment is the silver bullet.
Creating a new SQLAdmins Domain user account with the required privileges.
Changing the SQL Server Service to run under that account mitigates the problem.
This did require a Server Reboot to fully take effect.
Somehow I knew this was going to be the answer, just don’t like making changes to a production server.
Thanx,
Folk’s,
Greg
Sure. Maybe I didn't wrote this clearly enough. I tried to show you how SQL Server works, besides creating dedicated domain account is really just another good practise which you can find in MS documentations which you've just mentioned. My answer didn't require reboot so you could use it in working enviroment.
In production there are many different cases, so by me, it's good to know a little more just as I tried to say about the case.
Take care,
Daniel
In production there are many different cases, so by me, it's good to know a little more just as I tried to say about the case.
Take care,
Daniel
Is the startup account for the SQL Server service a domain account or Local System account?