Solved

Restricting cmdexec in Sql 2005 to the sysadmin

Posted on 2011-03-17
7
1,080 Views
Last Modified: 2012-05-11
I am trying to find a way to restrict the cmdexec to the sysadmin only in SQL 2005,  I have SQL 2005 standard and express, is this possible with these version.  thank you.
0
Comment
Question by:rdare23
  • 4
  • 3
7 Comments
 
LVL 16

Expert Comment

by:EvilPostIt
ID: 35158075
If you are refering to xp_cmdshell. This is already done by default. The only way a non-sysadmin can execute xp_cmdshell is by create a proxy.
0
 
LVL 1

Author Comment

by:rdare23
ID: 35158794
I am not sure if it is the xp_cmdshell.  we had a review done and one of things was to make sure that "Access to the SQL cmdexec service should be restricted to the systadmin user account."  
0
 
LVL 16

Expert Comment

by:EvilPostIt
ID: 35158819
hmmmmmm, have they mentioned if it is being used or is this just a guideline?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 16

Assisted Solution

by:EvilPostIt
EvilPostIt earned 500 total points
ID: 35158851
Check under SQL Server agent > Proxies > Operating System (CmdExec)

If there is nothing under there, there would be no access unless the user was a member of the sysadmin server role.
0
 
LVL 1

Accepted Solution

by:
rdare23 earned 0 total points
ID: 35165927
One of the DBs, that is referenced in the review, is on a 2005 express setup, and the sql server agent is not installed. Can I say that the cmdexec can only be accessed by sysadmin?
0
 
LVL 16

Assisted Solution

by:EvilPostIt
EvilPostIt earned 500 total points
ID: 35165983
This is fine as long as sp_xp_cmdshell_proxy_account has not been executed.

Do the following to check if a credential name of ##xp_cmdshell_proxy_account## exists. If not then a global proxy has not been setup and there would be no access unless part of the sysadmin fixed server role.

SELECT * FROM master.sys.credentials

Open in new window

0
 
LVL 1

Author Closing Comment

by:rdare23
ID: 35196660
Thank you, EvilPostIt.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question