Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Granting access to xp_cmdshell

Posted on 2013-11-09
2
Medium Priority
?
244 Views
Last Modified: 2013-11-14
I already know the cons of allowing access to xp_cmdshell but it currently can't be avoided.  That said, would it be better to set my SQL User as a SysAdmin or setup and use the xp_cmdshell_proxy_account?

Thanks
0
Comment
Question by:cat4larry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 44

Accepted Solution

by:
Rainer Jeschor earned 2000 total points
ID: 39636925
Hi,
imho I would use the proxy account. This enables you at least to restrict your SQL user permissions as normally this one should not have sysadmin privs (but it would depend on your specific situation).
Just my 2ct
Rainer
0
 
LVL 27

Expert Comment

by:Zberteoc
ID: 39637065
A sysadmin account has the rights to use xp_cmdshell if enabled. If is not enabled a sysadmin can enable it with:

-- To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
-- To update the currently configured value for advanced options.
RECONFIGURE
GO
-- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 1
GO
-- To update the currently configured value for this feature.
RECONFIGURE
GO

Open in new window

There are no cons really as long as only the sysadmin can use it, as it is actually designed for. A DBA, sysadmin, should have anyway right to do things on the server unless the policy of the company is to not allow at all OS rights for the DBAs, in which case they are not allowed to use it not that they couldn't.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have a large data set and a SSIS package. How can I load this file in multi threading?
An alternative to the "For XML" way of pivoting and concatenating result sets into strings, and an easy introduction to "common table expressions" (CTEs). Being someone who is always looking for alternatives to "work your data", I came across this …
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
Viewers will learn how the fundamental information of how to create a table.

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question