• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 255
  • Last Modified:

Granting access to xp_cmdshell

I already know the cons of allowing access to xp_cmdshell but it currently can't be avoided.  That said, would it be better to set my SQL User as a SysAdmin or setup and use the xp_cmdshell_proxy_account?

Thanks
0
cat4larry
Asked:
cat4larry
1 Solution
 
Rainer JeschorCommented:
Hi,
imho I would use the proxy account. This enables you at least to restrict your SQL user permissions as normally this one should not have sysadmin privs (but it would depend on your specific situation).
Just my 2ct
Rainer
0
 
ZberteocCommented:
A sysadmin account has the rights to use xp_cmdshell if enabled. If is not enabled a sysadmin can enable it with:

-- To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
-- To update the currently configured value for advanced options.
RECONFIGURE
GO
-- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 1
GO
-- To update the currently configured value for this feature.
RECONFIGURE
GO

Open in new window

There are no cons really as long as only the sysadmin can use it, as it is actually designed for. A DBA, sysadmin, should have anyway right to do things on the server unless the policy of the company is to not allow at all OS rights for the DBAs, in which case they are not allowed to use it not that they couldn't.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now