Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Granting access to xp_cmdshell

Posted on 2013-11-09
2
Medium Priority
?
247 Views
Last Modified: 2013-11-14
I already know the cons of allowing access to xp_cmdshell but it currently can't be avoided.  That said, would it be better to set my SQL User as a SysAdmin or setup and use the xp_cmdshell_proxy_account?

Thanks
0
Comment
Question by:cat4larry
2 Comments
 
LVL 44

Accepted Solution

by:
Rainer Jeschor earned 2000 total points
ID: 39636925
Hi,
imho I would use the proxy account. This enables you at least to restrict your SQL user permissions as normally this one should not have sysadmin privs (but it would depend on your specific situation).
Just my 2ct
Rainer
0
 
LVL 27

Expert Comment

by:Zberteoc
ID: 39637065
A sysadmin account has the rights to use xp_cmdshell if enabled. If is not enabled a sysadmin can enable it with:

-- To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
-- To update the currently configured value for advanced options.
RECONFIGURE
GO
-- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 1
GO
-- To update the currently configured value for this feature.
RECONFIGURE
GO

Open in new window

There are no cons really as long as only the sysadmin can use it, as it is actually designed for. A DBA, sysadmin, should have anyway right to do things on the server unless the policy of the company is to not allow at all OS rights for the DBAs, in which case they are not allowed to use it not that they couldn't.
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question