Results 1 to 2 of 2
  1. #1
    Join Date
    Dec 2003
    Posts
    24

    Unanswered: Executing xp_cmdshell

    Hi ,

    I want to execute xp_cmdshell from normal sql server account not sysadmin member in SQL Server 2000. I had give execute privileges on xp_cmdshell to normal account... but its not working...

    Is it possible to execute xp_cmdshell from non sysadmin member account in SQL Server2000...

    Thanks in advance...

    -Mohit.

  2. #2
    Join Date
    Jan 2004
    Location
    In a large office with bad lighting
    Posts
    1,040
    Quoted from BOL:


    By default, only members of the sysadmin fixed server role can execute this extended stored procedure. You may, however, grant other users permission to execute this stored procedure.

    When xp_cmdshell is invoked by a user who is a member of the sysadmin fixed server role, xp_cmdshell will be executed under the security context in which the SQL Server service is running. When the user is not a member of the sysadmin group, xp_cmdshell will impersonate the SQL Server Agent proxy account, which is specified using xp_sqlagent_proxy_account. If the proxy account is not available, xp_cmdshell will fail. This is true only for Microsoft® Windows NT® 4.0 and Windows 2000. On Windows 9.x, there is no impersonation and xp_cmdshell is always executed under the security context of the Windows 9.x user who started SQL Server.



    [img]mk:@MSITStore:C:Program%20FilesMicrosoft%20SQL%20S erver80ToolsBookstsqlref.chm::/Basics/note.gif[/img]

    Note In earlier versions, a user who was granted execute permissions for xp_cmdshell ran the command in the context of the MSSQLServer service's user account. SQL Server could be configured (through a configuration option) so that users who did not have sa access to SQL Server could run xp_cmdshell in the context of the SQLExecutiveCmdExec Windows NT account. In SQL Server 7.0, the account is called SQLAgentCmdExec. Users who are not members of the sysadmin fixed server role now run commands in the context of this account without specifying a configuration change.





    Permissions

    Execute permissions for xp_cmdshell default to members of the sysadmin fixed server role, but can be granted to other users.



    [img]mk:@MSITStore:C:Program%20FilesMicrosoft%20SQL%20S erver80ToolsBookstsqlref.chm::/Basics/important.gif[/img]

    Important If you choose to use a Windows NT account that is not a member of the local administrator's group for the MSSQLServer service, users who are not members of the sysadmin fixed server role cannot execute xp_cmdshell.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •