By default, only members of the sysadmin
fixed server role can execute this extended stored procedure. You may, however, grant other users permission to execute this stored procedure.
is invoked by a user who is a member of the sysadmin
fixed server role, xp_cmdshell
will be executed under the security context in which the SQL Server service is running. When the user is not a member of the sysadmin
will impersonate the SQL Server Agent proxy account, which is specified using xp_sqlagent_proxy_account
. If the proxy account is not available, xp_cmdshell
will fail. This is true only for Microsoft® Windows NT® 4.0 and Windows 2000. On Windows 9.x, there is no impersonation and xp_cmdshell
is always executed under the security context of the Windows 9.x user who started SQL Server.
In earlier versions, a user who was granted execute permissions for xp_cmdshell
ran the command in the context of the MSSQLServer service's user account. SQL Server could be configured (through a configuration option) so that users who did not have sa
access to SQL Server could run xp_cmdshell
in the context of the SQLExecutiveCmdExec
Windows NT account. In SQL Server 7.0, the account is called SQLAgentCmdExec
. Users who are not members of the sysadmin
fixed server role now run commands in the context of this account without specifying a configuration change.
Execute permissions for xp_cmdshell
default to members of the sysadmin
fixed server role, but can be granted to other users.
If you choose to use a Windows NT account that is not a member of the local administrator's group for the MSSQLServer service, users who are not members of the sysadmin
fixed server role cannot execute xp_cmdshell