HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

When executing a command via xp_cmdshell what user issues the command to the system?

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
executingthewhatissuesusersystemxp_cmdshellviawhencommand

Problem

I'm executing the following command to stop a service on a remote server from within a stored procedure in SQL Server.

----------------
-- Stop Service
----------------
SET @Command = 'sc \\' + @Server + ' stop ' + @ServiceName;
EXEC master.dbo.xp_cmdshell @Command;


Depending on the service sometimes this executes successfully but other times I receive the following error:

[SC] OpenService FAILED 5:
NULL
Access is denied.
NULL
NULL


Im curious what user executes the command. Is it the user I login/connect with to the database? Or is it the user Im logged onto the physical server with? Can I pass in different authentication with the xp_cmdshell?

Solution

From xp_cmdshell (Transact-SQL) in the product documentation:

The Windows process spawned by xp_cmdshell has the same security rights as the SQL Server service account.

When it is called by a user that is not a member of the sysadmin fixed server role, xp_cmdshell connects to Windows by using the account name and password stored in the credential named ##xp_cmdshell_proxy_account##. If this proxy credential does not exist, xp_cmdshell will fail.

See the full entry for the steps you need to take to set up the xp_cmdshell proxy account.

Context

StackExchange Database Administrators Q#137041, answer score: 7

Revisions (0)

No revisions yet.