patternsqlMinor
When executing a command via xp_cmdshell what user issues the command to the system?
Viewed 0 times
executingthewhatissuesusersystemxp_cmdshellviawhencommand
Problem
I'm executing the following command to stop a service on a remote server from within a stored procedure in SQL Server.
Depending on the service sometimes this executes successfully but other times I receive the following error:
Im curious what user executes the command. Is it the user I login/connect with to the database? Or is it the user Im logged onto the physical server with? Can I pass in different authentication with the
----------------
-- Stop Service
----------------
SET @Command = 'sc \\' + @Server + ' stop ' + @ServiceName;
EXEC master.dbo.xp_cmdshell @Command;Depending on the service sometimes this executes successfully but other times I receive the following error:
[SC] OpenService FAILED 5:
NULL
Access is denied.
NULL
NULLIm curious what user executes the command. Is it the user I login/connect with to the database? Or is it the user Im logged onto the physical server with? Can I pass in different authentication with the
xp_cmdshell?Solution
From xp_cmdshell (Transact-SQL) in the product documentation:
The Windows process spawned by xp_cmdshell has the same security rights as the SQL Server service account.
When it is called by a user that is not a member of the sysadmin fixed server role, xp_cmdshell connects to Windows by using the account name and password stored in the credential named ##xp_cmdshell_proxy_account##. If this proxy credential does not exist, xp_cmdshell will fail.
See the full entry for the steps you need to take to set up the
The Windows process spawned by xp_cmdshell has the same security rights as the SQL Server service account.
When it is called by a user that is not a member of the sysadmin fixed server role, xp_cmdshell connects to Windows by using the account name and password stored in the credential named ##xp_cmdshell_proxy_account##. If this proxy credential does not exist, xp_cmdshell will fail.
See the full entry for the steps you need to take to set up the
xp_cmdshell proxy account.Context
StackExchange Database Administrators Q#137041, answer score: 7
Revisions (0)
No revisions yet.