Browse DevX
Sign up for e-mail newsletters from DevX

Tip of the Day
Language: Enterprise
Expertise: Intermediate
May 11, 1999



Building the Right Environment to Support AI, Machine Learning and Deep Learning

Lock the Back Door Too

An extended stored procedure called xp_cmdshell causes SQL Server to spawn a command shell and execute the command given as a parameter. For example, xp_cmdshell 'dir c:\mssql\backup' would return a listing of the files in the backup directory. In general, this utility is useful for administrators. What you must be aware of is that the command executes with the privileges of the account under which SQL Agent executes. Since this account is typically a member of the administrator group, a user could wreak tremendous havoc ("I didn't realize that format c: would cause any problems! Really!").

To limit this command to administrators, Right click on the SQL Server Agent Icon in Enterprise Manager and choose "properties" from the menu. Choose the job system tab. At the bottom there will be a checkbox next to text that reads "Only users with Sysadmin privileges can execute CmdExec and ActiveScripting jobs here." Make sure the checkbox is filled in.

Joseph Lax
Thanks for your registration, follow us on our social networks to keep up-to-date