Lock the Back Door Too

Lock the Back Door Too

An extended stored procedure called xp_cmdshell causes SQL Server to spawn a command shell and execute the command given as a parameter. For example, xp_cmdshell ‘dir c:mssqlackup’ would return a listing of the files in the backup directory. In general, this utility is useful for administrators. What you must be aware of is that the command executes with the privileges of the account under which SQL Agent executes. Since this account is typically a member of the administrator group, a user could wreak tremendous havoc (“I didn’t realize that format c: would cause any problems! Really!”).

To limit this command to administrators, Right click on the SQL Server Agent Icon in Enterprise Manager and choose “properties” from the menu. Choose the job system tab. At the bottom there will be a checkbox next to text that reads “Only users with Sysadmin privileges can execute CmdExec and ActiveScripting jobs here.” Make sure the checkbox is filled in.

See also  Redefining Energy Management: Advanced Solutions for Modern Buildings

About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist