Brandie Tarvin (4/16/2014)
Jeff Moden (4/16/2014)
Brandie Tarvin (4/16/2014)
I answered the OP before I fully read your post. Searching your error on Google, I found this article from TechNet. Does it help resolve your problem?Heh... I wish they'd take that article down. It's one of the major reasons why xp_CmdShell has gotten such a bad recommendation.
I lost track of this thread. I'll see what I can do but not until after work tonight.
Now you've got my interest piqued. Is the article technically wrong or is it just very poorly phrased?
The title starts off as "How to enable non-sysadmin accounts to execute the xp_cmdshell ...". What's the problem with that? From BOL...
The Windows process spawned by xp_cmdshell has the same security rights as the SQL Server service account.
Do you suppose that would allow the user to see and do things that they probably shouldn't?
I don't believe that any non_SA user should have such privs. It's easy enough to make a very well controlled stored procedure that will limit what a user can do with xp_CmdShell without actually having the privs to run xp_CmdShell directly in an unfettered manner with such elevated privs.
Yes, you can limit what a non-SA user can see or do by limiting the proxy account but there's only one proxy account. Users can see each other's stuff if they use xp_CmdShell directly.
--Jeff Moden
Change is inevitable... Change for the better is not.