Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Error-CreateProcessAsUser on xp_cmdshell Expand / Collapse
Author
Message
Posted Tuesday, April 1, 2014 8:41 AM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, June 9, 2014 12:27 AM
Points: 184, Visits: 3,815
Hi All,

XP_cmdshell is working fine in our environment with a non-sysadmin account. But recently the server got restarted and the xp_cmdshell works under a sys-admin login but throws the below error, if I am trying to execute with non-sysadmin account. No setting changes on user or server level is done while restarting the server.

An error occurred during the execution of xp_cmdshell. A call to 'CreateProcessAsUser' failed with error code: '1314'.

I have dropped the proxy account and recreated it again. But no luck.


---------------------------------------------------
Thanks,
Satheesh.
Post #1557037
Posted Tuesday, April 1, 2014 3:55 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 7:48 AM
Points: 36,759, Visits: 31,214
Satheesh E.P. (4/1/2014)
XP_cmdshell is working fine in our environment with a non-sysadmin account.


I don't know about your specific problem but I have to tell you that giving a non-sysadmin account privs to execute xp_CmdShell directly is one of the worst things for security that you could ever do. You should have the user only have the privs to run a protected stored procedure that runs xp_CmdShell in a safe and limited manner.

It's for things like this that xp_CmdShell has gotten such a bad name.


--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1557253
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse