Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

xp_cmdshell Expand / Collapse
Author
Message
Posted Monday, November 26, 2007 10:04 PM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, March 6, 2014 2:38 AM
Points: 398, Visits: 2,423
How can i disable this command and any other related commands??

"-=Still Learning=-"

Lester Policarpio

Post #426147
Posted Monday, November 26, 2007 10:20 PM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, March 13, 2014 5:49 AM
Points: 1,391, Visits: 608
see the Setting Server Configuration section on SQL BOL or see the link: http://msdn2.microsoft.com/en-us/library/ms189631.aspx
or use Surface area configuration in SQL 2005



Post #426155
Posted Monday, November 26, 2007 10:26 PM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, March 6, 2014 2:38 AM
Points: 398, Visits: 2,423
Thank you very much....

"-=Still Learning=-"

Lester Policarpio

Post #426160
Posted Monday, November 26, 2007 10:37 PM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Monday, June 23, 2014 6:03 AM
Points: 1,154, Visits: 866
this will disable the xp_cmdshell command.
===============================
EXECUTE sp_configure 'xp_cmdshell', 0
RECONFIGURE

For configuring more option use
EXECUTE sp_configure this will help to know which options you can configure.

( available in both SQL 2000 & 2005 )
You can also use Surface area Config In 2005.
Post #426165
Posted Wednesday, November 28, 2007 3:00 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Today @ 3:26 AM
Points: 2,879, Visits: 3,227
I noticed this is in the SQL 2000 forum and the erplies have all used SQL 2005 facilities...

The best way to disable xp_cmdshell in SQL 2000 or SQL 7 is to revoke execution to the Public role in master. This means that only those people who have explicit execute access to xp-cmdshell, plus those with sysadmin rights, can execute xp-cmdshell.


Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2014, 2012, 2008 R2, 2008 and 2005. 28 July 2014: now over 30,000 downloads.
Disclaimer: All information provided is a personal opinion that may not match reality.
Concept: "Pizza Apartheid" - the discrimination that separates those who earn enough in one day to buy a pizza if they want one, from those who can not.
Post #426782
Posted Monday, December 17, 2007 7:53 PM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, March 6, 2014 2:38 AM
Points: 398, Visits: 2,423
Hi.. I ran this command to disable xp_cmdshell in MSSQL 2000
-- To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
-- To update the currently configured value for advanced options.
RECONFIGURE
GO
-- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 0-- 0 for disable, 1 for enable
GO
-- To update the currently configured value for this feature.
RECONFIGURE
GO

But it gave me an error message like this :

Configuration option 'show advanced options' changed from 1 to 1. Run the RECONFIGURE statement to install.
Server: Msg 15123, Level 16, State 1, Procedure sp_configure, Line 79
The configuration option 'xp_cmdshell' does not exist, or it may be an advanced option.

Valid configuration options are:


I tried to execute xp_cmdshell and its still working what other ways can i do to disable this command?? because it can cause some serious damage once enable and used in a wrong way...


"-=Still Learning=-"

Lester Policarpio

Post #434122
Posted Tuesday, December 18, 2007 2:21 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Today @ 3:26 AM
Points: 2,879, Visits: 3,227
sp_configure 'xp_cmdshell' is only available in SQL 2005 and above.

In SQL 2000, the best way to disable xp_cmdshell is to modify its permissions in master to prevent use by Public. This will still allow sysadmin users to run xp_cmdshell.

To stop sysadmin users running it, drop the extended proc xp_cmdshell. This will prevent anyone running it. It you do drop the proc, make sure you know how to re-instate it if needed.


Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2014, 2012, 2008 R2, 2008 and 2005. 28 July 2014: now over 30,000 downloads.
Disclaimer: All information provided is a personal opinion that may not match reality.
Concept: "Pizza Apartheid" - the discrimination that separates those who earn enough in one day to buy a pizza if they want one, from those who can not.
Post #434175
Posted Tuesday, December 18, 2007 3:33 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, March 6, 2014 2:38 AM
Points: 398, Visits: 2,423
Thanks for the answer EdVassie... :)

"-=Still Learning=-"

Lester Policarpio

Post #434190
Posted Tuesday, January 17, 2012 2:05 PM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Tuesday, August 5, 2014 1:46 PM
Points: 321, Visits: 1,279
great very helpful
thanks


Aim to inspire rather than to teach.
SQL Server DBA
Post #1237522
Posted Monday, May 6, 2013 4:02 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 6:07 PM
Points: 37,080, Visits: 31,642
EdVassie (12/18/2007)
sp_configure 'xp_cmdshell' is only available in SQL 2005 and above.

In SQL 2000, the best way to disable xp_cmdshell is to modify its permissions in master to prevent use by Public. This will still allow sysadmin users to run xp_cmdshell.

To stop sysadmin users running it, drop the extended proc xp_cmdshell. This will prevent anyone running it. It you do drop the proc, make sure you know how to re-instate it if needed.


Hey, Ed! I know this is an old post but do you know of any sure-fire way to prevent "SA" users from using xp_CmdShell if they decide they want to turn it on?


--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1449919
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse