<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQL Server 2005
»
Administering
»
XP_cmdshell error.
33 posts, Page 1 of 4
1
2
3
4
»
»»
XP_cmdshell error.
Rate Topic
Display Mode
Topic Options
Author
Message
JMSM
JMSM
Posted Wednesday, January 30, 2008 5:03 AM
SSC-Enthusiastic
Group: General Forum Members
Last Login: Tuesday, May 21, 2013 5:03 AM
Points: 185,
Visits: 751
Hello,
Can you tell me how can i give permissions for the execution of the xp_cmdshell to one user without give the sysadmin permission. This problem appears because theres an apicatioon(app user) that needs to execute some operating system task but i cant give this privilege to users.
I give the grant execution on the xp_cmdshell but it gives me the following error.
Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1
The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.
(0 row(s) affected)
Thanks and regards.
jmsm;)
Post #449285
Andras Belokosztolszki
Andras Belokosztolszki
Posted Wednesday, January 30, 2008 5:28 AM
Ten Centuries
Group: General Forum Members
Last Login: Thursday, January 26, 2012 5:26 AM
Points: 1,367,
Visits: 1,585
JMSM (1/30/2008)
Hello,
Can you tell me how can i give permissions for the execution of the xp_cmdshell to one user without give the sysadmin permission. This problem appears because theres an apicatioon(app user) that needs to execute some operating system task but i cant give this privilege to users.
I give the grant execution on the xp_cmdshell but it gives me the following error.
Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1
The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.
(0 row(s) affected)
Thanks and regards.
jmsm;)
If the user is not in the sysadmin role SQL Server will need to you need use a proxy account. You can set this up using sp_xp_cmdshell_proxy_account (see
http://msdn2.microsoft.com/en-us/library/ms190359.aspx
)
Regards,
Andras
Andras Belokosztolszki, MCPD, PhD
GoldenGate Software
Post #449292
sunshine-587009
sunshine-587009
Posted Friday, March 28, 2008 11:47 AM
Old Hand
Group: General Forum Members
Last Login: Friday, May 17, 2013 12:47 PM
Points: 360,
Visits: 1,072
I've tried this and users still get the following error.
Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1
the xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.
Any idea what else it could be?
¤ §unshine ¤
Post #476322
Mohan Kumar
Mohan Kumar
Posted Friday, March 28, 2008 11:55 AM
Ten Centuries
Group: General Forum Members
Last Login: Thursday, January 03, 2013 4:44 PM
Points: 1,336,
Visits: 595
are you sure you specified valid account? did you follow syntax shown below to create account?:
EXEC sp_xp_cmdshell_proxy_account 'MyDomain\MyUserName', 'myDomainPassword'
--
www.sqlvillage.com
Post #476326
sunshine-587009
sunshine-587009
Posted Friday, March 28, 2008 12:02 PM
Old Hand
Group: General Forum Members
Last Login: Friday, May 17, 2013 12:47 PM
Points: 360,
Visits: 1,072
Yes, however it is a windows user id and i did not enter a password. Is that incorrect?
¤ §unshine ¤
Post #476329
Mohan Kumar
Mohan Kumar
Posted Friday, March 28, 2008 12:06 PM
Ten Centuries
Group: General Forum Members
Last Login: Thursday, January 03, 2013 4:44 PM
Points: 1,336,
Visits: 595
yes, you should enter password while creating it.
--
www.sqlvillage.com
Post #476332
sunshine-587009
sunshine-587009
Posted Friday, March 28, 2008 12:10 PM
Old Hand
Group: General Forum Members
Last Login: Friday, May 17, 2013 12:47 PM
Points: 360,
Visits: 1,072
Any password? I used a group windows authenticated account. all developers can access everything via this account rather than being individually assigned security. Less maintenance.
¤ §unshine ¤
Post #476335
K. Brian Kelley
K. Brian Kelley
Posted Friday, March 28, 2008 12:31 PM
Keeper of the Duck
Group: Moderators
Last Login: 2 days ago @ 1:55 PM
Points: 6,584,
Visits: 1,789
You must put the correct password for the Windows account you've specified will be the proxy account. And yes, when a non-Sysadmin runs xp_cmdshell, xp_cmdshell will execute as this Windows account and only this Windows account. So be careful with respect to what rights it has.
K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of
Introduction to SQL Server: Basic Skills for Any SQL Server User
|
Professional Development blog
|
Technical Blog
|
LinkedIn
|
Twitter
Post #476348
sunshine-587009
sunshine-587009
Posted Friday, March 28, 2008 12:36 PM
Old Hand
Group: General Forum Members
Last Login: Friday, May 17, 2013 12:47 PM
Points: 360,
Visits: 1,072
ok. I'll have to talk to whoever setup this account. They just all log in with their individual windows account and have access.
thanks!
¤ §unshine ¤
Post #476354
sunshine-587009
sunshine-587009
Posted Friday, March 28, 2008 1:30 PM
Old Hand
Group: General Forum Members
Last Login: Friday, May 17, 2013 12:47 PM
Points: 360,
Visits: 1,072
I have one of the network guys looking into a password for this account, however i find it weird that they can see legacy dts packages and schedule and run scheduled jobs.
¤ §unshine ¤
Post #476402
« Prev Topic
|
Next Topic »
33 posts, Page 1 of 4
1
2
3
4
»
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
