Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 1234»»»

XP_cmdshell error. Expand / Collapse
Author
Message
Posted Wednesday, January 30, 2008 5:03 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, April 10, 2014 12:57 PM
Points: 186, Visits: 805
Hello,

Can you tell me how can i give permissions for the execution of the xp_cmdshell to one user without give the sysadmin permission. This problem appears because theres an apicatioon(app user) that needs to execute some operating system task but i cant give this privilege to users.

I give the grant execution on the xp_cmdshell but it gives me the following error.

Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1
The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.
(0 row(s) affected)

Thanks and regards.
jmsm;)
Post #449285
Posted Wednesday, January 30, 2008 5:28 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, January 26, 2012 5:26 AM
Points: 1,367, Visits: 1,585
JMSM (1/30/2008)
Hello,

Can you tell me how can i give permissions for the execution of the xp_cmdshell to one user without give the sysadmin permission. This problem appears because theres an apicatioon(app user) that needs to execute some operating system task but i cant give this privilege to users.

I give the grant execution on the xp_cmdshell but it gives me the following error.

Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1
The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.
(0 row(s) affected)

Thanks and regards.
jmsm;)


If the user is not in the sysadmin role SQL Server will need to you need use a proxy account. You can set this up using sp_xp_cmdshell_proxy_account (see http://msdn2.microsoft.com/en-us/library/ms190359.aspx)
Regards,
Andras




Andras Belokosztolszki, MCPD, PhD
GoldenGate Software
Post #449292
Posted Friday, March 28, 2008 11:47 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Tuesday, March 18, 2014 11:34 AM
Points: 361, Visits: 1,138
I've tried this and users still get the following error.

Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1

the xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.

Any idea what else it could be?



¤ §unshine ¤
Post #476322
Posted Friday, March 28, 2008 11:55 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, January 03, 2013 4:44 PM
Points: 1,336, Visits: 595
are you sure you specified valid account? did you follow syntax shown below to create account?:
EXEC sp_xp_cmdshell_proxy_account 'MyDomain\MyUserName', 'myDomainPassword'



--www.sqlvillage.com
Post #476326
Posted Friday, March 28, 2008 12:02 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Tuesday, March 18, 2014 11:34 AM
Points: 361, Visits: 1,138
Yes, however it is a windows user id and i did not enter a password. Is that incorrect?

¤ §unshine ¤
Post #476329
Posted Friday, March 28, 2008 12:06 PM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, January 03, 2013 4:44 PM
Points: 1,336, Visits: 595
yes, you should enter password while creating it.

--www.sqlvillage.com
Post #476332
Posted Friday, March 28, 2008 12:10 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Tuesday, March 18, 2014 11:34 AM
Points: 361, Visits: 1,138
Any password? I used a group windows authenticated account. all developers can access everything via this account rather than being individually assigned security. Less maintenance.

¤ §unshine ¤
Post #476335
Posted Friday, March 28, 2008 12:31 PM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Yesterday @ 7:41 AM
Points: 6,621, Visits: 1,852
You must put the correct password for the Windows account you've specified will be the proxy account. And yes, when a non-Sysadmin runs xp_cmdshell, xp_cmdshell will execute as this Windows account and only this Windows account. So be careful with respect to what rights it has.


K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #476348
Posted Friday, March 28, 2008 12:36 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Tuesday, March 18, 2014 11:34 AM
Points: 361, Visits: 1,138
ok. I'll have to talk to whoever setup this account. They just all log in with their individual windows account and have access.
thanks!


¤ §unshine ¤
Post #476354
Posted Friday, March 28, 2008 1:30 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Tuesday, March 18, 2014 11:34 AM
Points: 361, Visits: 1,138
I have one of the network guys looking into a password for this account, however i find it weird that they can see legacy dts packages and schedule and run scheduled jobs.

¤ §unshine ¤
Post #476402
« Prev Topic | Next Topic »

Add to briefcase 1234»»»

Permissions Expand / Collapse