<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQL Server 2008
»
SQL Server 2008 - General
»
xp_cmdshell access denied to desktop file...
17 posts, Page 1 of 2
1
2
»»
xp_cmdshell access denied to desktop file when logged as administrator - why ?
Rate Topic
Display Mode
Topic Options
Author
Message
isuckatsql
isuckatsql
Posted Tuesday, March 23, 2010 9:22 AM
SSC-Addicted
Group: General Forum Members
Last Login: Yesterday @ 8:05 AM
Points: 437,
Visits: 853
I am logged in as an administrator and each time i run the following query
exec master.dbo.xp_cmdshell 'dir c:\users\administrator.mydomainname\desktop\resumes\*.*'
I get an 'Access is denied' error!
This worked fine on my other server, what am i missing?
Thanks
Post #888222
muthukkumaran Kaliyamoorthy
muthukkumaran Kaliyamoorthy
Posted Tuesday, March 23, 2010 9:25 AM
Ten Centuries
Group: General Forum Members
Last Login: 2 days ago @ 5:22 AM
Points: 1,123,
Visits: 4,423
isuckatsql (3/23/2010)
I am logged in as an administrator and each time i run the following query
exec master.dbo.xp_cmdshell 'dir c:\users\administrator.mydomainname\desktop\resumes\*.*'
I get an 'Access is denied' error!
This worked fine on my other server, what am i missing?
Thanks
Are the account has sysadmin privilege ?
Muthukkumaran Kaliyamoorthy
Helping SQL DBAs and Developers >>>
SqlserverBlogForum
Post #888227
muthukkumaran Kaliyamoorthy
muthukkumaran Kaliyamoorthy
Posted Tuesday, March 23, 2010 9:25 AM
Ten Centuries
Group: General Forum Members
Last Login: 2 days ago @ 5:22 AM
Points: 1,123,
Visits: 4,423
Can you post the exact error message.
Muthukkumaran Kaliyamoorthy
Helping SQL DBAs and Developers >>>
SqlserverBlogForum
Post #888229
Shawn Melton
Shawn Melton
Posted Tuesday, March 23, 2010 9:28 AM
Right there with Babe
Group: General Forum Members
Last Login: Saturday, May 11, 2013 8:56 PM
Points: 754,
Visits: 1,891
Check the SQL service account permissions on the box that is working, versus the box that is not working?
http://msdn.microsoft.com/en-us/library/aa260689(SQL.80).aspx
When you grant execute permissions to users, the users can execute any operating-system command at the Microsoft Windows NT® command shell that
the account running Microsoft SQL Server™ has the needed privileges to execute
.
--------------------------------------------------------------
Shawn Melton
@wshawnmelton
Post #888233
Lowell
Lowell
Posted Tuesday, March 23, 2010 9:45 AM
SSChampion
Group: General Forum Members
Last Login: Yesterday @ 8:39 PM
Points: 11,638,
Visits: 27,713
this is a common security issue. The problem is that when you access any resource OUTSIDE of SQL server, like network shares, local hard drives,sp_OA type functions etc, it doesn't matter what YOUR credentials are, like Domain Admin,Local Admin etc, because SQL will not carry those credentials to the "outside of SQL" security context.
SQL Server uses the account it starts with to try and access the resource:
That account is often an account which has never logged into the domain, and was never assigned permissions to get to the local disk or network share.
As a result, you usually need to create a domain account in Active Directory, specifically grant it share access if it doesn't inherit it from Domain\Users or Domain\AuthenticatedUsers and change the account SQL Server starts with to that account.
Once that is done, and you stop and start the SQL service to make it use that account instead of old running values, your linked server/xp_cmdshell would work.
you can prove this is the issue by simply putting in your credentials, with your domain account and password, and confirm the linked server works when SQL is run your credentials, so you'd know you need a domain account to access the resource.
Lowell
--
There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #888265
isuckatsql
isuckatsql
Posted Tuesday, March 23, 2010 9:49 AM
SSC-Addicted
Group: General Forum Members
Last Login: Yesterday @ 8:05 AM
Points: 437,
Visits: 853
I am logged into SSMS as 'sa'.
The exact error message is 'Access is Denied'.
Post #888271
isuckatsql
isuckatsql
Posted Tuesday, March 23, 2010 10:22 AM
SSC-Addicted
Group: General Forum Members
Last Login: Yesterday @ 8:05 AM
Points: 437,
Visits: 853
Lowell,
That work great!
Thanks.
Post #888303
Lowell
Lowell
Posted Tuesday, March 23, 2010 10:28 AM
SSChampion
Group: General Forum Members
Last Login: Yesterday @ 8:39 PM
Points: 11,638,
Visits: 27,713
glad i could help!
Lowell
--
There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #888307
ntingab
ntingab
Posted Thursday, November 15, 2012 2:55 AM
Forum Newbie
Group: General Forum Members
Last Login: Thursday, November 15, 2012 6:42 AM
Points: 4,
Visits: 4
Thank you Lowell
Post #1385024
Lowell
Lowell
Posted Thursday, November 15, 2012 5:13 AM
SSChampion
Group: General Forum Members
Last Login: Yesterday @ 8:39 PM
Points: 11,638,
Visits: 27,713
ntingab (11/15/2012)
Thank you Lowell
glad this post helped you, ntingab!
Lowell
--
There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1385096
« Prev Topic
|
Next Topic »
17 posts, Page 1 of 2
1
2
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
