Home Forums SQL Server 2008 SQL Server 2008 Administration Why powershell? RE: Why powershell?

  • April 24, 2013 at 12:11 pm

    #1609666

    opc.three (4/24/2013)

    Xp_cmdshell does not maintain a users identity all the way through the stack, which impedes auditing and allows for obfuscation of the identity of the person running the command.

    Once you start building process around it, it opens you up for ad hoc requests from malicious users because its enabled and execution of it is hard to differentiate.

    It's just hard to justify why anyone would ever start using it when there are more feature-rich, secure, and auditable tools available.

    I'm not even talking about xp_CmdShell. I'm talking about some Homer sitting in front of the keyboard at the DOS prompt. He needs to delete some files. He deletes some using DOS commands and some using PowerShell. Where are the audit logs and what do they say about who did what with each method?

    And, no... having xp_CmdShell turned on doesn't open you up for requests from malicious users. Allowing those malicious users to get in as SA is the only problem but you already know that.

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)