• opc.three (4/26/2013)


    A stand-alone PowerShell prompt on Homer's machine does not offer much over a stand-alone CmdShell prompt on Homer's machine in the way of added security, only in functionality. Both shells are running as Homer, from Homer's machine IP so actions from both are subject to OS level auditing under his username -and- network level auditing under his username and IP address. When Homer accesses a cmd shell promo via xp_shell neither of those things are true.

    When Homer accesses a cmd shell promo via xp_shell - nothing happens.

    Unless Homer is given SA privileges.

    And if Homer is given same kind of privileges on the Windows domain - "neither of those things are true".

    He can do whotever he wants from whereever he wants, remotely accessing any server/desktop around with a little chance of being caught.

    Get your security within SQL Server right, at least at the same level as within Windows domains - and all your imaginary hazards of xp_cmdshell will go away.

    _____________
    Code for TallyGenerator