xp_cmdshell

Question

xp_cmdshell

Lester Policarpio

SSCertifiable

Points: 7109
More actions
November 26, 2007 at 10:04 pm

#76830

How can i disable this command and any other related commands??
"-=Still Learning=-"
Lester Policarpio

Viewing 10 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply

Kishore.P SSCrazy Eights Points: 8147 More actions · Answer 1

see the Setting Server Configuration section on SQL BOL or see the link: http://msdn2.microsoft.com/en-us/library/ms189631.aspx

or use Surface area configuration in SQL 2005

Lester Policarpio SSCertifiable Points: 7109 More actions · Answer 2

Thank you very much....

"-=Still Learning=-"

Lester Policarpio

abmore Hall of Fame Points: 3628 More actions · Answer 3

this will disable the xp_cmdshell command.

===============================

EXECUTE sp_configure 'xp_cmdshell', 0

RECONFIGURE

For configuring more option use

EXECUTE sp_configure this will help to know which options you can configure.

( available in both SQL 2000 & 2005 )

You can also use Surface area Config In 2005.

EdVassie SSC Guru Points: 60445 More actions · Answer 4

I noticed this is in the SQL 2000 forum and the erplies have all used SQL 2005 facilities...

The best way to disable xp_cmdshell in SQL 2000 or SQL 7 is to revoke execution to the Public role in master. This means that only those people who have explicit execute access to xp-cmdshell, plus those with sysadmin rights, can execute xp-cmdshell.

Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.

When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara

Lester Policarpio SSCertifiable Points: 7109 More actions · Answer 5

Hi.. I ran this command to disable xp_cmdshell in MSSQL 2000

-- To allow advanced options to be changed.

EXEC sp_configure 'show advanced options', 1

GO

-- To update the currently configured value for advanced options.

RECONFIGURE

GO

-- To enable the feature.

EXEC sp_configure 'xp_cmdshell', 0-- 0 for disable, 1 for enable

GO

-- To update the currently configured value for this feature.

RECONFIGURE

GO

But it gave me an error message like this :

Configuration option 'show advanced options' changed from 1 to 1. Run the RECONFIGURE statement to install.

Server: Msg 15123, Level 16, State 1, Procedure sp_configure, Line 79

The configuration option 'xp_cmdshell' does not exist, or it may be an advanced option.

Valid configuration options are:

I tried to execute xp_cmdshell and its still working what other ways can i do to disable this command?? because it can cause some serious damage once enable and used in a wrong way...

"-=Still Learning=-"

Lester Policarpio

EdVassie SSC Guru Points: 60445 More actions · Answer 6

sp_configure 'xp_cmdshell' is only available in SQL 2005 and above.

In SQL 2000, the best way to disable xp_cmdshell is to modify its permissions in master to prevent use by Public. This will still allow sysadmin users to run xp_cmdshell.

To stop sysadmin users running it, drop the extended proc xp_cmdshell. This will prevent anyone running it. It you do drop the proc, make sure you know how to re-instate it if needed.

Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.

When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara

Lester Policarpio SSCertifiable Points: 7109 More actions · Answer 7

Thanks for the answer EdVassie... 🙂

"-=Still Learning=-"

Lester Policarpio

SQlLogic SSCrazy Eights Points: 9686 More actions · Answer 8

SQlLogic

SSCrazy Eights

Points: 9686

January 17, 2012 at 2:05 pm

#1434870

great very helpful

thanks

Jeff Moden SSC Guru Points: 1003851 More actions · Answer 9

EdVassie (12/18/2007)
sp_configure 'xp_cmdshell' is only available in SQL 2005 and above.
In SQL 2000, the best way to disable xp_cmdshell is to modify its permissions in master to prevent use by Public. This will still allow sysadmin users to run xp_cmdshell.
To stop sysadmin users running it, drop the extended proc xp_cmdshell. This will prevent anyone running it. It you do drop the proc, make sure you know how to re-instate it if needed.

Hey, Ed! I know this is an old post but do you know of any sure-fire way to prevent "SA" users from using xp_CmdShell if they decide they want to turn it on?

--Jeff Moden

RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

Change is inevitable... Change for the better is not.

Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)