SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SQL Server Scripting and WMI


SQL Server Scripting and WMI

Author
Message
Anthony Loera
Anthony Loera
SSC Rookie
SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)

Group: General Forum Members
Points: 32 Visits: 6
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/aloera/sqlserverscriptingandwmi.asp
Dave Green
Dave Green
Valued Member
Valued Member (59 reputation)Valued Member (59 reputation)Valued Member (59 reputation)Valued Member (59 reputation)Valued Member (59 reputation)Valued Member (59 reputation)Valued Member (59 reputation)Valued Member (59 reputation)

Group: General Forum Members
Points: 59 Visits: 1

I would say that the restriction of "@" as the starting in an email probably needs to be longer and random - think of it as having close to the value of an SA password - if you know it, you can potentially damage the server. It might be an idea to change it periodically, too. Or did I miss something?

Of course, you can edit the rule so it only applies from (a) nominated email address(es), which would help.

On the whole tho, as long as this fits within security policies, it seems like a good inventive way of best using your time - and provides the benefit to the company that you can help resolve the problem quicker - no commuting to the VPN!

Thanks Anthony.

Dave.





SueB
SueB
SSC Veteran
SSC Veteran (251 reputation)SSC Veteran (251 reputation)SSC Veteran (251 reputation)SSC Veteran (251 reputation)SSC Veteran (251 reputation)SSC Veteran (251 reputation)SSC Veteran (251 reputation)SSC Veteran (251 reputation)

Group: General Forum Members
Points: 251 Visits: 1262

Anthony,

I never could get the first script to send an email. I have used scripts similar to this which worked. When I try to execute the stored procedure directly from query analyzer it returns a 0 but does not send an email.

I also did not understand what the Persons.dbf was used for. I did not see it mentioned again.

Sue





Zach Nichter
Zach Nichter
SSC Journeyman
SSC Journeyman (91 reputation)SSC Journeyman (91 reputation)SSC Journeyman (91 reputation)SSC Journeyman (91 reputation)SSC Journeyman (91 reputation)SSC Journeyman (91 reputation)SSC Journeyman (91 reputation)SSC Journeyman (91 reputation)

Group: General Forum Members
Points: 91 Visits: 46
Anthony,

great article! Very cool to see a positive use of the sp_OA stored procedures.

Your article inspires me to do something I've wanted to do for quite a while... learn WMI.

Regards,
Zach



--------------------------
Zach

Odds_And_Ends Blog
philcart
philcart
SSCarpal Tunnel
SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)

Group: General Forum Members
Points: 4092 Visits: 1436

Eerrgghhh !!!

I shudder to think of the uses this can be put to.

"Here's my new stored procedure that'll make everything run faster, and run my vbs virus all that much quicker "

Useful article though



Hope this helps
Phill Carter
--------------------
Colt 45 - the original point and click interface

Australian SQL Server User Groups - My profile
Phills Philosophies
Murrumbeena Cricket Club
Anthony Loera
Anthony Loera
SSC Rookie
SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)

Group: General Forum Members
Points: 32 Visits: 6

Thanks Dave,

I agree with your comment: As having simply the "@" symbol as a the starting in an email to activate a script. I actually have a few different symbols in my key phrases that I support. That said, I never give out these special key phrases to anyone, including other administrators.

In regards to editing the rule so it only applies from a nominated group of addresses, you are correct. Currently only my tmobile account email activates the scripts. Thinking back, maybe I should of added some of these thoughts to the main article. I am glad you brought them up, I am sure they will help folks who are looking to implement this in some way to their own system.

I am glad you enjoyed the article, I sure hope it helps folks who really want another tool that will win back some of their personal time, which is the real reason I decided to write the article.

Thanks again,

Anthony Loera


Anthony Loera
Anthony Loera
SSC Rookie
SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)

Group: General Forum Members
Points: 32 Visits: 6

Hi Sue,

I have only found 2 reasons why the email script would not work, maybe you can check these on your system.

1- SMTP service is not running on the box that is running SQL Server. Turn SMTP on.

2- Port 25 is blocked and preventing email to be sent outside the business LAN. If this is happening, simply send the email to yourself within the LAN using the procedure. This usually will be picked up within the LAN without a problem. Then have a rule forward the email to your 'second' email that you use for your phone, or pager.

I have seen the latter happen often.

Oh... BTW. 'Persons.dbf' was a comment I forgot to exclude. Sorry about that, you can simply ignore that one. My mistake.

Hope this provides an easy fix.

Anthony Loera


Anthony Loera
Anthony Loera
SSC Rookie
SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)

Group: General Forum Members
Points: 32 Visits: 6

Hi Phill, I have thought about the dark side of the article myself...

But, I also think that if Administration is done properly, which means Domain admins and SQL Admins are different entities that do not share domain passwords, (and of course passwords are changed regularly as part of the business operational tasks, which is what most businesses do at the present time), their would be little to worry about.

I think if anyone has a domain admin password and they are up to no good, they would really not need the use of scripts or SQL Server to cause harm. They would simply go for the jewels of the business directly.

Having a separation between network admins, and SQL admins allows for much of those vb script virus issues to disappear, even if the virus writer (god forbid) was working within the business network already.

I personally don't have network admin rights, I use WMI access only on those machines I personally have rights to, which is proper.

Thanks for bringing this up Phill, I hope this helps people lock down their system properly if they were considering this type of tool to help them win back some of their personal time.

Anthony Loera


Anthony Loera
Anthony Loera
SSC Rookie
SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)SSC Rookie (32 reputation)

Group: General Forum Members
Points: 32 Visits: 6

Hi Phill, I have thought about the dark side of the article myself...

But, I also think that if Administration is done properly, which means Domain admins and SQL Admins are different entities that do not share domain passwords, (and of course passwords are changed regularly as part of the business operational tasks, which is what most businesses do at the present time), there would be little to worry about.

I think if anyone has a domain admin password and they are up to no good, they would really not need the use of scripts or SQL Server to cause harm. They would simply go for the jewels of the business directly.

Having a separation between network admins, and SQL admins allows for much of those vb script virus issues to disappear, even if the virus writer (god forbid) was working within the business network already.

I personally don't have network admin rights, I use WMI access only on those machines I personally have rights to, which is proper.

Thanks for bringing this up Phill, I hope this helps people lock down their system properly if they were considering this type of tool to help them win back some of their personal time.

Anthony Loera


Mark Payne
Mark Payne
Forum Newbie
Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)

Group: General Forum Members
Points: 1 Visits: 33

I want to use your example to call an external vbscript and perform a WMI query that return values to my SQL stored procedure for use in a report.

I can call the vbscript, but am unable to get any output values from it. How do I setup my vbscript to return these values, or can you tell me where the disconnect is? I've tried wscript.echo statements and wscript.quit(<insert value here>.

Thanks

Mark


Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search