SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


xp_cmdshell


xp_cmdshell

Author
Message
Lester Policarpio
Lester Policarpio
SSCommitted
SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)

Group: General Forum Members
Points: 1759 Visits: 2459
How can i disable this command and any other related commands??

"-=Still Learning=-"

Lester Policarpio
Kishore.P
Kishore.P
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2605 Visits: 619
see the Setting Server Configuration section on SQL BOL or see the link: http://msdn2.microsoft.com/en-us/library/ms189631.aspx
or use Surface area configuration in SQL 2005



Lester Policarpio
Lester Policarpio
SSCommitted
SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)

Group: General Forum Members
Points: 1759 Visits: 2459
Thank you very much....

"-=Still Learning=-"

Lester Policarpio
abmore
abmore
SSCommitted
SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)SSCommitted (1.5K reputation)

Group: General Forum Members
Points: 1541 Visits: 931
this will disable the xp_cmdshell command.
===============================
EXECUTE sp_configure 'xp_cmdshell', 0
RECONFIGURE

For configuring more option use
EXECUTE sp_configure this will help to know which options you can configure.

( available in both SQL 2000 & 2005 )
You can also use Surface area Config In 2005.
EdVassie
EdVassie
SSChampion
SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)

Group: General Forum Members
Points: 13621 Visits: 3894
I noticed this is in the SQL 2000 forum and the erplies have all used SQL 2005 facilities...

The best way to disable xp_cmdshell in SQL 2000 or SQL 7 is to revoke execution to the Public role in master. This means that only those people who have explicit execute access to xp-cmdshell, plus those with sysadmin rights, can execute xp-cmdshell.

Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005. 14 Mar 2017: now over 40,000 downloads.Disclaimer: All information provided is a personal opinion that may not match reality.Quote: When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist. - Archbishop Hélder Câmara
Lester Policarpio
Lester Policarpio
SSCommitted
SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)

Group: General Forum Members
Points: 1759 Visits: 2459
Hi.. I ran this command to disable xp_cmdshell in MSSQL 2000
-- To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
-- To update the currently configured value for advanced options.
RECONFIGURE
GO
-- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 0-- 0 for disable, 1 for enable
GO
-- To update the currently configured value for this feature.
RECONFIGURE
GO

But it gave me an error message like this :

Configuration option 'show advanced options' changed from 1 to 1. Run the RECONFIGURE statement to install.
Server: Msg 15123, Level 16, State 1, Procedure sp_configure, Line 79
The configuration option 'xp_cmdshell' does not exist, or it may be an advanced option.

Valid configuration options are:


I tried to execute xp_cmdshell and its still working what other ways can i do to disable this command?? because it can cause some serious damage once enable and used in a wrong way...

"-=Still Learning=-"

Lester Policarpio
EdVassie
EdVassie
SSChampion
SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)SSChampion (13K reputation)

Group: General Forum Members
Points: 13621 Visits: 3894
sp_configure 'xp_cmdshell' is only available in SQL 2005 and above.

In SQL 2000, the best way to disable xp_cmdshell is to modify its permissions in master to prevent use by Public. This will still allow sysadmin users to run xp_cmdshell.

To stop sysadmin users running it, drop the extended proc xp_cmdshell. This will prevent anyone running it. It you do drop the proc, make sure you know how to re-instate it if needed.

Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005. 14 Mar 2017: now over 40,000 downloads.Disclaimer: All information provided is a personal opinion that may not match reality.Quote: When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist. - Archbishop Hélder Câmara
Lester Policarpio
Lester Policarpio
SSCommitted
SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)

Group: General Forum Members
Points: 1759 Visits: 2459
Thanks for the answer EdVassie... Smile

"-=Still Learning=-"

Lester Policarpio
logicinside22
logicinside22
SSCommitted
SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)

Group: General Forum Members
Points: 1916 Visits: 1419
great very helpful
thanks

Aim to inspire rather than to teach.
SQL Server DBA
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (209K reputation)SSC Guru (209K reputation)SSC Guru (209K reputation)SSC Guru (209K reputation)SSC Guru (209K reputation)SSC Guru (209K reputation)SSC Guru (209K reputation)SSC Guru (209K reputation)

Group: General Forum Members
Points: 209375 Visits: 41973
EdVassie (12/18/2007)
sp_configure 'xp_cmdshell' is only available in SQL 2005 and above.

In SQL 2000, the best way to disable xp_cmdshell is to modify its permissions in master to prevent use by Public. This will still allow sysadmin users to run xp_cmdshell.

To stop sysadmin users running it, drop the extended proc xp_cmdshell. This will prevent anyone running it. It you do drop the proc, make sure you know how to re-instate it if needed.


Hey, Ed! I know this is an old post but do you know of any sure-fire way to prevent "SA" users from using xp_CmdShell if they decide they want to turn it on?

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search