xp_cmdshell

  • Lester Policarpio

    SSCertifiable

    Points: 7109

    How can i disable this command and any other related commands??

    "-=Still Learning=-"

    Lester Policarpio

  • Kishore.P

    SSCrazy Eights

    Points: 8031

    see the Setting Server Configuration section on SQL BOL or see the link: http://msdn2.microsoft.com/en-us/library/ms189631.aspx

    or use Surface area configuration in SQL 2005

  • Lester Policarpio

    SSCertifiable

    Points: 7109

    Thank you very much....

    "-=Still Learning=-"

    Lester Policarpio

  • abmore

    Hall of Fame

    Points: 3628

    this will disable the xp_cmdshell command.

    ===============================

    EXECUTE sp_configure 'xp_cmdshell', 0

    RECONFIGURE

    For configuring more option use

    EXECUTE sp_configure this will help to know which options you can configure.

    ( available in both SQL 2000 & 2005 )

    You can also use Surface area Config In 2005.

  • EdVassie

    SSC Guru

    Points: 60154

    I noticed this is in the SQL 2000 forum and the erplies have all used SQL 2005 facilities...

    The best way to disable xp_cmdshell in SQL 2000 or SQL 7 is to revoke execution to the Public role in master. This means that only those people who have explicit execute access to xp-cmdshell, plus those with sysadmin rights, can execute xp-cmdshell.

    Original author: SQL Server FineBuild[/url] 1-click install and best practice configuration of SQL Server 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005. 14 Mar 2017: now over 40,000 downloads.Disclaimer: All information provided is a personal opinion that may not match reality.Quote: When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist. - Archbishop Hélder Câmara

  • Lester Policarpio

    SSCertifiable

    Points: 7109

    Hi.. I ran this command to disable xp_cmdshell in MSSQL 2000

    -- To allow advanced options to be changed.

    EXEC sp_configure 'show advanced options', 1

    GO

    -- To update the currently configured value for advanced options.

    RECONFIGURE

    GO

    -- To enable the feature.

    EXEC sp_configure 'xp_cmdshell', 0-- 0 for disable, 1 for enable

    GO

    -- To update the currently configured value for this feature.

    RECONFIGURE

    GO

    But it gave me an error message like this :

    Configuration option 'show advanced options' changed from 1 to 1. Run the RECONFIGURE statement to install.

    Server: Msg 15123, Level 16, State 1, Procedure sp_configure, Line 79

    The configuration option 'xp_cmdshell' does not exist, or it may be an advanced option.

    Valid configuration options are:

    I tried to execute xp_cmdshell and its still working what other ways can i do to disable this command?? because it can cause some serious damage once enable and used in a wrong way...

    "-=Still Learning=-"

    Lester Policarpio

  • EdVassie

    SSC Guru

    Points: 60154

    sp_configure 'xp_cmdshell' is only available in SQL 2005 and above.

    In SQL 2000, the best way to disable xp_cmdshell is to modify its permissions in master to prevent use by Public. This will still allow sysadmin users to run xp_cmdshell.

    To stop sysadmin users running it, drop the extended proc xp_cmdshell. This will prevent anyone running it. It you do drop the proc, make sure you know how to re-instate it if needed.

    Original author: SQL Server FineBuild[/url] 1-click install and best practice configuration of SQL Server 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005. 14 Mar 2017: now over 40,000 downloads.Disclaimer: All information provided is a personal opinion that may not match reality.Quote: When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist. - Archbishop Hélder Câmara

  • Lester Policarpio

    SSCertifiable

    Points: 7109

    Thanks for the answer EdVassie... 🙂

    "-=Still Learning=-"

    Lester Policarpio

  • logicinside22

    SSCrazy Eights

    Points: 9617

    great very helpful

    thanks

    Aim to inspire rather than to teach.
    SQL Server DBA

  • Jeff Moden

    SSC Guru

    Points: 993661

    EdVassie (12/18/2007)


    sp_configure 'xp_cmdshell' is only available in SQL 2005 and above.

    In SQL 2000, the best way to disable xp_cmdshell is to modify its permissions in master to prevent use by Public. This will still allow sysadmin users to run xp_cmdshell.

    To stop sysadmin users running it, drop the extended proc xp_cmdshell. This will prevent anyone running it. It you do drop the proc, make sure you know how to re-instate it if needed.

    Hey, Ed! I know this is an old post but do you know of any sure-fire way to prevent "SA" users from using xp_CmdShell if they decide they want to turn it on?

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
    "If you think its expensive to hire a professional to do the job, wait until you hire an amateur."--Red Adair
    "Change is inevitable... change for the better is not."
    When you put the right degree of spin on it, the number 3|8 is also a glyph that describes the nature of a DBAs job. 😉

    Helpful Links:
    How to post code problems

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic. Login to reply