Use sp_configure or Policy Based Management to enable it. Permissionsīecause malicious users sometimes attempt to elevate their privileges by using xp_cmdshell, xp_cmdshell is disabled by default. EXEC sp_xp_cmdshell_proxy_account 'SHIPPING\KobeR','sdfh%dkc93vcMt0' įor more information, see sp_xp_cmdshell_proxy_account (Transact-SQL).
For example, the following command creates a proxy credential for Windows domain user SHIPPING\KobeR that has the Windows password sdfh%dkc93vcMt0. As arguments, this stored procedure takes a Windows user name and password. The proxy account credential can be created by executing sp_xp_cmdshell_proxy_account. If this proxy credential does not exist, xp_cmdshell will fail. When it is called by a user that is not a member of the sysadmin fixed server role, xp_cmdshell connects to Windows by using the account name and password stored in the credential named #xp_cmdshell_proxy_account#. In earlier versions of MicrosoftSQL Server the batch would continue to execute. If xp_cmdshell is executed within a batch and returns an error, the batch will fail.
The Windows process spawned by xp_cmdshell has the same security rights as the SQL Server service account. If the no_output option is used, only the following will be returned: The command(s) completed successfully.
The rows are returned in an nvarchar(255) column. Return Code ValuesĮxecuting the following xp_cmdshell statement returns a directory listing of the current directory. Is an optional parameter, specifying that no output should be returned to the client. If you have trouble with embedded spaces, consider using FAT 8.3 file names as a workaround. A single pair of quotation marks is required if any spaces are present in the file paths or program names referenced in command_string. command_string cannot contain more than one set of double quotation marks. command_string is varchar(8000) or nvarchar(4000), with no default. Is the string that contains a command to be passed to the operating system. Spawns a Windows command shell and passes in a string for execution. Applies to: SQL Server (all supported versions)
0 kommentar(er)
