November 21, 2008 at 10:37 am
I am trying to use xp_cmdshell to access a share on DFS but I keep getting access denied but if I access a regular share it works fine.
This works:
EXEC xp_cmdshell 'dir \\fileserver\shared\*.*'
This doesn't:
EXEC xp_cmdshell 'dir \\company.corp\dfs\reports\*.*'
November 21, 2008 at 10:56 am
Can you get the full share path from DFS so that you can put that in place? I don't know that SQL Server actually ties into DFS references as it is really having to go back to the Domain Controller to look for it rather than a physical box \ share.
Might be worth opening this to be something to put out on Connect for MS to look at including. Not sure how many people would use it though.
David
@SQLTentmaker“He is no fool who gives what he cannot keep to gain that which he cannot lose” - Jim Elliot
November 21, 2008 at 11:08 am
well here is some more info.
I changed the Server Service to use a domain account and it can access the DFS share fine if I do that. I was hoping to avoid having to change the service logon account.
Is there anyway to get around the server service needing the credentials for the shares?
can you execute the xp_cmdshell as a specific user instead?
Thanks
November 21, 2008 at 3:44 pm
anorton (11/21/2008)
Is there anyway to get around the server service needing the credentials for the shares?
No, you would need to have the permissions established. One question though, you had stated in your first post that you could access the share (or a share) before, was that on the local server? Doesn't much matter just trying to understand.
Also, thanks for letting me know that DFS is actually accessible. Thinking about it I should have known that since we backup to DFS referenced shares. 🙁
David
@SQLTentmaker“He is no fool who gives what he cannot keep to gain that which he cannot lose” - Jim Elliot
November 23, 2008 at 4:21 pm
November 23, 2008 at 4:33 pm
To clarify, the proxy account comes into play when a user that's not a member of the sysadmin role executes xp_cmdshell. You can impersonate a non-sysadmin user using the EXECUTE AS command, but remember then that you need to grant CONTROL SERVER rights on the server and EXECUTE rights on xp_cmdshell to that user in order to be able to execute xp_cmdshell (in addition to setting up the proxy account).
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply