September 19, 2022 at 8:04 pm
I have a script that list all jobs that invokes xp_cmdshell:
declare @pattern nvarchar(max)
set @pattern='xp_cmdshell'
select name,enabled
from msdb.dbo.sysjobs j
inner join msdb.dbo.[sysjobsteps] s on j.job_id=s.job_id
where s.command like '%'+@pattern+'%'
order by j.name
however, I'm trying also list (as a separate column) with the scheduled time those job executes.
thanks for any assistance
September 19, 2022 at 10:39 pm
i found a script. this can be close
September 20, 2022 at 1:23 am
i found a script. this can be close
You do realize that's not going to find any job that executes a stored procedure that executes xp_CmdShell, correct?
This sounds a bit like a witch hunt... why do you need to do this?
--Jeff Moden
Change is inevitable... Change for the better is not.
September 20, 2022 at 9:49 am
hi jeff, i have a script to list all SPs that invokes xp_cmdshell.
our db security team has identify xp_cmdshell as a security finding. they want us to disable this xp.
as a workaround, i was planning to enable before the execution and disable when the proc/job is finish. only caveat - what happens when both job/proc executes simultaneously? who will turn on/off last?
long term, we have to re-write instead of using this xp.
thanks for any suggestions.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply