July 28, 2008 at 10:37 am
I am trying to grant use of xp_cmdshell to non administrators on a SQL Server 2000 system (I know it opens an enormous security hole, but due to an unusual set of circumstances this is accepted.) Naturally when I use it logged in with my admin account, it works as expected, but when used by my test account I get:
xpsql.cpp: Error 1314 from CreateProcessAsUser on line 636
I have granted execute on xp_cmdshell, enabled xp_cmdshell for non-admins in enterprise manager, and ensured that the SQL Server Service and SQL Server Agent account all have local admin authority on the machine. I also made sure a proxy account was set. At one point for testing I tried setting the proxy account as the same account used for the SQL Server Service, which as mentioned has admin rights. And I am still continuing to receive the same error. This error results whether the test account is a sql login account or a domain account.
Is there anything I am missing?
added: It was also suggested that I enable Cross database ownership chaining, which I did with no success.
---
Timothy A Wiseman
SQL Blog: http://timothyawiseman.wordpress.com/
July 30, 2008 at 12:02 pm
Does this link help at all?
MCITP, Database Administrator
A hodgepodge of Information Technology and Life
LinkedIn Profile
My Twitter
July 31, 2008 at 8:53 am
Jason, I appreciate the suggestion, but it did not work for me. I moved it over to a windows system account and that still will not allow non-sysadmins to execute xp_cmdshell.
Any other suggestions?
---
Timothy A Wiseman
SQL Blog: http://timothyawiseman.wordpress.com/
July 31, 2008 at 10:15 am
Have you right-clicked on SQL Server Agent.
Select Properties.
What do you show on Job System for Non-SysAdmins?
MCITP, Database Administrator
A hodgepodge of Information Technology and Life
LinkedIn Profile
My Twitter
August 1, 2008 at 5:04 am
We setup a SQL Proxy Account to get this to work. try http://support.microsoft.com/kb/890775 or http://support.microsoft.com/kb/833559. hth
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply