November 3, 2008 at 7:36 pm
Please let me know if there is any way to find out(programatically), the details of all users who have access to xp_cmdshell..
November 3, 2008 at 9:19 pm
By Default only Sysadmins will have execute permission to this extended stored procedure. so you can count on all logins with sysadmin roles.
And, if you have created xp_cmdshell Proxy Account then users with non administrative priviledges can also execute xp_cmdshell extended stored proc, unless they are user (just public role) in masters database with execute permission on xp_cmdshell.
so all logins who can execute xp_cmdshell would be all sysadmins + all users in master database which has execute permission on xp_cmdshell ( if xp_cmdshell Proxy Account is enabled).
to check if xp_cmdshell Proxy Account is enabled or not.
Go to SSMS Object Explorer - Security - Credentials and you will see xp_cmdshell Proxy Account. only if it is enabled.
Use master
EXEC sp_helprotect 'xp_cmdshell'
This will give you all the users list (Except Sysadmins ) who have access to xp_cmdshell
Use master
EXEC sp_helpsrvrolemember 'sysadmin'
This will give you list of all sysadmins.
so a combination of first and second script will be your solution.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply