November 19, 2014 at 4:21 pm
Hello,
I enabled xp_cmdshell feature in my sql server 2012 instance but it seems it automatically disabled in the evening. How to I know who and when and what program to disable xp_cmdshell feature?
Thanks for your help!
November 19, 2014 at 11:00 pm
If you have the "Default Trace" running (and you should if you don't, it's on by default though), the following should do with the understanding that you get to pick which columns you want to see for something like this...
SELECT tr.*
FROM sys.fn_trace_gettable
(CONVERT(VARCHAR(500),
( --=== Locate the default trace
SELECT TOP 1 [value]
FROM sys.fn_trace_getinfo(NULL)
WHERE property = 2
)
), DEFAULT) tr
WHERE tr.TextData LIKE '%Configuration%xp_CmdShell%1 to 0%'
ORDER BY tr.StartTime DESC
;
--Jeff Moden
Change is inevitable... Change for the better is not.
November 20, 2014 at 8:51 am
SELECT tr.*
FROM sys.fn_trace_gettable
(CONVERT(VARCHAR(500),
( --=== Locate the default trace
SELECT TOP 1 [value]
FROM sys.fn_trace_getinfo(NULL)
WHERE property = 2
)
), DEFAULT) tr
WHERE tr.TextData LIKE '%xp_cmdshell%'
ORDER BY tr.StartTime DESC
;
above script works for me.
Thanks very much!
November 20, 2014 at 9:43 am
Very cool. Thank you for the feedback. Just be aware that will also find usage and not just the instances where someone turned it off.
--Jeff Moden
Change is inevitable... Change for the better is not.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply