October 23, 2016 at 4:02 pm
Comments posted to this topic are about the item Let the shell free
October 23, 2016 at 11:01 pm
The correct answer is only a 1/4 correct. You also have to enable advanced options and RECONFIGURE twice (once for the advanced options and once to enable xp_CmdShell.
Heh... of course, the way I look at it, you shouldn't have to enable it. It should already be enabled because there's no security advantage to disabling it. 😉
--Jeff Moden
Change is inevitable... Change for the better is not.
October 24, 2016 at 5:10 am
And here I was looking for the trick. 😛
October 24, 2016 at 6:30 am
Jeff Moden (10/23/2016)
The correct answer is only a 1/4 correct. You also have to enable advanced options and RECONFIGURE twice (once for the advanced options and once to enable xp_CmdShell.Heh... of course, the way I look at it, you shouldn't have to enable it. It should already be enabled because there's no security advantage to disabling it. 😉
Actually it's really only 1/6 correct, because you might want to disable advanced options and reconfigure again.
I agree that it's been pretty pointless having it disabled as default since the holes in the proxy handling were fixed maybe 14 years ago (I can't remember which service pack fixed that, but I know is it was later than 2002 and earlier than 2005).
Tom
October 24, 2016 at 6:41 am
TomThomson (10/24/2016)
Jeff Moden (10/23/2016)
The correct answer is only a 1/4 correct. You also have to enable advanced options and RECONFIGURE twice (once for the advanced options and once to enable xp_CmdShell.Heh... of course, the way I look at it, you shouldn't have to enable it. It should already be enabled because there's no security advantage to disabling it. 😉
Actually it's really only 1/6 correct, because you might want to disable advanced options and reconfigure again.
I agree that it's been pretty pointless having it disabled as default since the holes in the proxy handling were fixed maybe 14 years ago (I can't remember which service pack fixed that, but I know is it was later than 2002 and earlier than 2005).
Only 14 years and the fear lives on. 😉
October 24, 2016 at 7:25 am
Jeff Moden (10/23/2016)
The correct answer is only a 1/4 correct. You also have to enable advanced options and RECONFIGURE twice (once for the advanced options and once to enable xp_CmdShell.Heh... of course, the way I look at it, you shouldn't have to enable it. It should already be enabled because there's no security advantage to disabling it. 😉
Isn't it disabled by default? If so, you'd need to enable it at least once.
October 24, 2016 at 8:10 am
Luis Cazares (10/24/2016)
Jeff Moden (10/23/2016)
The correct answer is only a 1/4 correct. You also have to enable advanced options and RECONFIGURE twice (once for the advanced options and once to enable xp_CmdShell.Heh... of course, the way I look at it, you shouldn't have to enable it. It should already be enabled because there's no security advantage to disabling it. 😉
Isn't it disabled by default? If so, you'd need to enable it at least once.
It can also be enabled by Policy-Based Management but, basically, you're correct. It's a part of my "configure a new server" script to turn enable it.
--Jeff Moden
Change is inevitable... Change for the better is not.
October 24, 2016 at 8:52 am
Interesting discussion... Thanks, Steve!
October 25, 2016 at 3:03 am
Nice question, thanks.
Need an answer? No, you need a question
My blog at https://sqlkover.com.
MCSE Business Intelligence - Microsoft Data Platform MVP
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply