October 1, 2012 at 3:19 am
Hi guys,
I am new to powershell, can anyone please help me in undertanding powershell. I googled about powershell. But i dint get any clear idea about it.
I would like to know about, for what purpose we are using powershell.
And i need to use powershell for deployment. Please help me on this.
October 1, 2012 at 3:41 am
A good starting point would be the Stairways series available on this site: http://www.sqlservercentral.com/stairway/91327/.
There is also the book "Learn Windows Powershell in a Month of Lunches".
October 1, 2012 at 3:59 am
October 1, 2012 at 2:24 pm
vijayarani87.s (10/1/2012)
I would like to know about, for what purpose we are using powershell.
Three properties of a given task that compel me to use PowerShell or another managed programming language like C# or SSIS over using T-SQL to accomplish the same task:
1. The need to interact with a file system, e.g. deleting old files, renaming existing files, executing a program, etc. If you're considering using xp_cmdshell or one of the undocumented extended procedures like xp_dirtree, don't, explore using PowerShell or another managed programming language like C# or SSIS.
2. The need to interact with multiple database instances, e.g. gathering information about an environment where I want to run the same query against 1-n instances and compare or do something with the results. If you're thinking of using Linked Servers, don't, explore using PowerShell or another managed programming language like C# or SSIS.
3. The need to interact with a service outside the SQL database engine, e.g. Active Directory, a Web Service, SharePoint, etc. If you're thinking of using CLR or the OLE Automation procs, don't, explore using PowerShell or another managed programming language like C# or SSIS.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
October 1, 2012 at 4:05 pm
Heh... Or do like I do. Use xp_CmdShell to call PowerShell. 😉
Of course, you should make sure you're system is properly locked down first.
--Jeff Moden
Change is inevitable... Change for the better is not.
October 1, 2012 at 5:04 pm
Jeff Moden (10/1/2012)
Of course, you should make sure you're system is properly locked down first.
Properly locking down your system, what exactly do you mean by that?
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
October 1, 2012 at 8:24 pm
opc.three (10/1/2012)
Jeff Moden (10/1/2012)
Of course, you should make sure you're system is properly locked down first.Properly locking down your system, what exactly do you mean by that?
It's simple. Only the DBAs have SA privs and no non-DBA user or app has been given a proxy to execute xp_CmdShell directly. They can only do it through a stored procedure that can't even see the content of.
--Jeff Moden
Change is inevitable... Change for the better is not.
October 1, 2012 at 10:01 pm
Jeff Moden (10/1/2012)
opc.three (10/1/2012)
Jeff Moden (10/1/2012)
Of course, you should make sure you're system is properly locked down first.Properly locking down your system, what exactly do you mean by that?
It's simple. Only the DBAs have SA privs and no non-DBA user or app has been given a proxy to execute xp_CmdShell directly. They can only do it through a stored procedure that can't even see the content of.
Congratulations! You have boiled down 'Securing SQL Server' into less tHan 40 words! :hehe:
The fact remains that enabling xp_cmdshell introduces risk into an environment and there simply is no reason one needs to enable it to manage a database.
For the original poster and any onlookers it is in your best interests to look beyond xp_cmdshell when evaluating how to solve an issue in SQL Server.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
October 2, 2012 at 6:42 am
opc.three (10/1/2012)[hrThe fact remains that enabling xp_cmdshell introduces risk into an environment and there simply is no reason one needs to enable it to manage a database.
That fact remains that you still have an unreasonable fear of it. Unless you've made the mistake of enabling a non-SA-prived individual to use it, only SA's can use if. If you have it turned off and you're apps have SA privs, the first thing an attacker will do is turn it on. It won't even slow the attacker down because he'll be expecting it.
BWAA-HAAA!!!! And there's nothing wrong with summarizing the security of SQL Server in 40 words or less. Many people apparently don't understand the basic idea of "only DBAs get SA". Perhaps the additional 11 words of "Don't forget to turn off the guest and builtin admin accounts" would help?
xp_CmdShell is useless in the hands of an attacker because, in a properly locked down system, he can't get his hands on it. You need to concentrate on properly locking down your system because that's the real problem.
--Jeff Moden
Change is inevitable... Change for the better is not.
October 2, 2012 at 9:04 am
Jeff Moden (10/2/2012)
opc.three (10/1/2012)[hrThe fact remains that enabling xp_cmdshell introduces risk into an environment and there simply is no reason one needs to enable it to manage a database.
That fact remains that you still have an unreasonable fear of it.
Sorry, but that dog won't hunt. All steps taken to prevent the use of xp_cmdshell are well-rooted in reason. It continues to astonish me that you are such an ardent proponent of it. Not only does it introduce risk into an environment but it might be one of the single-worst design choices for application development on the SQL Server platform.
Unless you've made the mistake of enabling a non-SA-prived individual to use it, only SA's can use if.
You're assuming that we as database professionals will be able to foresee and dictate all actions taken by someone with rights to change Active Directory. In a vacuum xp_cmdshell is harmless. In the real world it's a security risk. In a "properly locked down system" xp_cmdshell is disabled.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply