Set cmdshell proxy account, but not really set in SQL 2008

  • In sql 2008 I have a script that uses exp_cmdshell to write a file out to another server. In 2000 and 2005 this worked fine. Now in 2008 there is a permission issue writing to another server, I can write to a local folder on the SQL server but not to a network location. I set the cmdshell proxy account to a network account that has permission to write in the network location, but when I do xp_cmdshell ‘whoami.exe’ I get back NULL as if the proxy account was not set, when I look at the server, properties the account is listed under Server proxy account and the account is Enabled. Both the sql server service and sql server agent are running as local system account.

    SQLState = S1000, NativeError = 0

    Error = [Microsoft][SQL Server Native Client 10.0]Unable to open BCP host data-file

  • i think the rule is this:

    if the calling user is NOT a sysadmin, then the proxy account is used.

    if the calling user is a sysadmin, then the account being used to run the SQL service is used, regardless of whether the proxy account is set up;

    i think what you are seeing is you are running the process as a sysadmin, and the credentials like NT NETWORK\AUTHORITY are being used, so you get the NULL from WHOAMI.

    Lowell


    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • I changed the proxy account to a domain user account that has permissions to write to the destination folder, but is not an admin account and I am still getting the same error message. I also run the dbc command with -U with the same user.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply