September 28, 2007 at 10:57 am
How does the SQL Agent instance a CmdExec session if I have the xp_cmdshell feature turned off in my SQL 2005 server why does the job still run?
Scenerio: The SQL job runs a OSQL command and works perfectly even though the xp_cmdshell is turned off on my server. After performing a profiler trace I cannot identify though what mechanism this cmdshell session is initialized. How does it work?
I would have thought that my SQL job would fail if I tried to use a CmdExec type in my SQL Job, but that is not the case. This is probably one of the reasons the SQL Agent service account should have the least permissions possible on the server as this could be a large security hole.
Can anyone explain how the SQL job instantiates the CmdExec session within a SQL job and how it works?
September 28, 2007 at 11:32 am
The SQLAgent does not use xp_Cmdshell to execute a command line step. You can actually see this in that it does not even connect to a SQL Server to execute the job step.
The job agent service executes CmdExec job steps using a shell command or direct API call. This call will be made in the context of the Job Agent service account credentials.
October 2, 2007 at 10:59 am
James -- Just wanted to add more clarity. xp_cmshell is used by TSQL to execute OS level commands. An example is in a stored procedure, it is executed using the EXECute command. It basically can do any OS command, based on permissions.
For example this script can used execute to do a directory command:
EXEC master.dbo.xp_cmdshell 'dir c:'
Curtis Smith
SQL Server DBA
Well in worked in Theory ...
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply