April 28, 2016 at 7:33 am
Hello everyone, I was tasked as to why the xp_cmdshell keeps being disabled.
Is there a way I can track down "who/what" keeps turning this off?
I have enabled it 3 times already.
April 28, 2016 at 8:06 am
Create a job which will be recording status of xp_cmdshell into a table, say, every minute and enable it after each recording.
Analysing the records you may be able to figure out the pattern of disabling (or lack of it).
That should give you a good idea where does it come from.
_____________
Code for TallyGenerator
April 29, 2016 at 4:42 am
Thank you.
With my luck it happened again today.
So, I was looking through the sql server log and found the spid plus was able to match that spid with the person that disabled it using the activity monitor. Thank goodness that user did not log out.
I like also creating the table idea because it will be cleaner and easy to find.
Thank you so much for that idea.
April 29, 2016 at 5:30 am
To enable or disable it, the login needs to have the sysadmin or server admin role or have been granted ALTER SETTINGS. I really hope you don't have so many of these people that it's hard to find. Also, with this level of permission, they should be able to be honest when asked.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply