March 11, 2011 at 4:08 pm
Hi ALL,
I have Transactional replication running. I also have noticed today that xp_cmdShell setting to be on. I am on SQL 2008 R2.
I know this is a security risk. When I ran the following SQL
use distriubution
go
SELECT ROUTINE_SCHEMA, ROUTINE_NAME, ROUTINE_DEFINITION
FROM INFORMATION_SCHEMA.ROUTINES
WHERE ROUTINE_DEFINITION LIKE '%xp_cmdshell%'
AND ROUTINE_TYPE='PROCEDURE'
ORDER BY ROUTINE_SCHEMA, ROUTINE_NAME
I have the result set "sp_MSdelete_publisherdb_trans"
Can I disable xp_cmdSHell. What is the way to identify where all it being used?
I tried running it on other db's too . Only msdb returned a result for setting local time.
Plzzz Help
March 16, 2011 at 7:22 am
We have Transactional replication set up between SQL 2008 SP1 Servers. We do not have xp_cmdshell enabled. I do not think that it uses xp_cmdshell but it probably uses Operating System(CmdExec) to do everything. That does not need xp_cmdshell to be enabled.
-Roy
July 23, 2024 at 11:46 am
What is the way to identify where all it being used?
SELECT definition
FROM sys.system_sql_modules
WHERE definition LIKE '%xp_cmdshell%';
July 23, 2024 at 7:41 pm
I'd say you need:
EXEC sp_msforeachdb 'use ? SELECT ''?'', definition FROM sys.all_sql_modules WHERE definition LIKE ''%xp_cmdshell%'';'
GO
USE msdb
GO
SELECT s2.job_id, s2.name, s.step_name FROM dbo.sysjobsteps AS s INNER JOIN dbo.sysjobs AS s2 ON s2.job_id = s.job_id
WHERE command LIKE '%xp_cmdshell%'
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply