September 13, 2002 at 9:16 am
Hello all -
I've recently installed the latest security hot fix (the one dated Aug. 14 on microsoft.com) to my SE2K SP2 server. Since then, when I try to execute xp_cmdshell as a non-SA user, I get this error:
Msg 50001, Level 1, State 50001
xpsql.cpp: Error 997 from GetProxyAccount on line 499
Has anyone seen this error, too? OR Has anyone applied this hot fix and had their "xp_cmdshell with non-SA user" functionality continue to work?
I've got a ticket open with Microsoft, but so far they say this is the first they've heard of it.
Thanks in advance!
PF
September 20, 2002 at 3:44 pm
I'm getting the same error in the same situation. Sometimes it is a different error number (0 or 317 instead of 997).
I'd be interested to hear if MS follows up with you.
I'm now trying to back out the hot fix to get this functionality to work again. It is not trivial but I'm still trying.
Harvey
September 21, 2002 at 9:46 am
HH - I have sent you an email with an explanantion of my fix. Here's a summary:
In EM,select YOUR_SERVER-->Management-->Right click SQL Server Agent-->Properties
In the 'Job System' tab, uncheck the bottom box (Only users with SysAdmin...)
apf
September 21, 2002 at 8:02 pm
Thanks apf.
The "only sysadmins can run cmdshell jobs" box is something that we had purposely left checked, because we didn't want all non-admins to be able to run cmdshell stuff. But it's good to know that unchecking that will get things working.
My guess now is that the behavior that worked under SP2 was basically a security hole that MS closed up with the hotfix. Oh well.
Harvey
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply