Re: xpsql.cpp
From: Bil (biljanat@nbrm.gov.mk)
Date: 12/25/02
- Next message: Bil: "Re: xpsql.cpp"
- Previous message: Aqeel: "SQL Server or IIS"
- In reply to: Dan Guzman: "Re: xpsql.cpp"
- Next in thread: Bil: "Re: xpsql.cpp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bil" <biljanat@nbrm.gov.mk> Date: Wed, 25 Dec 2002 14:29:53 +0100
Dan, at my servers this line returns nothing (Null):
EXEC master..xp_cmdshell 'CScript.exe //NOLOGO C:\WhoAmI.vbs'
Anyway, thank you very much for your help. I wish you also Merry Christmas
and Happy Holidays.
Thanks again and the best,
Biljana
"Dan Guzman" <danguzman@nospam-earthlink.net> wrote in message
news:edwQBM2qCHA.1776@TK2MSFTNGP10...
> Although the environment variable still reports the SQL Server service
> account, the actual security context has been changed to the proxy
> account. You can verify this by executing the following VBScript via
> xp_cmdshell:
>
> 'C:\WhoAmI.vbs
> Set Network = CreateObject("WScript.Network")
> WScript.Echo "UserDomain=" & Network.UserDomain
> WScript.Echo "UserName=" & Network.UserName
>
>
> USE MyDatabase
> GO
> CREATE PROCEDURE [dbo].[usp_test] AS
> --this reports the SQL Server service account
> EXEC master..xp_cmdshell 'ECHO %USERNAME%'
> --this reports the proxy account
> EXEC master..xp_cmdshell 'CScript.exe //NOLOGO C:\WhoAmI.vbs'
> GO
> GRANT EXEC ON usp_test TO public
> GO
> SETUSER 'SomeNonSaUser'
> GO
> EXEC usp_test
> GO
>
> Also, note that direct execute permissions on xp_cmdshell are not needed
> if the user database is owned by 'sa' since the ownership chain is
> unbroken.
>
> --
> Happy Holidays.
>
> Dan Guzman
> SQL Server MVP
>
- Next message: Bil: "Re: xpsql.cpp"
- Previous message: Aqeel: "SQL Server or IIS"
- In reply to: Dan Guzman: "Re: xpsql.cpp"
- Next in thread: Bil: "Re: xpsql.cpp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
