Re: sp_oacreate security execute problem
From: Sue Hoegemeier (Sue_H_at_nomail.please)
Date: 11/26/03
- Next message: Eric: "Error 22042"
- Previous message: Sue Hoegemeier: "Re: what encryption is used in DTS"
- In reply to: Rich Norgaard: "sp_oacreate security execute problem"
- Next in thread: Rich: "sp_oacreate security execute problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Nov 2003 20:38:05 -0700
Not sure but one guess would be that the OS restriction
imposed is based on running scripts (vb scripts, wsh scripts
etc.).
-Sue
On Mon, 24 Nov 2003 08:12:24 -0800, "Rich Norgaard"
<rich@discussions.microsoft.com> wrote:
>Hello all!
>
> I've been troubleshooting this problem for quite some
>time now with no success. I am experiencing some sort of
>security issue trying to use the sp_oacreate family of
>stored procedures. I am testing this on a managed hosting
>box on which I have an Admin account and sa priviledges,
>but am restricted via security policies on certain system
>configs. I'm pretty sure they've done something funny and
>misconfigured something. Here's the sql code first of all:
>
>DECLARE @pid int, @hr int, @path varchar(500), @src
>varchar(1000), @desc varchar(1000)
>SET @path = 'd:\myscript\test.wsf'
>EXEC @hr = sp_OACreate 'WScript.Shell', @pid OUT
>IF @hr <> 0
>BEGIN
> EXEC sp_OAGetErrorInfo @pid, @src OUT, @desc OUT
> SELECT 'oacreate',hr=convert(varbinary(4),@hr),
>Source=@src, Description=@desc
> RETURN
>END
>EXEC @hr = sp_OAMethod @pid, 'Run', NULL, @path
>IF @hr <> 0
>BEGIN
> EXEC sp_OAGetErrorInfo @pid, @src OUT, @desc OUT
> SELECT 'oamethod',hr=convert(varbinary(4),@hr),
>Source=@src, Description=@desc
> RETURN
>END
>EXEC @hr = sp_OADestroy @pid
>
> It works on two of three servers from this same
>provider, all of which are 'supposed' to be configured
>exactly the same. It also works on all of our local
>servers here. I am for the time being executing this in
>Query Analyzer with sa.
>
> Here's the result:
>
>oamethod 0x80070002 NULL NULL
>
> At first I thought is was restrictions at the DB
>level so I set all related system stored procedures to
>everyone and it still failed.
>
> Next we looked at local security policies and noticed
>that 'Create global objects' and 'Impersonate a user
>after authentication' were not set, so we got our
>provider to set the effective settings to Service, System
>and Administrators. Still no luck.
>
> The error number results on the call to the method
>Run but searches on this revolve around licensing and I
>couldn't find anything specific enough to help.
>
> The script itself is simply an ADO call to the DB
>with a comment so I can see it in Profiler, here's the
>code for my .wsf:
>
><job id="myjob">
><script language="VBScript">
>Set db_conn = Createobject("ADODB.Connection")
>db_conn.Open MY_CONN_STRING
>db_conn.Execute("-- TEST - IT WORKED IF WE SEE THIS")
></script></job>
>
> Any help would be super appreciated; this is
>definitely a tricky one! Thanks and have a super day!
>
>> Rich
- Next message: Eric: "Error 22042"
- Previous message: Sue Hoegemeier: "Re: what encryption is used in DTS"
- In reply to: Rich Norgaard: "sp_oacreate security execute problem"
- Next in thread: Rich: "sp_oacreate security execute problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
