sp_oacreate security execute problem
From: Rich (anonymous_at_discussions.microsoft.com)
Date: 11/27/03
- Previous message: Anthony: "RE: xp_cmdshell - Error 997 from GetProxyAccount on line 604"
- In reply to: Rich Norgaard: "sp_oacreate security execute problem"
- Next in thread: Erland Sommarskog: "Re: sp_oacreate security execute problem"
- Reply: Erland Sommarskog: "Re: sp_oacreate security execute problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Nov 2003 12:46:21 -0800
Anyone? Please?!
>-----Original Message-----
>Hello all!
>
> I've been troubleshooting this problem for quite
some
>time now with no success. I am experiencing some sort of
>security issue trying to use the sp_oacreate family of
>stored procedures. I am testing this on a managed
hosting
>box on which I have an Admin account and sa priviledges,
>but am restricted via security policies on certain
system
>configs. I'm pretty sure they've done something funny
and
>misconfigured something. Here's the sql code first of
all:
>
>DECLARE @pid int, @hr int, @path varchar(500), @src
>varchar(1000), @desc varchar(1000)
>SET @path = 'd:\myscript\test.wsf'
>EXEC @hr = sp_OACreate 'WScript.Shell', @pid OUT
>IF @hr <> 0
>BEGIN
> EXEC sp_OAGetErrorInfo @pid, @src OUT, @desc OUT
> SELECT 'oacreate',hr=convert(varbinary(4),@hr),
>Source=@src, Description=@desc
> RETURN
>END
>EXEC @hr = sp_OAMethod @pid, 'Run', NULL, @path
>IF @hr <> 0
>BEGIN
> EXEC sp_OAGetErrorInfo @pid, @src OUT, @desc OUT
> SELECT 'oamethod',hr=convert(varbinary(4),@hr),
>Source=@src, Description=@desc
> RETURN
>END
>EXEC @hr = sp_OADestroy @pid
>
> It works on two of three servers from this same
>provider, all of which are 'supposed' to be configured
>exactly the same. It also works on all of our local
>servers here. I am for the time being executing this in
>Query Analyzer with sa.
>
> Here's the result:
>
>oamethod 0x80070002 NULL NULL
>
> At first I thought is was restrictions at the DB
>level so I set all related system stored procedures to
>everyone and it still failed.
>
> Next we looked at local security policies and
noticed
>that 'Create global objects' and 'Impersonate a user
>after authentication' were not set, so we got our
>provider to set the effective settings to Service,
System
>and Administrators. Still no luck.
>
> The error number results on the call to the method
>Run but searches on this revolve around licensing and I
>couldn't find anything specific enough to help.
>
> The script itself is simply an ADO call to the DB
>with a comment so I can see it in Profiler, here's the
>code for my .wsf:
>
><job id="myjob">
><script language="VBScript">
>Set db_conn = Createobject("ADODB.Connection")
>db_conn.Open MY_CONN_STRING
>db_conn.Execute("-- TEST - IT WORKED IF WE SEE THIS")
></script></job>
>
> Any help would be super appreciated; this is
>definitely a tricky one! Thanks and have a super day!
>
>> Rich
- Previous message: Anthony: "RE: xp_cmdshell - Error 997 from GetProxyAccount on line 604"
- In reply to: Rich Norgaard: "sp_oacreate security execute problem"
- Next in thread: Erland Sommarskog: "Re: sp_oacreate security execute problem"
- Reply: Erland Sommarskog: "Re: sp_oacreate security execute problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
