RE: xp_cmdshell, Access Denied, Further Investigation Reveals
From: Peter Yang [MSFT] (petery_at_online.microsoft.com)
Date: 10/17/05
- Next message: Pleo: "How to change sql login username instead of create new one."
- Previous message: Dan Guzman: "Re: sa loginname being hacked"
- Maybe in reply to: Peter Yang [MSFT]: "RE: xp_cmdshell, Access Denied, Further Investigation Reveals"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Oct 2005 05:02:05 GMT
Hello Tdar,
Since there is no issue for local disk access, it does seem to be a
delegation issue related to kerberos. You may want to install SQL on a
Win2000/2003 server, move the database to the server, and then test the
situation.
Regards,
Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: xp_cmdshell, Access Denied, Further Investigation Reveals
>thread-index: AcXQxlD0966O1STeRKyZhbqhJxYpfA==
>X-WBNR-Posting-Host: 65.35.95.11
>From: "=?Utf-8?B?VGRhclRkYXI=?=" <Tdar@noemail.nospam>
>References: <C9ABAD68-E537-46BD-BE4B-196CFB9A277F@microsoft.com>
<WMTii7G0FHA.1144@TK2MSFTNGXA01.phx.gbl>
<0AFDB9AE-9CA7-4284-B133-E467FAE96FC7@microsoft.com>
<ajcp36K0FHA.1468@TK2MSFTNGXA01.phx.gbl>
>Subject: RE: xp_cmdshell, Access Denied, Further Investigation Reveals
>Date: Fri, 14 Oct 2005 06:51:03 -0700
>Lines: 29
>Message-ID: <B4BD51FE-D699-4A3F-A8EF-E931F27E7B51@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.sqlserver.security
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.sqlserver.security:6275
>X-Tomcat-NG: microsoft.public.sqlserver.security
>
>I'll doubple check the sysadmin rights on that user. Also I can do a
local
>disk access from QA. Humm re the kerberos issuse I hope not.... That would
>kinda nullify that backwards complatblity ....
>
>
>"Peter Yang [MSFT]" wrote:
>
>> Hello Tdar,
>>
>> It seems a issue for Windows NT because it does not support Kerberos
>> authentication. SQL cannot delegate a Windows user to access a network
>> resource on Windows NT server. Please see if you could access a local
file
>> path such as c:\ or \\<local server>\.
>>
>> Also, you may want to use a domain user with sysadmin right on server to
>> start SQL service to work around this issue.
>>
>> Best Regards,
>>
>> Peter Yang
>> MCSE2000/2003, MCSA, MCDBA
>> Microsoft Online Partner Support
>>
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>>
>> This posting is provided "AS IS" with no warranties, and confers no
rights.
>>
>>
>
- Next message: Pleo: "How to change sql login username instead of create new one."
- Previous message: Dan Guzman: "Re: sa loginname being hacked"
- Maybe in reply to: Peter Yang [MSFT]: "RE: xp_cmdshell, Access Denied, Further Investigation Reveals"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
