RE: xp_cmdshell, Access Denied, Further Investigation Reveals
From: Peter Yang [MSFT] (petery_at_online.microsoft.com)
Date: Mon, 17 Oct 2005 05:02:05 GMT
Since there is no issue for local disk access, it does seem to be a
delegation issue related to kerberos. You may want to install SQL on a
Win2000/2003 server, move the database to the server, and then test the
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
This posting is provided "AS IS" with no warranties, and confers no rights.
>Thread-Topic: xp_cmdshell, Access Denied, Further Investigation Reveals
>From: "=?Utf-8?B?VGRhclRkYXI=?=" <Tdar@noemail.nospam>
>Subject: RE: xp_cmdshell, Access Denied, Further Investigation Reveals
>Date: Fri, 14 Oct 2005 06:51:03 -0700
>X-Newsreader: Microsoft CDO for Windows 2000
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.sqlserver.security:6275
>I'll doubple check the sysadmin rights on that user. Also I can do a
>disk access from QA. Humm re the kerberos issuse I hope not.... That would
>kinda nullify that backwards complatblity ....
>"Peter Yang [MSFT]" wrote:
>> Hello Tdar,
>> It seems a issue for Windows NT because it does not support Kerberos
>> authentication. SQL cannot delegate a Windows user to access a network
>> resource on Windows NT server. Please see if you could access a local
>> path such as c:\ or \\<local server>\.
>> Also, you may want to use a domain user with sysadmin right on server to
>> start SQL service to work around this issue.
>> Best Regards,
>> Peter Yang
>> MCSE2000/2003, MCSA, MCDBA
>> Microsoft Online Partner Support
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>> This posting is provided "AS IS" with no warranties, and confers no