Re: xp_cmdshell issue, local system
From: Dan Guzman (guzmanda_at_nospam-online.sbcglobal.net)
Date: 11/23/05
- Next message: yodarules: "Re: xp_cmdshell issue, local system"
- Previous message: Sophie Guo [MSFT]: "RE: Access SQL Server from Stand-Alone PC with Windows Authentication"
- Next in thread: yodarules: "Re: xp_cmdshell issue, local system"
- Reply: yodarules: "Re: xp_cmdshell issue, local system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Nov 2005 09:00:48 -0600
> Msg 50001, Level 1, State 50001
> xp_cmdshell failed to execute because CreateProcessAsUserW returns error
> 1314. please make sure the service account SQL Server running under has
> appropriate privilege.
As the message indicates, this error may be because the SQL Server service
account doesn't have the rights necessary to change security context to the
proxy account. Specifically, 'act as part of operating system' and 'replace
a process level token' are needed. These rights are set automatically
during SQL Server installation and when the account is changed using
Enterprise Manager but not when you change the account directly from
Windows.
The easiest way to assign the rights is to use EM to change the SQL Server
account to local system and then back to the desired domain account.
-- Hope this helps. Dan Guzman SQL Server MVP "yodarules" <yodarules@discussions.microsoft.com> wrote in message news:8BD28577-F4B6-4F84-B116-F9930A32F8AC@microsoft.com... >I want to give access to a regular user to execute xp_cmdshell. To do so, >I > followed all KB articles and did the following > > EXEC master.dbo.xp_sqlagent_proxy_account N'SET', > N'Domain', -- agent_domain_name > N'name', -- agent_username domain > N'password' -- agent password > > -- Enable non-system administrators to run the job and to execute > xp_cmdshell. > EXECUTE msdb..sp_set_sqlagent_properties @sysadmin_only = 0 > > grant execute on xp_cmdshell to name -- Enter the user name again without > quotes > > If I log in as this user 'name' and execute master..xp_cmdshell 'dir'. > Its > fine. My problem is, the system that I want this to work in is not part > of a > domain. Its a stand alone SQL Server box. So I set these > EXEC master.dbo.xp_sqlagent_proxy_account N'SET', > N'computer-name', -- agent_domain_name > N'localuser', -- agent_username domain > N'password' -- agent password > > > When I set as local user and computer name I get no errors. But when I > execute xp_cmdshell I doesn't work. The localuser is part of > administrators > group as well. The error that I get is > > Msg 50001, Level 1, State 50001 > xp_cmdshell failed to execute because CreateProcessAsUserW returns error > 1314. please make sure the service account SQL Server running under has > appropriate privilege. For more information, search Book Online for topic > related to xp_sqlagent_proxy_accoun > > Has anyone seen this before and any ideas to resolve it. Thanks.
- Next message: yodarules: "Re: xp_cmdshell issue, local system"
- Previous message: Sophie Guo [MSFT]: "RE: Access SQL Server from Stand-Alone PC with Windows Authentication"
- Next in thread: yodarules: "Re: xp_cmdshell issue, local system"
- Reply: yodarules: "Re: xp_cmdshell issue, local system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
