Re: modify xp_cmdshell to easily allow access to it

Thats what I thought, although only the 5 or so IT people know how to use a
computer the rest are call centre operatives locked down by policy in Active
Directory so I was hoping the policys would act as damage limitation, still
it wasn't something I was comfortable with anyway.

What I am trying to achieve is the following:

Excel is the businesses idea of reporting and when call centre apps are
written they copy 8 pieces of information that is stored in the backend CMS
sql database and copy into a daily spread***. Because these are manually
entering they get it wrong, also its pointless as the information from the
app is stored in the backend CMS database, we are basically just repeating
information.

I have decided to create a windows service to monitor the timestamp on a
file, when the timestamp on a file changes the windows service queries the
SQL database using a stored procedure and writes the resultset to an xml
file. I then take this xml file and format accordingly in asp.net or html
(haven't decided yet).

If I create a COM component instead can I call this easily enough from a
stored procedure or will I again hit problems like the ones that I have
encountered. I can only add code to the stored procedure as the CMS software
was bought off the shelf and doesn't allow me to modify the program.

Any websites, kb articles or tutorials that anyone knows of that may help me
are very appreciated

thanks in advance

"Arnie Rowland" wrote:

It is usually a bad decision to give 120 users dbo rights and access to
xp_cmdshell -and will most often come back to bite you.

If you were to provide more information about what you are attempting to
accomplish with the creation this 'text file', perhaps someone here could
assist you in crafting a solution that doesn't have such significant
security issues.

--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc

Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous

You can't help someone get up a hill without getting a little closer to the
top yourself.
- H. Norman Schwarzkopf


"steven scaife" <stevenscaife@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:53A4D5F6-63A8-47F1-9237-6FC5CD179346@xxxxxxxxxxxxxxxx
Hi I am trying to create a text file from sql server this wil be the basis
for a service I have written that monitors for the change/creation of a
text
file.

I have set the proxy account in SQL server agent. I have realised that
xp_cmdshell only fires if the user account has access to the master
database
set in its properties and is set to dbo, even with the proxy account set.
I
assumed that the proxy account would fire if the user account was not in
the
sysadmin role and called the xsp but that seemed not to be the case.
However
we have approx 120 windows accounts that access the CMS database and I
dont
want to go through and set unnecessary privileges 1 for security reasons
and
2 it'll take too long.

So unless I'm missing something is there an easy way to set the access, in
a
script or something, or can I use active directory to create a role and
give
access to the role. Sorry but I don't know much about administering a
database I'm primarily a programmer.

thanks in advance



.