Re: modify xp_cmdshell to easily allow access to it

Steven,

Maybe this will help.

DTS - How to enable non-admins to run xp_cmdshell
http://www.support.microsoft.com/?id=890775


--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc

Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous

You can't help someone get up a hill without getting a little closer to the
top yourself.
- H. Norman Schwarzkopf


"steven scaife" <stevenscaife@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:697E7D41-5C63-442A-ACBD-DBF801577D5F@xxxxxxxxxxxxxxxx
Thats what I thought, although only the 5 or so IT people know how to use
a
computer the rest are call centre operatives locked down by policy in
Active
Directory so I was hoping the policys would act as damage limitation,
still
it wasn't something I was comfortable with anyway.

What I am trying to achieve is the following:

Excel is the businesses idea of reporting and when call centre apps are
written they copy 8 pieces of information that is stored in the backend
CMS
sql database and copy into a daily spread***. Because these are
manually
entering they get it wrong, also its pointless as the information from the
app is stored in the backend CMS database, we are basically just repeating
information.

I have decided to create a windows service to monitor the timestamp on a
file, when the timestamp on a file changes the windows service queries the
SQL database using a stored procedure and writes the resultset to an xml
file. I then take this xml file and format accordingly in asp.net or html
(haven't decided yet).

If I create a COM component instead can I call this easily enough from a
stored procedure or will I again hit problems like the ones that I have
encountered. I can only add code to the stored procedure as the CMS
software
was bought off the shelf and doesn't allow me to modify the program.

Any websites, kb articles or tutorials that anyone knows of that may help
me
are very appreciated

thanks in advance

"Arnie Rowland" wrote:

It is usually a bad decision to give 120 users dbo rights and access to
xp_cmdshell -and will most often come back to bite you.

If you were to provide more information about what you are attempting to
accomplish with the creation this 'text file', perhaps someone here could
assist you in crafting a solution that doesn't have such significant
security issues.

--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc

Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous

You can't help someone get up a hill without getting a little closer to
the
top yourself.
- H. Norman Schwarzkopf


"steven scaife" <stevenscaife@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:53A4D5F6-63A8-47F1-9237-6FC5CD179346@xxxxxxxxxxxxxxxx
Hi I am trying to create a text file from sql server this wil be the
basis
for a service I have written that monitors for the change/creation of a
text
file.

I have set the proxy account in SQL server agent. I have realised that
xp_cmdshell only fires if the user account has access to the master
database
set in its properties and is set to dbo, even with the proxy account
set.
I
assumed that the proxy account would fire if the user account was not
in
the
sysadmin role and called the xsp but that seemed not to be the case.
However
we have approx 120 windows accounts that access the CMS database and I
dont
want to go through and set unnecessary privileges 1 for security
reasons
and
2 it'll take too long.

So unless I'm missing something is there an easy way to set the access,
in
a
script or something, or can I use active directory to create a role and
give
access to the role. Sorry but I don't know much about administering a
database I'm primarily a programmer.

thanks in advance





.