Re: Granting xp_cmdshell permission to SQL Login

That's the point. I cannot grant access to a SQL Login. It works fine with a
Windows login, but I have a SQL Login.

xp_cmdshell needs an OS security context when it runs. That security context is the Windows xp_cmdshell proxy account when it's executed by a non-sysadmin user. The 1329 error isn't related to the SQL login executing xp_cmdshell but is rather the Windows error code returned because the xp_cmdshell proxy account doesn't have the needed Windows permissions

My guess is that the Windows login you mentioned is a sysadmin role member. Xp_cmdshell runs under the context of the SQL Server service account when executed by a sysadmin role member and that account probably has different permissions than the proxy account

I successfully ran a modified of your original script on my test system. My xp_cmdshell proxy account is a minimally privileged domain user account and .. I didn't grant CONTROL SERVER permission..


--
Hope this helps.

Dan Guzman
SQL Server MVP

"Mark Allison" <marka@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:61EA5CCA-4C65-410C-959B-7B67195F2DFD@xxxxxxxxxxxxxxxx
Hi Dan,

That's the point. I cannot grant access to a SQL Login. It works fine with a
Windows login, but I have a SQL Login.

From BOL:
sp_xp_cmdshell_proxy_account [ NULL | { 'account_name' , 'password' } ]

Arguments
NULL
Specifies that the proxy credential should be deleted.

account_name
Specifies a Windows login that will be the proxy.


Mark.

"Dan Guzman" wrote:

When I type "NET HELPMSG 1329" from the command prompt, I get message "Logon
failure: user not allowed to log on to this computer."

Make sure the proxy account (configured with sp_xp_cmdshell_proxy_account)
has permissions to login locally.

--
Hope this helps.

Dan Guzman
SQL Server MVP


.

Relevant Pages

  • Re: Single Sign on
    ... SQL Server does not store any password for windows ... However, the application need to do the login as a Windows login, as I mentioned this is an ... or a Windows login. ... > Tibor Karaszi, SQL Server MVP ...
    (microsoft.public.sqlserver.server)
  • Re: cannot deliver sp_repldropcolum schema change
    ... makes sense to me that if this login is not part of the sysadmin server role ... then the proxy account is required, which isn't configured on your system. ... working when you use a sysadmin - now use the original login, ...
    (microsoft.public.sqlserver.replication)
  • Re: Not associated with a trusted SQL server connection
    ... It sounds like you have it set for Windows Authentication ... If you want to use a SQL login, ...
    (microsoft.public.sqlserver.setup)
  • Re: Need help urgently - Replication ERROR 18456
    ... servers, but I tried to do what you suggested. ... (login failed for user mac). ... 'mac' is a SQL login as is 'war'. ...
    (microsoft.public.sqlserver.replication)
  • Re: Accessing same mail folders from 2 XP accounts
    ... > They each have their own Windows login, ... > I wondered if there is a way to allow each login to access the same ... then set up the second account to use the same registry settings as the ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)