Microsoft KB Archive/253107: Difference between revisions
(importing KB archive) |
m (Text replacement - """ to """) |
||
Line 12: | Line 12: | ||
<div id="TitleRow"> | <div id="TitleRow"> | ||
= <span id="KB253107"></span>BUG: SQL Server Properties, Security Tab Missing the | = <span id="KB253107"></span>BUG: SQL Server Properties, Security Tab Missing the "Nonadministrators use SQLAgentCmdExec account when executing commands via xp_cmdshell" Option = | ||
Line 49: | Line 49: | ||
== SYMPTOMS == | == SYMPTOMS == | ||
The SQL Server properties, '''Security''' tab is missing the | The SQL Server properties, '''Security''' tab is missing the "Nonadministrators use SQLAgentCmdExec account when executing commands via xp_cmdshell" option. The '''Help''' tab states that this option should be available, but it is not. If you want Nonadministrators to use the '''xp_cmdshell''' option, refer to the "Workaround" section. | ||
</div> | </div> | ||
Line 56: | Line 56: | ||
== WORKAROUND == | == WORKAROUND == | ||
Check the SQL Server 7.0 Books Online (BOL) topic, | Check the SQL Server 7.0 Books Online (BOL) topic, "Creating SQL Server Services User Accounts". BOL states that in order to run '''xp_cmdshell''' for a user other than a SQL Server administrator, the MSSQLServer service account should have "Act as part of operating system" and "replace process level token" permissions.<br /> | ||
<br /> | <br /> | ||
Following is an example of setting up nonadministrators to use '''xp_cmdshell''': | Following is an example of setting up nonadministrators to use '''xp_cmdshell''': |
Latest revision as of 13:54, 21 July 2020
Article ID: 253107
Article Last Modified on 10/16/2002
APPLIES TO
- Microsoft SQL Server 7.0 Standard Edition
This article was previously published under Q253107
BUG #: 57357 (SQLBUG_70)
SYMPTOMS
The SQL Server properties, Security tab is missing the "Nonadministrators use SQLAgentCmdExec account when executing commands via xp_cmdshell" option. The Help tab states that this option should be available, but it is not. If you want Nonadministrators to use the xp_cmdshell option, refer to the "Workaround" section.
WORKAROUND
Check the SQL Server 7.0 Books Online (BOL) topic, "Creating SQL Server Services User Accounts". BOL states that in order to run xp_cmdshell for a user other than a SQL Server administrator, the MSSQLServer service account should have "Act as part of operating system" and "replace process level token" permissions.
Following is an example of setting up nonadministrators to use xp_cmdshell:
- Give login database access to the master database.
- Give login permission to access xp_cmdshell:
- Highlight the extended stored procedure and locate xp_cmdshell.
- Double-click xp_cmdshell.
- Select Permissions and grant permission to login.
- Make sure that the MSSQLServer account is running with the following user rights permissions:
- Act as part of the operating system.
- Increase quotas.
- Replace a process level token.
- Make sure that the SQLServerAgent account is running with the user rights permission:
- Log on as a batch job.
NOTE: You must stop and start the server for the user rights permissions to take effect.
STATUS
Microsoft has confirmed this to be a problem in SQL Server 7.0.
Keywords: kbbug kbpending KB253107