MORE INFORMATION

When you click the Reset Proxy Account button, the SQLAgentCmdExec account is dropped and re-created as part of the users group with the following rights:

• Log on locally.
  

• Shut down the system.
  

• Logon as a batch job.

You can use Reset Proxy Account to reset the rights for the SQLAgentCmdExec account to the default values.

Similarly, the Reset Proxy Password button resets the password for the SQLAgentCmdExec account.

NOTES:

• The SQLAgentCmdExec account may not be created if you click Reset Proxy Account when you are logged in as a user who does not have sufficient privileges to create an account.
  
  
• The password is randomly generated when the account is created. The password may generate an error message if the computer has strict password policies and the new password does not meet the password policy. If you then change the password by using the User Manager, SQL Server assumes that this account has been tampered with and displays this error message:

  SQLAgentCmdExec account does not exist or the password is wrong.

• When the SQLAgentCmdExec account is deleted by pressing Reset Proxy, the user rights screen may show an entry as Account Deleted for each of the rights that have been granted to that account. This behavior is by default. This behavior does not affect any functionality.
  
  
• SQL Server 2000 does not use the SQLAgentCmdExec account. SQL Server uses a domain account for non-sysadmin jobs. The SQLAgentCmdExec account is no longer created in SQL Server 2000. When you click Reset Proxy Account in SQL Server 2000, a screen opens in which you can edit the Domain Account.

SQLAgentCmdExec account usage with xp_cmdshell

There are situations where you may add additional rights to the SQLAgentCmdExec account. One common situation in which you may want to add additional rights follows.

MSSQLServer and SQLServerAgent Services

• Act as part of the Operating System.
• Increase Quotas.
• Replace a process level token.
• Log on as a batch job.

SQLAgentCmdExec Account

• Log on as a batch job.

NOTE: You must restart the entire server, not just the SQL Services, in order for any changes made to user rights permissions to take effect.

SQLAgentCmdExec on a cluster

For information about setting up SQLAgentCmdExec in a clustered environment, refer to the following article in the Microsoft Knowledge Base:

How to assign user rights to an account in Microsoft Windows NT 4.0 and in Microsoft Windows 2000

To assign user rights to an account in Windows NT 4.0, use these steps:

1. On the Taskbar, click Start, point to Programs, point to Administrative Tools (Common), and then click User Manager for Domains.
2. In the User Manager dialog box, from the Policies menu, click User Rights. This opens the User Rights Policy dialog box.
3. In the Right drop-down combo box, select the right that you want to assign. If you want to add an advanced user right, select the Show Advanced User Rights check box. Click Add. The Add Users and Groups dialog box opens.
4. The Add Users and Groups dialog box displays the user accounts. Select the user account to which you want to assign the right, and then click Add. Click OK to exit the dialog box.

To assign user rights to an account in Windows 2000, use these steps:

1. On the Taskbar, click Start, point to Settings, and then click Control Panel.
2. In the Control Panel dialog box, double-click Administrative Tools.
3. Double-click Local Security Policy, which opens the Local Security Settings dialog box.
4. Expand Local Policies, and then click User Rights Assignment.
5. In the details pane, under Policy, double-click the right that you want to assign.
6. In the dialog box that opens, click Add to select and add the user.

REFERENCES

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base: