24 January,2017 by Tom Collins
Question: I have enabled SQL Server xp_cmdshell to initiate a copy command. The xp_cmdshell copy command will copy a file on the local server and copy to a network destination.
The xp_cmdshell command is initialted as a code block and managed through SQL Server agent.
I am executing the code and it is returning a Access is denied error . 0 file(s) copied.
I’ve run a few tests,
Soon as I reintroduce the code into the SQL Server context – I start getting the Access is denied error.
How can I fix the issue?
Answer: When executing xp_cmdshell and interacting with the filesystem , the security context used is the SQL Server Start Up account .
You’ll need to check the SQL Server service account has permissions on the source file and the destination path. To find the SQL Service Account read How to find the SQL Server Service Account (SQL Server DBA)
Even through you are executing the SQL Server Agent job – and you may logically think xp_cmdshell is utilising the SQL Server Agent job security – the xp_cmdshell , continues to interact with the SQL Server service account.
Read More
Xp_cmdshell – the most dangerous extended stored procedure
Speed up copying large files with ESEUTIL - for large file transfer ...
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |