4

I'm executing the following command to stop a service on a remote server from within a stored procedure in SQL Server.

----------------
-- Stop Service
----------------
SET @Command = 'sc \\' + @Server + ' stop ' + @ServiceName;
EXEC master.dbo.xp_cmdshell @Command;

Depending on the service sometimes this executes successfully but other times I receive the following error:

[SC] OpenService FAILED 5:
NULL
Access is denied.
NULL
NULL

Im curious what user executes the command. Is it the user I login/connect with to the database? Or is it the user Im logged onto the physical server with? Can I pass in different authentication with the xp_cmdshell?

ProfessionalAmateur
  • 515
  • 2
  • 8
  • 18

1 Answers1

7

From xp_cmdshell (Transact-SQL) in the product documentation:

The Windows process spawned by xp_cmdshell has the same security rights as the SQL Server service account.

When it is called by a user that is not a member of the sysadmin fixed server role, xp_cmdshell connects to Windows by using the account name and password stored in the credential named ##xp_cmdshell_proxy_account##. If this proxy credential does not exist, xp_cmdshell will fail.

See the full entry for the steps you need to take to set up the xp_cmdshell proxy account.

Community
  • 1
tpet
  • 1,214
  • 10
  • 15