In one of our recent migrations, we got the following error when the client tried to fire xp_cmdshell system stored procedure through some client code.

Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1
The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the ‘##SQL Server xp_cmdshell_proxy_account##’ credential exists and contains valid information.

So from Books online, this is what we got:

When xp_cmdshell is called by a user that is not a member of the sysadmin fixed server role, xp_cmdshell connects to Windows by using the account name and password stored in the credential named ##xp_cmdshell_proxy_account##. If this proxy credential does not exist, xp_cmdshell will fail.

The proxy account credential can be created by executing sp_xp_cmdshell_proxy_account. As arguments, this stored procedure takes a Windows user name and password. For example, the following command creates a proxy credential for Windows domain user SHIPPING\KobeR that has the Windows password sdfh%dkc93vcMt0.

So this is what we did:

 
1
2
3
4
EXEC sp_xp_cmdshell_proxy_account 'HOCBASE\admin', 'account_password';
GO
EXEC sp_xp_cmdshell_proxy_account 'HOCBASE\admin', 'account_password';
GO

And things worked fine. A few more things:

How do you drop the proxy credential?

 
1
2
EXEC sp_xp_cmdshell_proxy_account NULL;
GO

How can you find all the users (except sysadmins) who can execute or have access to xp_cmdshell?

 
1
2
Use master
EXEC sp_helprotect 'xp_cmdshell'

And who are all the sysadmins on the box?

 
1
2
Use master
EXEC sp_helpsrvrolemember 'sysadmin'

The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.的更多相关文章

  1. Proxy account failing to run SSIS Error (Proxy (11) is not allowed for subsystem "SSIS" and user "AB\testuser ".

    USE [msdb]EXEC msdb.dbo.sp_grant_login_to_proxy @proxy_name=N'SSISProxyAgentV1', @login_name=N'WTC\E ...

  2. Next Instruction Access Intent Instruction

    Executing a Next Instruction Access Intent instruction by a computer. The processor obtains an acces ...

  3. Configure the MySQL account associate to the domain user via MySQL Windows Authentication Plugin

    在此记录如何将之前一次做第三发软件在配置的过程. 将AD user通过代理映射到mysql 用户. 在Mysql官网有这样一段话: The server-side Windows authentica ...

  4. SQL SERVER-开启xp_cmdshell

    在sql server中执行cmd命令,报以下异常. EXEC master.sys.xp_cmdshell 'dir c:/' Msg 15281, Level 16, State 1, Proce ...

  5. Risk Adaptive Information Flow Based Access Control

    Systems and methods are provided to manage risk associated with access to information within a given ...

  6. SSRS2:Reporting Service 配置Service Account

    1,Service Account SSRS以一个Service方式实现,有三部分组成:Web Service,Report Manager和一个后台的进程,这个Service运行的账号就是Servi ...

  7. Debugging Information in Separate Files

    [Debugging Information in Separate Files] gdb allows you to put a program's debugging information in ...

  8. 2014 牡丹江现场赛 i题 (zoj 3827 Information Entropy)

    I - Information Entropy Time Limit:2000MS     Memory Limit:65536KB     64bit IO Format:%lld & %l ...

  9. Nine Great Books about Information Visualization

    Nine Great Books about Information Visualization Maybe it’s anachronistic to celebrate static, print ...

随机推荐

  1. 微服务容错限流Hystrix入门

    为什么需要容错限流 复杂分布式系统通常有很多依赖,如果一个应用不能对来自依赖 故障进行隔离,那么应用本身就处在被拖垮的风险中.在一个高流量的网站中,某个单一后端一旦发生延迟,将会在数秒内导致 所有应用 ...

  2. nginx漏洞分析与升级修复

    一 .此次漏洞分析 1 nginx HTTP/2漏洞 [nginx-announce] nginx安全公告(CVE-2018-16843,CVE-2018-16844)在nginx HTTP / 2实 ...

  3. Genymotion Android模拟器Genymotion的安装和使用

    Android模拟器Genymotion的安装和使用 by:授客 QQ:1033553122 环境: Win7 Genymotion 2.12.0 下载地址:http://download.canad ...

  4. 阿里云或本地部署服务器(一)---nginx本地和服务器代理

    具体步骤: 1.nginx下载 2.在G:\nginx-1.15.8\conf/nginx.conf改三处路径:nginx.conf 文件中配置的路径和端口要映射到vue项目工程 a.改 映射端口: ...

  5. NSTimer循环引用的几种解决方案

    前言 在iOS中,NSTimer的使用是非常频繁的,但是NSTimer在使用中需要注意,避免循环引用的问题.之前经常这样写: - (void)setupTimer { self.timer = [NS ...

  6. MySQL 多表查询 学习与练习

    一.介绍 首先先准备表 员工表和部门表 #建表 create table department( id int, name varchar(20) ); create table employee1( ...

  7. IIS系统短文件名漏洞猜解过程

    今天看教程的时候,老师关于后台管理说到了短文件名漏洞,我就随便找了个网站猜解,可能是运气太好了,有了这次实践的过程,因为这个漏洞是13年的时候比较火,现在差不多都修复了,抓到一条漏网之鱼, 短文件名漏 ...

  8. debian The type initializer for 'System.Drawing.KnownColors' threw an exception

     Change the "System.Drawing" reference of "CoreCompat.System.Drawing"if you thro ...

  9. Bootstrap 前端框架 遇到的问题 解决方案

    bootstrap实现导航栏的响应式布局,当在小屏幕.手机屏幕浏览时自动折叠隐藏 直接放代码,更容易理解.下次可以套这个代码 <!DOCTYPE html> <html> &l ...

  10. Python:os 模块常用方法简介

    返回当前工作目录 os.getcwd() 返回 path 的绝对路径 os.path.abspath(path) os.path.abspath('.') 相当于 os.getcwd() 分割目录和文 ...