In one of our recent migrations, we got the following error when the client tried to fire xp_cmdshell system stored procedure through some client code.

Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1
The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the ‘##SQL Server xp_cmdshell_proxy_account##’ credential exists and contains valid information.

So from Books online, this is what we got:

When xp_cmdshell is called by a user that is not a member of the sysadmin fixed server role, xp_cmdshell connects to Windows by using the account name and password stored in the credential named ##xp_cmdshell_proxy_account##. If this proxy credential does not exist, xp_cmdshell will fail.

The proxy account credential can be created by executing sp_xp_cmdshell_proxy_account. As arguments, this stored procedure takes a Windows user name and password. For example, the following command creates a proxy credential for Windows domain user SHIPPING\KobeR that has the Windows password sdfh%dkc93vcMt0.

So this is what we did:

 
1
2
3
4
EXEC sp_xp_cmdshell_proxy_account 'HOCBASE\admin', 'account_password';
GO
EXEC sp_xp_cmdshell_proxy_account 'HOCBASE\admin', 'account_password';
GO

And things worked fine. A few more things:

How do you drop the proxy credential?

 
1
2
EXEC sp_xp_cmdshell_proxy_account NULL;
GO

How can you find all the users (except sysadmins) who can execute or have access to xp_cmdshell?

 
1
2
Use master
EXEC sp_helprotect 'xp_cmdshell'

And who are all the sysadmins on the box?

 
1
2
Use master
EXEC sp_helpsrvrolemember 'sysadmin'

The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.的更多相关文章

  1. Proxy account failing to run SSIS Error (Proxy (11) is not allowed for subsystem "SSIS" and user "AB\testuser ".

    USE [msdb]EXEC msdb.dbo.sp_grant_login_to_proxy @proxy_name=N'SSISProxyAgentV1', @login_name=N'WTC\E ...

  2. Next Instruction Access Intent Instruction

    Executing a Next Instruction Access Intent instruction by a computer. The processor obtains an acces ...

  3. Configure the MySQL account associate to the domain user via MySQL Windows Authentication Plugin

    在此记录如何将之前一次做第三发软件在配置的过程. 将AD user通过代理映射到mysql 用户. 在Mysql官网有这样一段话: The server-side Windows authentica ...

  4. SQL SERVER-开启xp_cmdshell

    在sql server中执行cmd命令,报以下异常. EXEC master.sys.xp_cmdshell 'dir c:/' Msg 15281, Level 16, State 1, Proce ...

  5. Risk Adaptive Information Flow Based Access Control

    Systems and methods are provided to manage risk associated with access to information within a given ...

  6. SSRS2:Reporting Service 配置Service Account

    1,Service Account SSRS以一个Service方式实现,有三部分组成:Web Service,Report Manager和一个后台的进程,这个Service运行的账号就是Servi ...

  7. Debugging Information in Separate Files

    [Debugging Information in Separate Files] gdb allows you to put a program's debugging information in ...

  8. 2014 牡丹江现场赛 i题 (zoj 3827 Information Entropy)

    I - Information Entropy Time Limit:2000MS     Memory Limit:65536KB     64bit IO Format:%lld & %l ...

  9. Nine Great Books about Information Visualization

    Nine Great Books about Information Visualization Maybe it’s anachronistic to celebrate static, print ...

随机推荐

  1. java监听器简述

    监听器的概念 所谓监听器就是对内置对象的状态或者属性变化进行监听并且做出反应的特殊servlet,并且也需要在web.xml文件中进行相关配置. 内置对象的状态变化:初始化和销毁,也就是说当内置对象初 ...

  2. android 请求接口报错 org.apache.http.conn.HttpHostConnectException: Connection to http://192.168.1.90:9090 refused

    No Network Security Config specified, using platform defaultI/System.out: org.apache.http.conn.HttpH ...

  3. Appium的入门使用

    ps:有没有人和我一样觉得Appium官方文档写的很烂的, 这官方文档,还不如很多人写的博客详细,而且对于初学的入门者实在是不够友好, 官网:https://github.com/appium/jav ...

  4. SQL Server的Descending Indexes

    SQL Server的Descending Indexes 测试环境:SQL Server 2012 表结构如下 USE [test] GO CREATE TABLE [dbo].[tt8]( ,) ...

  5. 为什么在STM32F429工程配置中需要预先定义USE_STDPERIPH_DRIVER和STM32F429_439xx?

    如图: 1.查找USE_STDPERIPH_DRIVER,发现这个宏出现在stm32f4xx.h头文件中,并且有如下代码: 也就是说,通过已经定义了USE_STDPERIPH_DRIVER宏加载stm ...

  6. SpringBoot2.0之五 优雅整合SpringBoot2.0+MyBatis+druid+PageHelper

    上篇文章我们介绍了SpringBoot和MyBatis的整合,可以说非常简单快捷的就搭建了一个web项目,但是在一个真正的企业级项目中,可能我们还需要更多的更加完善的框架才能开始真正的开发,比如连接池 ...

  7. ReactiveSwift源码解析(四) Signal中的静态属性静态方法以及面向协议扩展

    上篇博客我们聊了Signal的几种状态.Signal与Observer的关联方式以及Signal是如何向关联的Observer发送事件的.本篇博客继续上篇博客的内容,来聊一下Signal类中静态的ne ...

  8. GitHub开源:升讯威 SQLite 增强组件 Sheng.SQLite.Plus

    Github:https://github.com/iccb1013/Sheng.SQLite.Plus Sheng.SQLite.Plus 是一个对直接使用 ADO.NET 方式操作 SQLite ...

  9. Kafka 消费者相关配置

    消费者相关配置类为  org.apache.kafka.clients.consumer.ConsumerConfig 具有以下配置参数 1. GROUP_ID_CONFIG = "grou ...

  10. Scrapy-redis<数据库篇>

    scrapy-redis爬虫数据库连接部分——windows准备做salve,Linux准备做master开展工作 首先处理简单的windows熟悉的环境——安装Redis服务和Redis可视化~可视 ...