question

Fatherjack avatar image
Fatherjack asked

Running xp_cmdshell as Administrator

Does anyone know if it is possible to invoke xp_cmdshell as Administrator? I am working on trying to start the SQLSERVERAGENT service from TSQL but it fails with 'access denied' - from TSQL and from cmd. The only way I can get it to succeed is to run cmd as Administrator and then `SC START SQLSERVERAGENT` works. I dont want to alter UAC to get around this problem.
sql-server-2008xp_cmdshellsql-server-agent
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Kev Riley avatar image
Kev Riley answered
Not near a SQL instance to test, but I'm thinking you'd use sp_xp_cmdshell_proxy_account to set-up a proxy account with admin permissions, however this only comes into force when you try and run xp_cmdshell as a non-sysadmin, so you'd then have to execute as a lower permission login, which in turn would use the proxy. The danger here is that all non-sysadmin logins would have the same access whilst this was in place, so you'd have to tidy up once the command was run. Seems messy :/
1 comment
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Running the xp_cmdshell as a SQL Server Admin is not my issue, the actual `SC START SQLSERVERAGENT` command has to run in a cmd.exe as Windows Administrator. RUNAS doesn't accept a password in a pipeline or as a parameter.
0 Likes 0 ·
Tim avatar image
Tim answered
Seems UAC is going to be the sticking point and if it isn't taking the RUNAS command I don't see how it will work otherwise. Is CMD.EXE a must, can you not invoke PoSH to start the service?
4 comments
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Wont PoSh have the same restrictions on security? ie if the service account for MSSQLSERVER isnt an administrator then the PoSh would fail to. No?
1 Like 1 ·
Powershell was going to be my next suggestion....
0 Likes 0 ·
Forgot to add, willing to try PoSh/WMI/Incantations/Sacrifices to get this working ...
0 Likes 0 ·
Use an agent job to run the PoSh step as another user HAHAHA! Sorry not helping!
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.