x

Running xp_cmdshell as Administrator

Does anyone know if it is possible to invoke xp_cmdshell as Administrator? I am working on trying to start the SQLSERVERAGENT service from TSQL but it fails with 'access denied' - from TSQL and from cmd.

The only way I can get it to succeed is to run cmd as Administrator and then SC START SQLSERVERAGENT works.

I dont want to alter UAC to get around this problem.

more ▼

asked Sep 02, 2013 at 01:41 PM in Default

avatar image

Fatherjack ♦♦
43.8k 79 101 118

(comments are locked)
10|1200 characters needed characters left

2 answers: sort voted first

Seems UAC is going to be the sticking point and if it isn't taking the RUNAS command I don't see how it will work otherwise. Is CMD.EXE a must, can you not invoke PoSH to start the service?

more ▼

answered Sep 02, 2013 at 02:24 PM

avatar image

Tim
40.9k 39 94 168

Powershell was going to be my next suggestion....

Sep 02, 2013 at 02:36 PM Kev Riley ♦♦

Wont PoSh have the same restrictions on security? ie if the service account for MSSQLSERVER isnt an administrator then the PoSh would fail to. No?

Sep 02, 2013 at 02:38 PM Fatherjack ♦♦

Forgot to add, willing to try PoSh/WMI/Incantations/Sacrifices to get this working ...

Sep 02, 2013 at 02:39 PM Fatherjack ♦♦

Use an agent job to run the PoSh step as another user HAHAHA! Sorry not helping!

Sep 02, 2013 at 02:41 PM Kev Riley ♦♦
(comments are locked)
10|1200 characters needed characters left

Not near a SQL instance to test, but I'm thinking you'd use sp_xp_cmdshell_proxy_account to set-up a proxy account with admin permissions, however this only comes into force when you try and run xp_cmdshell as a non-sysadmin, so you'd then have to execute as a lower permission login, which in turn would use the proxy. The danger here is that all non-sysadmin logins would have the same access whilst this was in place, so you'd have to tidy up once the command was run.

Seems messy :/

more ▼

answered Sep 02, 2013 at 02:08 PM

avatar image

Kev Riley ♦♦
66.8k 48 65 81

Running the xp_cmdshell as a SQL Server Admin is not my issue, the actual SC START SQLSERVERAGENT command has to run in a cmd.exe as Windows Administrator. RUNAS doesn't accept a password in a pipeline or as a parameter.

Sep 02, 2013 at 02:11 PM Fatherjack ♦♦
(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.

Topics:

x2207
x27
x18

asked: Sep 02, 2013 at 01:41 PM

Seen: 2667 times

Last Updated: Sep 03, 2013 at 12:56 PM

Copyright 2018 Redgate Software. Privacy Policy