Re: xp_cmdshell failed to execute because current security context

The permissions needed are outlined in the KB that Uri posted. When you install SQL Server, you get a bunch of groups, one for each service for that instance. The permissions needed are assigned to this group. So you need to make sure that your service account is a member of this group. Note that in this case we are talking about the SQL Server service.

--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi


"db" <db@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:DCC22CD2-93A8-439F-94B7-A7C9BBDA76B7@xxxxxxxxxxxxxxxx

Hi

I followed all the blogs and looks like I resolved first error. Now i am
getting:

INFO: databasename: xp_cmdshell failed to execute because
CreateProcessAsUserW returns error 1314. please make sure the service account
SQL Server running under has appropriate privilege.

SQL server runs under a domain account. The error occurs because the SQL
Server service account does not have all the relevant permissions not the sql
server agent or proxy account. Please let me know
what rights and priviledges should i give to sql server service account.

Thanks a lot for all the help.
--
ontario, canada


"Uri Dimant" wrote:

db
http://support.microsoft.com/kb/248391
http://sqlblog.com/blogs/tibor_karaszi/archive/2007/08/23/xp-cmdshell-and-permissions.aspx






"db" <db@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E9019C81-FE57-4A2C-8B1E-0BF8F020399A@xxxxxxxxxxxxxxxx
> Hi Tibor/Tom
>
> I created proxy account but I am getting this error message:
>
> xp_cmdshell failed to execute because CreateProcessAsUserW > returns error
> 1314. please make sure the service account SQL Server running > under has
> appropriate privilege. For more information, search Book Online > for topic
> related to xp_sqlagent_proxy_accoun
>
> Thanks for all your helpful hints
>
> -- > ontario, canada
>
>
> "db" wrote:
>
>> How to check if user has the permission to execute xp_cmdshell >> and if
>> user
>> does not have permission, how to grant permission.
>>
>> -- >> ontario, canada
>>
>>
>> "Tom Moreau" wrote:
>>
>> > When you run xp_cmdshell yourself, are you a system admin? >> > Has the
>> > user
>> > been granted permission to execute xp_cmdshell?
>> >
>> > -- >> > Tom
>> >
>> > ----------------------------------------------------
>> > Thomas A. Moreau, BSc, PhD, MCSE, MCDBA, MCITP, MCTS
>> > SQL Server MVP
>> > Toronto, ON Canada
>> > https://mvp.support.microsoft.com/profile/Tom.Moreau
>> >
>> >
>> > "db" <db@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> > news:0221B5E0-9A04-4FDC-94FD-076BCA9FB626@xxxxxxxxxxxxxxxx
>> > No. Yes it works as master.dbo.xp_cmdshell. But still in the
>> > application I
>> > have that error message. I do not have access to application >> > code but
>> > in the
>> > logs I still have the same error message. What could be the >> > issue?
>> > -- >> > ontario, canada
>> >
>> >
>> > "Tom Moreau" wrote:
>> >
>> > > Did you run it as master.dbo.xp_cmdshell?
>> > >
>> > > -- >> > > Tom
>> > >
>> > > ----------------------------------------------------
>> > > Thomas A. Moreau, BSc, PhD, MCSE, MCDBA, MCITP, MCTS
>> > > SQL Server MVP
>> > > Toronto, ON Canada
>> > > https://mvp.support.microsoft.com/profile/Tom.Moreau
>> > >
>> > >
>> > > "db" <db@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> > > news:EAB61CBA-6830-4589-8FAC-2F8C852E93CF@xxxxxxxxxxxxxxxx
>> > > Thanks Tom. I have checked that article.
>> > > When I run " xp_cmdshell 'dir *.exe'" useing master database >> > > I get
>> > > the
>> > > directory listing. When I run it against the production >> > > database I
>> > > get:
>> > > ==============================
>> > > Server: Msg 2812, Level 16, State 62, Line 1
>> > > Could not find stored procedure 'xp_cmdshell'.
>> > > =============================
>> > > -- >> > > ontario, canada
>> > >
>> > >
>> > > "db" wrote:
>> > >
>> > > > Microsoft SQL server standard edition
>> > > > Microsoft windows NT 5.2 (3790)
>> > > > Platform: NT INTEL X86
>> > > > Version: 8.00.2039
>> > > > SQL server 2000 SP4
>> > > >
>> > > > Application error log has following message:
>> > > > xp_cmdshell failed to execute because current security >> > > > context is
>> > > > not
>> > > > sysadmin and proxy acount is not setup correctly. For more
>> > > > information,
>> > > > refer
>> > > > to Book Online, search for topic related to
>> > > > xp_sqlagent_proxy_account.
>> > > > com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError(Unknown
>> > > > Source)
>> > > > com.microsoft.sqlserver.jdbc.SQLServerStatement.getNextResult(Unknown
>> > > > Source)
>> > > > com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.doExecutePreparedStatement(Unknown
>> > > > Source)
>> > > > com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement$PrepStmtExecCmd.doExecute(Unknown
>> > > > Source)
>> > > > com.microsoft.sqlserver.jdbc.TDSCommand.execute(Unknown >> > > > Source)
>> > > > com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(Unknown
>> > > > Source)
>> > > > com.microsoft.sqlserver.jdbc.SQLServerStatement.executeCommand(Unknown
>> > > > Source)
>> > > > com.microsoft.sqlserver.jdbc.SQLServerStatement.executeStatement(Unknown
>> > > > Source)
>> > > > com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.executeUpdate(Unknown
>> > > > Source)
>> > > >
>> > > >
>> > > > -- >> > > > dbdba
>> > > > ontario, canada
>> > >
>> > >
>> >
>> >




.

Relevant Pages

  • Re: xp_cmdshell failed to execute because current security context
    ... INFO: databasename: xp_cmdshell failed to execute because ... SQL Server running under has appropriate privilege. ... Server service account does not have all the relevant permissions not the sql ... ontario, canada ...
    (microsoft.public.sqlserver.server)
  • Re: Error 22039 trying to add SQL 2K to AD
    ... "permissions that matter but rather the permissions of the SQL Server ... What do I lose by not having SQL server registered with AD? ... > of the SQL Server service account. ...
    (microsoft.public.sqlserver.setup)
  • Re: xp_cmdshell right for non sysadmin
    ... You can get the error when the SQL Server service account ... does not have the necessary permissions to change security ...
    (microsoft.public.sqlserver.server)
  • ADP, Application Role, and objects
    ... The above link is to an atricle on how to implement SQL Server Application ... After you connect with your ADP, fire a bit of code to set the ... third party tools to view the data on the same database. ... Scenario 1 - If I explicitly grant permissions on that object to the user ...
    (microsoft.public.access.adp.sqlserver)
  • Re: field level security question
    ... Vyas, MVP ... listBox control that gets data from a query of the sql server table. ... > recent change in requirement) I see the option to limit permissions right ... > utility opens except their is just no data. ...
    (microsoft.public.sqlserver.security)
Loading