Re: Changing SQL Server's Service Account

From: Reg Besseling (regbes.nospam_at_hotmail.com)
Date: 12/14/04

Next message: shop_at_pacifictabla.com: "Performance Issues With Query"
Previous message: krishnan: "Re: ODBC connection error"
In reply to: Jason Dean: "Changing SQL Server's Service Account"
Messages sorted by: [ date ] [ thread ]

Date: Tue, 14 Dec 2004 15:53:42 +0200

Jason

You can impersonate other users

Look up xp_cmdshell and xp_sqlagent_proxy_account in BOL

here is an extract to speed things up

When xp_cmdshell is invoked by a user who is a member of the sysadmin fixed
server role, xp_cmdshell will be executed under the security context in
which the SQL Server service is running. When the user is not a member of
the sysadmin group, xp_cmdshell will impersonate the SQL Server Agent proxy
account, which is specified using xp_sqlagent_proxy_account. If the proxy
account is not available, xp_cmdshell will fail. This is true only for
Microsoft® Windows NT® 4.0 and Windows 2000. On Windows 9.x, there is no
impersonation and xp_cmdshell is always executed under the security context
of the Windows 9.x user who started SQL Server.

Regards

Reg Besseling

"Jason Dean" <jdeanfsu@yahoo.com> wrote in message
news:kprvd.1927$uM7.540@fe06.lga...
> Hello,
>
> I recently built an ASP.NET app that uses a stored procedure with the
> xp_cmdshell to execute a few DOS commands on another servers hard drive.
> The server I need access to is another machine on my network.
>
> For simplicity's sake, here's an example:
>
> exec master..xp_cmdshell 'echo "hello" > \\machinename\directory'
>
> My problem is that for this to work properly, without "Access Denied"
> errors, I must change SQL Servers service account to one that has access
> to the share I want to write too. My question is, what repercussions will
> this have on all my other databases? Will there be any other adverse
> effects for other applications that are using the same Database server?
>
> Thanks for any help.
>
> -Jason
>

Next message: shop_at_pacifictabla.com: "Performance Issues With Query"
Previous message: krishnan: "Re: ODBC connection error"
In reply to: Jason Dean: "Changing SQL Server's Service Account"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Impersonation ASPNET SQL Server
... I think you need to impersonate those user accounts in asp.net ... !Subject: Re: Impersonation ASPNET SQL Server ... Authentication, and Secure Communication is just one ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: A severe error occurred on the current command when running stored
... Here is what I have found in a BOL for SQL Server. ... "When sp_help_job is invoked by a user who is a member of the sysadmin fixed ... Microsoft® Windows NT® 4.0 and Windows 2000. ... impersonation and sp_help_job is always executed under the security context ...
(microsoft.public.dotnet.framework.adonet)
Re: Cant edit logins or server roles
... BUILTIN\Administrators is in the sysadmin role, ... if I am part of the machine's windows ... > others have changed what SQL Server server role this group belongs to. ...
(microsoft.public.sqlserver.security)
Re: Connecting to SQLServer 2000 from ASP.NET
... Integrated windows authentication or Forms authentication) and it should ... with a developer's domain account. ... It should be OK to have the impersonate settings in machine.config ... meant to be a remedy in the development enviroment, whereby the SQL Server ...
(microsoft.public.dotnet.framework.aspnet)
Re:can a sysadmin change the win2000 domain admin password ?
... >windows and not by SQL Server. ... >to the account on the basis of Authentication(Mixed mode/ ... >>can a sysadmin change the win2000 domain administrator ...
(microsoft.public.sqlserver.security)