In one of our recent migrations, we got the following error when the client tried to fire xp_cmdshell system stored procedure through some client code.

Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1
The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the ‘##SQL Server xp_cmdshell_proxy_account##’ credential exists and contains valid information.

So from Books online, this is what we got:

When xp_cmdshell is called by a user that is not a member of the sysadmin fixed server role, xp_cmdshell connects to Windows by using the account name and password stored in the credential named ##xp_cmdshell_proxy_account##. If this proxy credential does not exist, xp_cmdshell will fail.

The proxy account credential can be created by executing sp_xp_cmdshell_proxy_account. As arguments, this stored procedure takes a Windows user name and password. For example, the following command creates a proxy credential for Windows domain user SHIPPING\KobeR that has the Windows password sdfh%dkc93vcMt0.

So this is what we did:

 
1
2
3
4
EXEC sp_xp_cmdshell_proxy_account 'HOCBASE\admin', 'account_password';
GO
EXEC sp_xp_cmdshell_proxy_account 'HOCBASE\admin', 'account_password';
GO

And things worked fine. A few more things:

How do you drop the proxy credential?

 
1
2
EXEC sp_xp_cmdshell_proxy_account NULL;
GO

How can you find all the users (except sysadmins) who can execute or have access to xp_cmdshell?

 
1
2
Use master
EXEC sp_helprotect 'xp_cmdshell'

And who are all the sysadmins on the box?

 
1
2
Use master
EXEC sp_helpsrvrolemember 'sysadmin'

The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the '##xp_cmdshell_proxy_account##' credential exists and contains valid information.的更多相关文章

  1. Proxy account failing to run SSIS Error (Proxy (11) is not allowed for subsystem "SSIS" and user "AB\testuser ".

    USE [msdb]EXEC msdb.dbo.sp_grant_login_to_proxy @proxy_name=N'SSISProxyAgentV1', @login_name=N'WTC\E ...

  2. Next Instruction Access Intent Instruction

    Executing a Next Instruction Access Intent instruction by a computer. The processor obtains an acces ...

  3. Configure the MySQL account associate to the domain user via MySQL Windows Authentication Plugin

    在此记录如何将之前一次做第三发软件在配置的过程. 将AD user通过代理映射到mysql 用户. 在Mysql官网有这样一段话: The server-side Windows authentica ...

  4. SQL SERVER-开启xp_cmdshell

    在sql server中执行cmd命令,报以下异常. EXEC master.sys.xp_cmdshell 'dir c:/' Msg 15281, Level 16, State 1, Proce ...

  5. Risk Adaptive Information Flow Based Access Control

    Systems and methods are provided to manage risk associated with access to information within a given ...

  6. SSRS2:Reporting Service 配置Service Account

    1,Service Account SSRS以一个Service方式实现,有三部分组成:Web Service,Report Manager和一个后台的进程,这个Service运行的账号就是Servi ...

  7. Debugging Information in Separate Files

    [Debugging Information in Separate Files] gdb allows you to put a program's debugging information in ...

  8. 2014 牡丹江现场赛 i题 (zoj 3827 Information Entropy)

    I - Information Entropy Time Limit:2000MS     Memory Limit:65536KB     64bit IO Format:%lld & %l ...

  9. Nine Great Books about Information Visualization

    Nine Great Books about Information Visualization Maybe it’s anachronistic to celebrate static, print ...

随机推荐

  1. CSS 火焰?不在话下

    正文从下面开始. 今天的小技巧是使用纯 CSS 生成火焰,逼真一点的火焰. 嗯,长什么样子?在 CodePen 上输入关键字 CSS Fire,能找到这样的: 或者这样的: 我们希望,仅仅使用 CSS ...

  2. k8s实战之从私有仓库拉取镜像 - kubernetes

    1.实战目的 从私有docker仓库拉取镜像,部署pod.上一篇中,我们搭建了私有的镜像仓库,这一篇我们将与k8s结合实战使用私有仓库. 2.登录docker 为了完成本次实战,需要登录docker, ...

  3. BTrace 问题辅助排查工具使用手册

    BTrace是调试神器,可以通过自己编写的脚本,获取应用的一切调用信息.而不需要重启应用! Btrace 项目源码信息(你行你上~) 项目地址:http://github.com/btraceio/b ...

  4. javascript 实现数据结构 - 栈

    栈是一种遵从后进先出(LIFO)原则的有序集合.新添加的或待删除的元素都保存在栈的同一端,称作栈顶,另一端就叫栈底.在栈里,新元素都靠近栈顶,旧元素都接近栈底.栈就好像是一个底部密封的盒子,我们往里面 ...

  5. IDEA指定.class文件输出位置

    1.File > Project Structure > Project > Project compiler output  项目中的默认编译输出总目录 2.我习惯于把.class ...

  6. 【Android Studio安装部署系列】二十一、Android studio将项目上传到github中

    版权声明:本文为HaiyuKing原创文章,转载请注明出处! 概述 两个相关概念:git和github Git是一个开源的分布式版本控制系统,用以有效.高速的处理从很小到非常大的项目版本管理.Git ...

  7. FileSizeUtil【获取文件夹或文件的大小】

    版权声明:本文为HaiyuKing原创文章,转载请注明出处! 前言 获取文件夹或者文件的大小,可以指定单位,也可以自动计算合适的单位值. 效果图 代码分析 常用的方法: getFolderOrFile ...

  8. 把ABP框架部署到Docker中

    本文旨在将Abp项目部署到Docker容器中,借助Gitee存储,Jenkins持续构建,利用Docker Compose生成镜像.启动镜像,在官网给定的Abp项目中,虽然用到了Dockerfile. ...

  9. IntelliJ IDEA~gradle环境配置

    Gradle是一个基于Apache Ant和Apache Maven概念的项目自动化构建工具.它使用一种基于Groovy的特定领域语言(DSL)来声明项目设置,抛弃了基于XML的各种繁琐配置. Int ...

  10. JavaScript类型相关常用操作

    JS数组,字符串,json互相转换 JS数组转字符串 使用数组自带的join方法可以把数组转化为字符串: let arr = [1,2,'uu']; let str = arr.join(','); ...