Home All Groups Group Topic Archive Search About

Problems configuring proxy account

microsoft.public.sqlserver.tools
Author
18 Apr 2007 6:49 PM
Maria Isabel Guzman
Hi, at this moment I have a user that is member of sysadmin in a msde. I
need to remove this user from this group but the user use the
xp_cmdshell.

I configured the proxy account on this intance with a user that is
domain admin and also grant the exec permissions on the xp_cmdshell
extended store procedure, and when I execute a simple query: 

exec master.dbo.xp_cmdshell 'dir c:'

returns this error message:

Msg 50001, Level 1, State 50001
xpsql.cpp: Error 1813 from CreateProcessAsUser on line 636

I already restart de sqlserveragent service, but it doesn´t work.

Do someone know what could be the reason.

Thanks a lot for your help.




*** Sent via Developersdex http://www.developersdex.com ***

Author
18 Apr 2007 8:59 PM
Tibor Karaszi
It seems like the service account for the SQL Server service lacks some of the windows Privileges
needed. Search for below in Books Online and you will find what those are:
"level token"

--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi


Show quote
"Maria Isabel Guzman" <mariaisabelguz***@icasa.com.gt> wrote in message
news:%237yaKpegHHA.4064@TK2MSFTNGP02.phx.gbl...
> Hi, at this moment I have a user that is member of sysadmin in a msde. I
> need to remove this user from this group but the user use the
> xp_cmdshell.
>
> I configured the proxy account on this intance with a user that is
> domain admin and also grant the exec permissions on the xp_cmdshell
> extended store procedure, and when I execute a simple query:
>
> exec master.dbo.xp_cmdshell 'dir c:'
>
> returns this error message:
>
> Msg 50001, Level 1, State 50001
> xpsql.cpp: Error 1813 from CreateProcessAsUser on line 636
>
> I already restart de sqlserveragent service, but it doesn´t work.
>
> Do someone know what could be the reason.
>
> Thanks a lot for your help.
>
>
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
Author
18 Apr 2007 11:40 PM
MariaGuzman
Thanks a lot for your help. I already check and the service account i
use is a domainadmin and domainadmins are administrator of the server.

do you have any other clue??


*** Sent via Developersdex http://www.developersdex.com ***
Author
19 Apr 2007 6:44 AM
Tibor Karaszi
Domain admin isn't enough. You need to make sure it has privileges like "Replace a Process Level
Token" and the other stuff mentioned in Books Online.

--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi


Show quote
"MariaGuzman" <mar***@devdex.com> wrote in message news:%236iAzLhgHHA.4284@TK2MSFTNGP06.phx.gbl...
>
> Thanks a lot for your help. I already check and the service account i
> use is a domainadmin and domainadmins are administrator of the server.
>
> do you have any other clue??
>
>
> *** Sent via Developersdex http://www.developersdex.com ***

AddThis Social Bookmark Button

Post Other interesting topics
Should I Upgrade from RTM to SP3a or SP4 To Try To Fix Problems?
Scripting Performance after SP2 applied?
Management Studio along side Management Studio Express
Resetting DB
bcp - Run time file name generation