How to enable the
xp_cmdshell and why is it blocked or disabled?*
while enabling you need Check out the Permission section of the
xp_cmdshell MSDN docs:
please follow link
https://msdn.microsoft.com/en-us/library/ms190693.aspx
EXEC sp_configure 'show advanced options', 1
GO
RECONFIGURE
GO
EXEC sp_configure 'xp_cmdshell', 1
GO
RECONFIGURE
GO
xp_cmdshell- Executes a given command string or batch file as an operating-system command shell and returns any output as rows of text.
Permission/Rights: Only SysAdmin fixed role can execute it.
Syntax
xp_cmdshell {‘command_string‘} [, no_output]
Arguments
‘command_string‘
Is the command string to execute at the operating-system command shell or from DOS prompt. command_string is varchar(255) or nvarchar(4000), with no default.
command_string cannot contain more than one set of double quotation marks.
A single pair of quotation marks is necessary if any spaces are present in the file paths or program names referenced by command_string.
If you have trouble with embedded spaces, consider using FAT 8.3 file names as a workaround.
no_output
Is an optional parameter executi
-- To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
-- To update the currently configured value for advanced options.
RECONFIGURE
GO
-- Disable xp_cmdshell option now
EXEC sp_configure 'xp_cmdshell', 0
GO
RECONFIGURE
GO
FOr More Info-- http://yrushka.com/index.php/sql-server/security/execute-remotely-t-sql-command-through-xp_cmdshell/
Use Master
GO
EXEC master.dbo.sp_configure 'show advanced options', 1
RECONFIGURE WITH OVERRIDE
GO
EXEC master.dbo.sp_configure 'xp_cmdshell', 1
RECONFIGURE WITH OVERRIDE
GO
Related
I want to export values from a column (TcpIpAddress) from a table called dbo.DimServere to a plain text (located in the server). I have sysadmin rights.
-- To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1;
GO
-- To update the currently configured value for advanced options.
RECONFIGURE;
GO
-- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 1; -- 1 for at enable
GO
-- To update the currently configured value for this feature.
RECONFIGURE;
GO
-- Extracting information from the databse
EXEC xp_cmdshell 'bcp "SELECT TcpIpAddress FROM [SIT-DVH].[dbo].[DimServere]" queryout "C:\Users\b013904\Desktop\Output\bcptest.txt" -T -c -t,'
-- To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1;
GO
-- To update the currently configured value for advanced options.
RECONFIGURE;
GO
-- To disable the feature.
EXEC sp_configure 'xp_cmdshell', 0; -- 0 for at disable
GO
-- To update the currently configured value for this feature.
RECONFIGURE;
GO
However, when I run this script, I get the following message and no file is been created:
What am I doing wrong?
The path in that bcp statement will be relative to the server since you're executing it on the server.
Does that path exist on the server?
Also, try changing the path to something more accessible like c:\output. .. then you can play around with the permissions on that folder to ensure that is not a os permission that's causing the statement to fail.
Hope that helps
I'm looking to monitor various events that may occur within a SQL Server Maintenance Plan. My desired method for doing this is to have the maintenance plan do an HTTP POST with the data. After some research I think my preferred approach is to use cURL but I understand this requires enabling xp_cmdshell which is not ideal from a security standpoint.
So, I'm trying to put together a bit of T-SQL that will check if xp_cmdshell is enabled and if not enable it long enough to run the command and then disable it again. However, what I have below is not cooperating and I'm pretty sure it has something to do with all those GO's...
DECLARE #cmdstatus INT
SET #cmdstatus = (SELECT CONVERT(INT, ISNULL(value, value_in_use)) AS config_value FROM sys.configurations WHERE name = N'xp_cmdshell')
IF #cmdstatus = 1
EXEC xp_cmdshell 'curl --user user:password --data "task=test&status=success" https://www.example.ca/index.php';
GO
IF #cmdstatus = 0
EXEC sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
EXEC sp_configure 'xp_cmdshell', 1;
GO
RECONFIGURE;
GO
EXEC xp_cmdshell 'curl --user user:password --data "task=test&status=success" https://www.example.ca/index.php';
GO
EXEC sp_configure 'xp_cmdshell', 0;
GO
RECONFIGURE;
GO
EXEC sp_configure 'show advanced options', 0;
GO
RECONFIGURE;
GO
Thanks for any help.
I need to create an on-demand export of user data on our website. The user clicks an export button, classic ASP code executes a stored procedure that generates a file via BCP, and the user is prompted to download it.
I've created the sproc, and its working flawlessly when executed from SSMS. The catch is getting it to work from the site with the limited privileges granted to the account connecting to SQL from the website. Here is a snippet:
-- INSERT TEMP DATA
INSERT INTO t_users_tempExport
SELECT * FROM #tempExport
-- show advanced options
EXEC sp_configure 'show advanced options', 1
RECONFIGURE
-- enable xp_cmdshell
EXEC sp_configure 'xp_cmdshell', 1
RECONFIGURE
-- hide advanced options
EXEC sp_configure 'show advanced options', 0
RECONFIGURE
-- EXPORT TO CSV
DECLARE #sql varchar(8000)
SELECT #sql = 'bcp "select * FROM DBNAME.dbo.tempExport WHERE scopeID='''+#randomString+'''" '
+ 'queryout C:\temp\exportResidents_'+CONVERT(varchar(max),#userID)+'.csv -c -t, -T -S'
+ ##servername
EXEC master..xp_cmdshell #sql
-- RETURN FILE NAME
SELECT 'C:\temp\export_'+CONVERT(varchar(max),#userID)+'.csv' AS fileName
The issue is that I cannot enable xp_cmdshell with the privledges granted to the account that is connecting to SQL from the website. Im kind of at a loss as to how to proceed.
Is it possible to include the sysadmin credentials in the call to BCP? Is there some easier option or work around?
I ended up going a completely different route. I created the CSV file from pure ASP code, only using the sproc to return the data.
Looking for Enabling CLR Integration I found this document: http://msdn.microsoft.com/en-us/library/ms131048.aspx that said to use the following code for setting to 1 the "crl enabled" variable.
sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
sp_configure 'clr enabled', 1;
GO
RECONFIGURE;
GO
I want know If a reboot of SQL Server is required? Or, more generaly, what are the steps to follow in order to Enable CRL Integration?
If you use with override option, then restart is not required.
EXEC sp_CONFIGURE 'show advanced options' , '1';
GO
RECONFIGURE WITH OVERRIDE
GO
EXEC sp_CONFIGURE 'clr enabled' , '1'
GO
RECONFIGURE WITH OVERRIDE
GO
The accepted answer is incorrect. The WITH OVERRIDE option of RECONFIGURE has absolutely nothing to do with whether or not a restart of SQL Server is required. The MSDN documentation for RECONFIGURE states that WITH OVERRIDE:
Disables the configuration value checking (for values that are not valid or for nonrecommended values)...
The fact is, no restart of the SQL Server service is required when enabling, or disabling, the "CLR Integration" option in sp_configure. A simple test (run on SQL Server 2008 R2, but works the same across all versions that support SQLCLR) proves this:
EXEC sp_configure 'clr enabled'; -- show current value
EXEC sp_configure 'clr enabled', 0; RECONFIGURE;
EXEC sp_configure 'clr enabled'; -- show current value
GO
EXEC sp_configure 'clr enabled'; -- show current value
EXEC sp_configure 'clr enabled', 1; RECONFIGURE;
EXEC sp_configure 'clr enabled'; -- show current value
GO
Results:
Pay attention to the run_value field. It starts out as "1" since "CLR Integration" is already enabled on my system. But it switches with only calling RECONFIGURE.
name minimum maximum config_value run_value
clr enabled 0 1 1 1
clr enabled 0 1 0 0
clr enabled 0 1 0 0
clr enabled 0 1 1 1
Additionally, it should be stated with regards to the initial code shown in the Question, the statement for
sp_configure 'show advanced options', 1;
is unnecessary since clr enabled is not an advanced option.
To prove the point about clr enabled not being an advanced option, and even showing another way to prove that this option does not require a reboot, just execute the following simple query:
SELECT [name], [value], [value_in_use], [is_dynamic], [is_advanced]
FROM sys.configurations
WHERE [configuration_id] = 1562;
/*
name value value_in_use is_dynamic is_advanced
clr enabled 1 1 1 0
*/
As you can see in the result set shown above, is_advanced is 0, meaning "not an advanced option (yes, the official Microsoft documentation is currently incorrect; I will update it when I have time). Also, is_dynamic is 1, meaning that simply executing RECONFIGURE will enable the option immediately, not requiring a restart of the instance.
To summarize: The sum total of all steps required to enable "CLR Integration", and without needing to restart the SQL Server service, are as follows:
EXEC sp_configure 'clr enabled', 1;
RECONFIGURE;
That's it. **
** WOW64 servers will require a restart of the server in order for this option to take effect. ( clr enabled Server Configuration Option )
I am trying to use Sp_configure Proc in another stored procedure, but getting errors.
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE Test01
AS
BEGIN
SET NOCOUNT ON;
sp_configure 'show advanced options', 1
RECONFIGURE
GO
sp_configure 'Ad Hoc Distributed Queries', 1
RECONFIGURE
Go
END
GO
The Error comes:-
Msg 102, Level 15, State 1, Procedure Test01, Line 6
Incorrect syntax near 'sp_configure'.
Configuration option 'Ad Hoc Distributed Queries' changed from 1 to 1. Run the RECONFIGURE statement to install.
Msg 102, Level 15, State 1, Line 1
Incorrect syntax near 'END'.
GO is not a TSQL command. It is a batch separator in the query window. The first GO after RECONFIGURE effectively ends the definition of your stored procedure. You also need to use EXEC when calling the procedures. See code below.
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE Test01
AS
BEGIN
SET NOCOUNT ON;
EXEC sp_configure 'show advanced options', 1
RECONFIGURE
EXEC sp_configure 'Ad Hoc Distributed Queries', 1
RECONFIGURE
END
GO