Thursday 4 January 2007

SQL 2005 : Enabling XP_cmdshell

This is considered a big security 'no no', with access to external functionality preferred by developing a CLR assembly. With cmdshell enabled, users can effectively run any command :(

EXEC sp_configure 'show advanced option', '1'
RECONFIGURE;
GO

EXEC sp_configure 'xp_cmdshell', 1
GO
RECONFIGURE;

-- remember to turn advanced options off again!
EXEC sp_configure 'show advanced option', '0'
RECONFIGURE
GO

No comments: