Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SQLAgentCmdExec

195 views
Skip to first unread message

Daniel Flynn

unread,
Apr 4, 2002, 8:56:02 AM4/4/02
to
Who or what is SQLAgentCmdExec? I do not see a login for
SQLAgentCmdExec in Enterprise Manager. When I do a search
in Books Online, I only get 5 hits.

Step 4 of How to reset SQLAgentCmdExec permissions
(Enterprise Manager):

4. Under Non-SysAdmin job step proxy account, clear the
Only users with SysAdmin privileges can execute CmdExe and
ActiveScripting job steps check box, and click Reset Proxy
Account.

However, the check box is clear and the "Reset Proxy
Account" command button is unavailable (grayed out).

What can I do. I am getting the error:

xpsql.c: Error 997 from GetPassword on line 473

trying to execute xp_cmdshell.

Sue Hoegemeier

unread,
Apr 4, 2002, 10:45:50 AM4/4/02
to
It's the account used by non-sysadmins to run CmdExec and
ActiveX script job steps.
Make sure you are logged in/have Enterprise Manager
registered under a sysadmin account to allow resetting this.
You may want to refer to the following Knowledge Base
article for more information:
INF: Reset Proxy and the SQLAgentCmdExec Account (Q264155)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264155

--Sue

Daniel Flynn

unread,
Apr 4, 2002, 11:12:20 AM4/4/02
to
Sue,

Why can't I see it in EM along with the other logins (sa,
sqladmin, etc.)?

Thanks,

Dan

>.
>

Sue Hoegemeier

unread,
Apr 4, 2002, 11:33:55 AM4/4/02
to
Because it's an NT/Windows account, not a SQL Server login.
It's not used for SQL Server access but rather to run
operating system type of commands.

--Sue

On Thu, 4 Apr 2002 08:12:20 -0800, "Daniel Flynn"

Daniel Flynn

unread,
Apr 4, 2002, 12:10:23 PM4/4/02
to
So, what kind of authority does the NT account need to
avoid the dreaded:

xpsql.c: Error 997 from GetPassword on line 473

when trying to execute xp_cmdshell from within SQL Server.

Dan

>.
>

Sue Hoegemeier

unread,
Apr 4, 2002, 1:17:53 PM4/4/02
to
Dan,
It's all in the Knowledge Base article I mentioned. At a
minimum, the SQLAgentCmdExec is a part of the users group
with Log on Locally, shut down the system and logon as batch
job rights.
The other service accounts need permissions set as outlined
in the Knowledge base article as well.

--Sue

On Thu, 4 Apr 2002 09:10:23 -0800, "Daniel Flynn"

Daniel Flynn

unread,
Apr 4, 2002, 3:04:45 PM4/4/02
to
Sue,

Thanks for your help (and patience). Now I just need to
compare the policies for SQLAgentCmdExec on 2 servers here
(one server works OK, the other, NOT) and see where they
differ. Keep your fingers crossed.

Again, thank you very much,

Sincerely,

Dan Flynn

>.
>

Sue Hoegemeier

unread,
Apr 4, 2002, 3:50:21 PM4/4/02
to
You're very welcome Dan. Please post back your results.

Also, I'd check all the accounts (SQL Server service and SQL
Server Agent service) on the boxes, not just the
SQLAgentCmdExec.

--Sue

On Thu, 4 Apr 2002 12:04:45 -0800, "Daniel Flynn"

0 new messages