Article ID: 891984 - View products that this article applies to.
Many Microsoft SQL Server 2000 administrators consider removing the xp_cmdshell stored procedure from SQL Server as part of their security plan. Although the extended stored procedure can be removed, removal has significant support and functionality implications. Examine other security settings before you make this system change.
Removing stored procedures during SQL Server 2000 hardeningMany third-party SQL Server 2000 hardening guides and security templates are publicly available. No third-party hardening guide has been tested with the original release version of SQL Server 2000 or with any later service packs or hotfixes. Therefore, you should perform extensive testing in your environment before you implement any new settings in a production environment.
Additionally, if the newer settings cause application outages or failure, you must be able to roll back settings or revert to default settings.
Note If you remove system-installed extended stored procedures, the system configuration will be an unsupported configuration. Microsoft will not fix bugs that occur because you removed extended stored procedures.
Administrators who harden SQL Server by making these changes will experience less functionality than the functionality of the original product.
For more information about SQL Server 2000 hardening, view the "SQL Server 2000 SP3 Security Features and Best Practices" guide. For more information, visit the following Microsoft Web site:
The xp_cmdshell stored procedure and accountsBy default, only system administrators can use the xp_cmdshell stored procedure. However, the following authentication settings allow for different levels of access to the xp_cmdshell stored procedure:
We do not recommend that you let users use the xp_cmdshell stored procedure because this lets the user run any command that is under the context of the proxy account. To determine whether a server lets users access the xp_cmdshell stored procedure, examine the proxy account settings by using one of the following tools:
The xp_cmdshell stored procedure and other stored proceduresMany stored procedures call the xp_cmdshell stored procedure. The following table lists the components that will break if you remove the xp_cmdshell stored procedure.
Collapse this tableExpand this table
How to drop the xp_cmdshell stored procedureYou must have System Administrator user rights to drop the xp_cmdshell stored procedure. To drop the stored procedure, type the following command at a command prompt:
exec sp_dropextendedproc 'xp_cmdshell'To re-add the xp_cmdshell stored procedure, type the following command at a command prompt:
exec sp_addextendedproc 'xp_cmdshell', 'xplog70.dll'
The Xplog70.dll file and the xp_cmdshell stored procedureIf you only drop the xp_cmdshell stored procedure, this action may not deny access to the system. Another administrator can just re-add the xp_cmdshell stored procedure by using the sp_addextendedproc stored procedure.
If you want to remove the xp_cmdshell stored procedure from the system, you must also remove the Xplog70.dll file from the computer.
The Xplog70.dll file is also used for other extended stored procedures. If you remove the Xplog70.dll file, the server cannot call the following extended stored procedures:
You may receive error messages after you remove the Xplog70.dll fileAfter you remove the Xplog70.dll file, you may experience one of the following symptoms:
For more information, visit the following Microsoft Web site:
Article ID: 891984 - Last Review: November 2, 2007 - Revision: 1.4
Contact us for more help