Disabling xp_CmdShell - Is it really a best practice?

Speaker(s)Jeff Moden 

Duration: 60 minutes

Track: Wile Auditorium

One of the most recommended "best practices" there is is to disable xp_CmdShell.  Whether you're pro, con, or just a casual user of xp_CmdShell, the first part of this "Black Arts" session will show you why disabling xp_CmdShell might actually be a bad idea depending on what else you do or don't do.  Then, for those folks that have made the extremely grave security mistake of giving users or apps the privs to run xp_CmdShell directly, you'll learn how to use a very simple method to allow the users/apps to use stored procedures that run xp_CmdShell without them having the privs to run xp_CmdShell directly themselves in a much more secure manner and all without certificates!.  If time allows, we'll also learn a method to greatly simplify PowerShell inputs to a table from T-SQL using only a single extra connection instead of two.

Accompanying Materials:

No material found.