The cmd_shell component in SQL Server is powerful and can almost realize all functions of the Windows system through this construction. Therefore, this component is also the biggest security risk of SQL Server. This component in SQL Server 2000 is enabled by default, while this component in SQL Server 2005 is turned off by default as part of this server security configuration. Sometimes we need to use this component, and the relevant statements to enable this component are as follows:
--To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
--To update the currently configured value for advanced options.
RECONFIGURE
GO -- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 1
GO
--To update the currently configured value for this feature.
RECONFIGURE
GO
In order to ensure the security of the database server, it is recommended to close the component after use. The relevant statements for closing the component are as follows:
--To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
--To update the currently configured value for advanced options.
RECONFIGURE
GO -- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 0
GO
--To update the currently configured value for this feature.
RECONFIGURE
GO