xp_cmdshell (server configuration option)
Applies to: SQL Server
This article describes how to enable the xp_cmdshell
SQL Server configuration option. This option allows system administrators to control whether the xp_cmdshell extended stored procedure can be executed on a system. By default, the xp_cmdshell
option is disabled on new installations.
Before enabling this option, it's important to consider the potential security implications.
- Newly developed code shouldn't use the
xp_cmdshell
stored procedure, and generally it should be left disabled. - Some legacy applications require
xp_cmdshell
to be enabled. If they can't be modified to avoid the use of this stored procedure, you can enable it as described below.
Note
If xp_cmdshell
must be used, as a security best practice it is recommended to only enable it for the duration of the actual task that requires it. Using xp_cmdshell
can trigger security audit tools.
If you need to enable xp_cmdshell
, you can use Policy-Based Management or run the sp_configure
system stored procedure as shown in the following code example:
-- To allow advanced options to be changed.
EXECUTE sp_configure 'show advanced options', 1;
GO
-- To update the currently configured value for advanced options.
RECONFIGURE;
GO
-- To enable the feature.
EXECUTE sp_configure 'xp_cmdshell', 1;
GO
-- To update the currently configured value for this feature.
RECONFIGURE;
GO
-- To set "show advanced options" back to false
EXECUTE sp_configure 'show advanced options', 0;
GO
-- To update the currently configured value for advanced options.
RECONFIGURE;
GO
Next steps
Phản hồi
https://aka.ms/ContentUserFeedback.
Sắp ra mắt: Trong năm 2024, chúng tôi sẽ dần gỡ bỏ Sự cố với GitHub dưới dạng cơ chế phản hồi cho nội dung và thay thế bằng hệ thống phản hồi mới. Để biết thêm thông tin, hãy xem:Gửi và xem ý kiến phản hồi dành cho