Problems configuring proxy account

Hi, at this moment I have a user that is member of sysadmin in a msde. I
need to remove this user from this group but the user use the
xp_cmdshell.
I configured the proxy account on this intance with a user that is
domain admin and also grant the exec permissions on the xp_cmdshell
extended store procedure, and when I execute a simple query:
exec master.dbo.xp_cmdshell 'dir c:'
returns this error message:
Msg 50001, Level 1, State 50001
xpsql.cpp: Error 1813 from CreateProcessAsUser on line 636
I already restart de sqlserveragent service, but it doesnt work.
Do someone know what could be the reason.
Thanks a lot for your help.
*** Sent via Developersdex http://www.codecomments.com ***
It seems like the service account for the SQL Server service lacks some of the windows Privileges
needed. Search for below in Books Online and you will find what those are:
"level token"
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi
"Maria Isabel Guzman" <mariaisabelguzman@.icasa.com.gt> wrote in message
news:%237yaKpegHHA.4064@.TK2MSFTNGP02.phx.gbl...
> Hi, at this moment I have a user that is member of sysadmin in a msde. I
> need to remove this user from this group but the user use the
> xp_cmdshell.
> I configured the proxy account on this intance with a user that is
> domain admin and also grant the exec permissions on the xp_cmdshell
> extended store procedure, and when I execute a simple query:
> exec master.dbo.xp_cmdshell 'dir c:'
> returns this error message:
> Msg 50001, Level 1, State 50001
> xpsql.cpp: Error 1813 from CreateProcessAsUser on line 636
> I already restart de sqlserveragent service, but it doesnt work.
> Do someone know what could be the reason.
> Thanks a lot for your help.
>
>
> *** Sent via Developersdex http://www.codecomments.com ***
|||Thanks a lot for your help. I already check and the service account i
use is a domainadmin and domainadmins are administrator of the server.
do you have any other clue?
*** Sent via Developersdex http://www.codecomments.com ***
|||Domain admin isn't enough. You need to make sure it has privileges like "Replace a Process Level
Token" and the other stuff mentioned in Books Online.
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi
"MariaGuzman" <marisa@.devdex.com> wrote in message news:%236iAzLhgHHA.4284@.TK2MSFTNGP06.phx.gbl...
> Thanks a lot for your help. I already check and the service account i
> use is a domainadmin and domainadmins are administrator of the server.
> do you have any other clue?
>
> *** Sent via Developersdex http://www.codecomments.com ***