run process under another account from process running under "local system account"

Discussion in 'Server Security' started by Michal Valent, Jan 23, 2009.

  1. Hello,
    please, can anybody help me to find out if is it possible to
    run process under another account from process running under "local system
    account" ?

    For example MSSQLSERVER trigger is running under "local system account"
    and is firing javascript which ought to run under "domain\user" account.

    thank you
    miso
     
    Michal Valent, Jan 23, 2009
    #1
    1. Advertisements

  2. Michal Valent

    Al Dunbar Guest

    One process can certainly launch a new process under the credentials of
    another user. The method would depend on the nature of these processes. In
    the simplest case, any account with sufficient privileges to create a
    scheduled task can create a task with alternate credentials.

    Under some circumstances, a single process can do some of its work with
    alternate credentials, however, this is somewhat limited by the available
    tools. For example, one can map a share under alternate credentials, and
    perform folder and file management on the share as if it had the privileges
    itself.
    In what context is "MSSQLSERVER trigger" running - as a service, scheduled
    task, interactive session, or something else?

    And in what mode(s) can the javascript run?


    /Al
     
    Al Dunbar, Jan 23, 2009
    #2
    1. Advertisements

  3. In what context is "MSSQLSERVER trigger" running - as a service, scheduled
    The "MSSQLSERVER trigger" running - as a service
    The javascript is fired from the trigger :

    CREATE TRIGGER [myUpdate] ON [dbo].[myTable]
    FOR UPDATE
    AS

    IF UPDATE ( myCol )

    BEGIN

    DECLARE @cmd as varchar(1000)
    declare @myColVal as varchar(20)
    declare @myTS as varchar(30)

    SET @myColVal = (SELECT myCol FROM inserted)
    SET @myTS = (select convert(varchar(30), getdate(), 121))
    SET @myTS = REPLACE(@myTS, ' ', '_')

    SET @cmd = '"C:\myScripts\myCallsToWebServices.js" '
    + @myColVal + ' ' + @myTS
    EXEC master..xp_cmdshell @cmd

    END
     
    Michal Valent, Jan 26, 2009
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.