0

I have been trying to resolve this really weird issue for a while!

We have a stored procedure that performs the below (all executed via xp_cmdshell which is run using the proxy account that is set to the service account)

  1. exec xp_cmdshell 'net use /delete X:'
  2. exec xp_cmdshell 'net use X: \\<server_ip>\FOLDER
  3. exec xp_cmdshell 'X:\SomeExeFile.exe'

However, when running step 3, I am getting a 'The system cannot find the drive specified'. Running exec xp_cmdshell 'whoami' between steps 2 and 3 gives me the service account user, but running exec xp_cmdshell 'net use' between steps 2 and 3 states that X: is 'Unavailable' !

Moreover, at this point, running 'net use' from a cmd window (which is run as the service account user) also gives 'Unavailable' but when I execute all the above steps 1-3 again from the cmd window, everything works fine.

(And to further add, running exec xp_cmdshell 'net use' from SSMS after doing the above via cmd then gives 'Disconnected X:' )

I cannot seem to understand what is happening since I am under the impression that net use executed on cmd and net use executed via xp_cmdshell should be the same. Can anyone help me understand why running 'net use' via xp_cmdshell just after creating it using same user is giving 'Unavailable' please?

Thanks in advance!

PS: what's weird is that when I run the above from SSMS connected with a sysadmin account, this issue is not present!

L.D
  • 255
  • 1
  • 2
  • 9
  • Well, does service account have access to the share? – siggemannen Apr 25 '23 at 14:38
  • Yes, ofcourse. If not, it would not have worked via cmd window either no? – L.D Apr 25 '23 at 14:40
  • 1
    I don't know, it's a bit unclear from which accounts you run the cmd parts from. Does it help to put all your code into same .bat file and run everything at once? – siggemannen Apr 25 '23 at 14:42
  • Some stuff on windows doesn't always work when impersonating (which i guess proxy account is doing), vs actually running as specific user, maybe it could be that. – siggemannen Apr 25 '23 at 14:45
  • I'm running the cmd window using 'run as different user' and inputting the service account credentials. Infact, executing 'whoami' gives me the service account username. I will give the .bat file idea a go! – L.D Apr 25 '23 at 14:46
  • The .bat file idea actually works! Very strange that running same commands via xp_cmdshell individually does not :( – L.D Apr 25 '23 at 14:58
  • I suspect the share thing is "lost" after impersonation ends, which is done at the end of each xp_cmdshell call. – siggemannen Apr 25 '23 at 15:00
  • That could be very well true. Feel free to add this info as an answer so that I can mark it as accepted. Thanks! – L.D Apr 25 '23 at 15:17
  • Done! Glad to be of some help – siggemannen Apr 25 '23 at 15:30

1 Answers1

0

I suspect the problem is that after each xp_cmdshell call, the end of impersonation "kills" the share, and that's why it works to run it in one go.

As a workaround, you can put the whole script into .bat file and execute it

siggemannen
  • 3,884
  • 2
  • 6
  • 24