Minimum Permissions to run Command Windows
I am setting up a SQL Server Job that is running an SSIS package. This packag calls cmd.exe /c .... to do a unc mapping and pull some data. My job works if the account is an administrator of the server. However I want to do minimum security. It fails as a standard user as it is unable to open the command window to issue the unc map. So my question is what are the minimum permissions to open a command window for a SQL job/scheduled task/etc.
February 28th, 2011 2:24pm

does that standard user have ntfs rights to access the cmd.exe in %windir%\system32 ?
Free Windows Admin Tool Kit Click here and download it now
February 28th, 2011 4:24pm

in gerneral the user account used in the schedule task needs. the logon as batch right Permissions to the cmd.exe permissions to any other file/folders/executables called by your task on the local server permissions to the share and files/folders/exectable called by your task on the share
February 28th, 2011 5:05pm

I thought so to. But it might be an interactive log on issue since the account is not really logged onto the server. I took a look at this link http://support.microsoft.com/kb/867466 which helped but now I received other errors. So still not sure what permissions are needed as it works when Admin.
Free Windows Admin Tool Kit Click here and download it now
February 28th, 2011 5:11pm

I sucessfully tested running a schedule task using only local User Permissions, on Windows XP. Logon as batch permission was not needed, it all came down to permissions on the individual files and folders, and the CMD.exe. If the user had access it worked if the user did not have access it failed. As simple as that. Scheduled Task command line: C:\Test\test.bat > out.txt Scheduled Task working dir: c:\test Test.bat @echo off Echo %date% %time% echo hello echo more echo. Type c:\boot.ini copy C:\boot.ini c:\test copy C:\test.txt c:\test Checked out.txt after every run. Boot.ini is not accessible by normal users...so it failes. Test.txt will copy once your test user has access to the file, and the target folder. I enabled auditing of the NTFS files and folders to verify what access was being requested so i could grant it appropriately. If you are doing more advance stuff with your script you may need more permissions, use auditing to troubleshoot permissions to determine what is denied so you know what to grant.
February 28th, 2011 10:26pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics