CmdExec and Environment

Unfortunately several of my sql users need tot run cmdexe jobs
(dts-packages). To keep them from totally destroying my server I
configured a proxy account with not to much rights on the files system.
For each virtual server I created a separate temp dir for the proxy user.
when a cmdexec job is run the %temp% %tmp% point to the tempdir which
belong to the cluster service account. Now I noticed a Environment
REG_MULTI_SZ key for the sql and sqlagent services (\hkey local
machine\...\/services\mssql$instance). This key contains a full set of
environment vars, but is not wel documented (no hits on google).
Is this, a standard reg key for services, or something special for sql
and sqlagent or something special for a clustered sql and sqlagent
service? I want to temper with the %temp% and %tmp%.
Hans
Hans de Bruin wrote:
> Unfortunately several of my sql users need tot run cmdexe jobs
> (dts-packages). To keep them from totally destroying my server I
> configured a proxy account with not to much rights on the files system.
> For each virtual server I created a separate temp dir for the proxy user.
> when a cmdexec job is run the %temp% %tmp% point to the tempdir which
> belong to the cluster service account. Now I noticed a Environment
> REG_MULTI_SZ key for the sql and sqlagent services (\hkey local
> machine\...\/services\mssql$instance). This key contains a full set of
> environment vars, but is not wel documented (no hits on google).
> Is this, a standard reg key for services, or something special for sql
> and sqlagent or something special for a clustered sql and sqlagent
> service? I want to temper with the %temp% and %tmp%.
>
This is something special for clustering. Just before the sqlserver or
sqlserver agent service starts ResrcMon writes the envrionment to this
key. Any manual made changes are overwriten.
When DTSRun can't write to the \documents and
setting\clusterserviceaccount\local\temp it tries to write in
c:\winows\temp.
Hans
|||When using the Proxy Account both CmdExec and xp_cmdshell call the Win32 API
LogonUser
http://msdn.microsoft.com/library/de.../logonuser.asp
As dwLogonType it uses LOGON32_LOGON_BATCH
As dwLogonProvider is uses LOGON32_PROVIDER_DEFAULT
After which they call the Win32 API CreateProcessAsUser
http://msdn.microsoft.com/library/de...cessasuser.asp
However CreateProcessAsUser does not load the specified user's profile into
the HKEY_USERS registry key. Therefore, to access the information in the
HKEY_CURRENT_USER registry key and if the lpEnvironment parameter is NULL,
the new process inherits the environment of the calling process.
CreateProcessAsUser does not automatically modify the environment block to
include environment variables specific to the user represented by hToken.
For example, the USERNAME and USERDOMAIN variables are inherited from the
calling process if lpEnvironment is NULL. It is your responsibility to
prepare the environment block for the new process and specify it in
lpEnvironment.
So what you get is the enviroment of the service account.
GertD@.SQLDev.Net
Please reply only to the newsgroups.
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
Copyright SQLDev.Net 1991-2005 All rights reserved.
"Hans de Bruin" <invalid@.invalid> wrote in message
news:1120486047.358052@.aquila.amc.uva.nl...
> Hans de Bruin wrote:
> This is something special for clustering. Just before the sqlserver or
> sqlserver agent service starts ResrcMon writes the envrionment to this
> key. Any manual made changes are overwriten.
> When DTSRun can't write to the \documents and
> setting\clusterserviceaccount\local\temp it tries to write in
> c:\winows\temp.
> --
> Hans