-
Notifications
You must be signed in to change notification settings - Fork 40
/
Copy pathCreate Proxy for PowerShell.sql
81 lines (67 loc) · 2.16 KB
/
Create Proxy for PowerShell.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
--Script #1 - Creating a credential to be used by proxy
USE MASTER
GO
--Drop the credential if it is already existing
IF EXISTS (SELECT 1 FROM sys.credentials WHERE name = N'PowerShellProxyCredentials')
BEGIN
DROP CREDENTIAL [PowerShellProxyCredentials]
END
GO
CREATE CREDENTIAL [PowerShellProxyCredentials]
WITH IDENTITY = N'SSBINFO\saag',
SECRET = N'SECRET_PASSWORD123' --- !!!! UPDATE THE PASSWORD !!!!
GO
--Script #2 - Creating a proxy account
USE msdb
GO
--Drop the proxy if it is already existing
IF EXISTS (SELECT 1 FROM msdb.dbo.sysproxies WHERE name = N'PowerShellProxy')
BEGIN
EXEC dbo.sp_delete_proxy
@proxy_name = N'PowerShellProxy'
END
GO
--Create a proxy and use the same credential as created above
EXEC msdb.dbo.sp_add_proxy
@proxy_name = N'PowerShellProxy',
@credential_name=N'PowerShellProxyCredentials',
@enabled=1
GO
--To enable or disable you can use this command
EXEC msdb.dbo.sp_update_proxy
@proxy_name = N'PowerShellProxy',
@enabled = 1 --@enabled = 0
GO
--Script #3 - Granting proxy account to SQL Server Agent Sub-systems
USE msdb
GO
--You can view all the sub systems of SQL Server Agent with this command
--You can notice for PowerShell Subsystem id is 12
EXEC sp_enum_sqlagent_subsystems
GO
--Grant created proxy to SQL Agent subsystem
--You can grant created proxy to as many as available subsystems
EXEC msdb.dbo.sp_grant_proxy_to_subsystem
@proxy_name=N'PowerShellProxy',
@subsystem_id=12 --subsystem 12 is for SSIS as you can see in the above image
GO
--View all the proxies granted to all the subsystems
EXEC dbo.sp_enum_proxy_for_subsystem
--Script #4 - Granting proxy access to security principals
USE msdb
GO
--Grant proxy account access to security principals that could be
--either login name or fixed server role or msdb role
--Please note, Members of sysadmin server role are allowed to use any proxy
EXEC msdb.dbo.sp_grant_login_to_proxy
@proxy_name=N'PowerShellProxy'
--,@login_name=N'SSBINFO\SSB CRM Sec'
--,@login_name=N'SSBINFO\SSB MDM Sec'
,@login_name=N'SSBINFO\SSB ETL Sec'
--,@login_name=N'SSBINFO\SSB QA Sec'
--,@fixed_server_role=N''
--,@msdb_role=N''
GO
--View logins provided access to proxies
EXEC dbo.sp_enum_login_for_proxy
GO