Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

SQL Server: Monitoring Disk Space With WMI and OLE Automation Objects

DZone's Guide to

SQL Server: Monitoring Disk Space With WMI and OLE Automation Objects

Learn how you can utilize OLE automation objects, WMI, and some handy configuration to get reports on how much disk space is available on your server.

· Database Zone
Free Resource

Check out the IT Market Clock report for recommendations on how to consolidate and replace legacy databases. Brought to you in partnership with MariaDB.

This article talks about various SQL methods to fetch disk usage details and the use of T-SQL in conjunction with invoking OLE automation procedures and WMI class libraries using the SQL Windows Shell interface.

The step by step details about the OLE automation and WMI Query approach to capture disk space and the use of SQL cmd with a looping construct, data storage for querying, and reporting are discussed below.

Method 1: Using OLE Automation and Extended SP

In this method, OLE automation and xp_cmdshell configuration components are enabled on the SQL server. The sp_OACreate creates an instance of a Scripting.FileSystemObject OLE class. The sp_OAMethod gets a unique ID for each volume attached to filesystem object and sp_OAGetProperty retrieves properties of each drive and filesystem.

The reason for enabling xp_cmdshell is to execute xp_fixeddrives, an extended stored procedure. The output is stored in a temporary table. The records are traversed with a while loop construct for the %free space calculation. The sp_OAMethod requires a drive letter as its input. The below SQL has a hard coded value for the F drive. You can change the SQL as per your requirements.

DECLARE @hr INT , 
    @fso INT, 
    @drive CHAR(1)='F',  /* To demonstrate have hard coded the drive letter to F */
    @odrive INT,
    @TotalSize BIGINT,
    @freespace BIGINT,
    @AvailableSpace   BIGINT,
    @DriveCollection INT,
    @DriveCount INT,
    @FileSystemInstance  INT,
    @volumeName varchar(128),
    @IsReady VARCHAR(5)
  EXEC sp_OACreate 'Scripting.FileSystemObject',@fso OUT
  EXEC sp_OAMethod @fso,'GetDrive', @odrive OUT, @drive 
  EXEC sp_OAGetProperty @odrive,'TotalSize', @TotalSize OUT
  EXEC sp_OAGetProperty @odrive,'freespace', @freespace OUT
  EXEC sp_OAGetProperty @odrive,'AvailableSpace', @AvailableSpace OUT
  EXEC sp_OAGetProperty @fso,'Drives', @DriveCollection OUT
  EXEC sp_OAGetProperty @DriveCollection,'Count', @DriveCount OUT
  EXEC sp_OAGetProperty @odrive,'VolumeName', @volumeName OUT
  EXEC sp_OAGetProperty @odrive,'isReady', @IsReady OUT

  SELECT
  @DriveCount driveCount
  ,@Drive DriveLetter,
  (@AvailableSpace/1048576)/1024 FreeSpace,
  @volumeName Volumne,
  @IsReady DriveStatus,
  (@TotalSize/1048576)/1024.00 TotalSize,
  (@freespace/1048576)/1024.00 FreeSpace


Data Flow Diagram

This process requires you to enable OLE automation procedures and xp_cmdshell SQL Windows Shell components on all the servers. The servers are traversed one by one via batch scripting, along with SQL cmd, and the result is stored in a shared file. This file has a collection of insert SQL statements. Later, the insert statements are executed on the centralized server. The repository can be queried, used for forecasting, capacity planning, and reporting.

OLE: Capturing Disk Space of Multiple Servers

The section describes the requirement and briefs about every configuration required for successful execution of the code. The major issue is enabling OLE automation procedures and xp_cmdshell on all the servers. There is a risk of exposing SQL server to threats. The workaround is adding the configure and de-configure SQL statements in the SQL file. Enable the configuration value in the beginning of the code and disable it at the end.

Prerequisites

We can check the disk space by executing a T-SQL script using xp_cmdshell from SSMS. In order to do this, you need to make sure that xp_cmdshell is enabled on the SQL instance. You can execute the below script to check and enable xp_cmdshell . To enable xp_cmdshell you must have at least the ALTER SETTINGS server-level permission.

  1. Enable xp_cmdshell on Centralized Server.
  2. Enable OLE automation on all the listed servers.
  3. Shared path for SQL files.
  4. Sharex path for output filse to prepare insert statements.
  5. Requires membership in the sysadmin fixed server role.

Step By Step Details

Below are the steps to store the data in a central repository.

  1. Enable xp_cmdshell.
  2. List all Servers in c:\Server.txt.
  3. Enable OLE automation.
  4. Table Creation [TLOG_SpaceUsageDetails].
  5. Save T-SQL script in SpaceCheck.sql.
  6. Execute dynamic SQL cmd from SSMS.
  7. Select the output by querying TLOG_SpaceUsageDetails.

Enable xp_cmdshell 

The xp_cmdshell option is a SQL Server server configuration option that enables system administrators to control whether the xp_cmdshell extended stored procedure can be executed on a system:

sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
sp_configure 'xp_cmdShell', 1;
GO
RECONFIGURE;
GO


Enable OLE Automation

Use the OLE Automation Procedures option to specify whether OLE Automation objects can be instantiated within Transact-SQL batches

sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
sp_configure 'Ole Automation Procedures', 1;
GO
RECONFIGURE;
GO


List Servers in a Text File

List all the servers in a text file (c:\server.txt) and enable OLE automation across all servers. The other way to get around this problem is to include the sp_configure commands in the SQL file and take it out after it's been executed across all the servers:

ABC
DEF
EFG


Create SQL Table

Create TLOG_SpaceUsageDetails on the centralized server:

CREATE TABLE [dbo].[TLOG_SpaceUsageDetails](
    [ID] [int] IDENTITY(1,1) NOT NULL,
    [ServerName] [VARCHAR](100) NULL,
    [LogDate] [VARCHAR](10) DEFAULT (CONVERT([varchar](10),getdate(),(112))),
    [Drive] [CHAR](3) NULL,
    [FreeSpaceGB] [INT] NULL,
    [TotalSizeGB] [INT] NULL,
    [percentageOfFreeSpace] DECIMAL(5,2) NULL
) ON [PRIMARY]


Create SQL File

Save the below content to a SQL file and place it on the shared path so that SQL cmd can read the file while traversing across the listed servers. For our example, the content is saved under Spacecheck.sql on \\abcd\hq\. The full path of the file is going to be \\abcd\hq\spacecheck.sql

DECLARE @hr INT , 
    @fso INT, 
    @drive CHAR(1), 
    @odrive INT, 
    @TotalSize VARCHAR(20), 
    @MB NUMERIC , 
    @FreeSpace INT, 
    @free INT, 
    @RowId_1 INT, 
    @LoopStatus_1 SMALLINT, 
    @TotalSpace VARCHAR(10), 
    @Percentage VARCHAR(3),
    @drive1 varchar(2),
    @TotalSizeMB varchar(10),
    @FreeSpaceMB varchar(10),
    @percentageOfFreeSpace varchar(10),
    @RowId_2 INT, 
    @LoopStatus_2 SMALLINT,
    @DML nvarchar(4000) 

SET NOCOUNT ON
------------------------------------------------------
--Table to Store Drive related information 
------------------------------------------------------
CREATE TABLE #drives 
 ( 
     id INT IDENTITY(1,1) PRIMARY KEY, 
     drive CHAR(1), 
     FreeSpaceMB INT , 
     TotalSizeMB INT NULL, 
     percentageOfFreeSpace INT
 ) 


------------------------------------------------------
--Inserting the output of xp_fixeddrives to #SpaceSize Table 
------------------------------------------------------
INSERT #drives(drive,FreeSpaceMB) EXEC master.dbo.xp_fixeddrives 

------------------------------------------------------
--Using the sp_OACreate, sp_OAMethod and sp_OAGetProperty system stored procedures to create Ole Automation (ActiveX) applications that can do everything an ASP script can do*/ 
--Creates an instance of the OLE object 
------------------------------------------------------
EXEC @hr=sp_OACreate 'Scripting.FileSystemObject',@fso OUT

 SET @MB = 1048576 
 SET @RowId_1 = 1 
 SET @LoopStatus_1 = 1 

------------------------------------------------------
--To Get Drive total space 
------------------------------------------------------

WHILE (@LoopStatus_1 <> 0) BEGIN

SELECT
 @drive=drive, 
 @FreeSpace=FreeSpaceMB 
 FROM
 #drives 
 WHERE
 ( ID = @RowId_1 ) 

 IF ( @@ROWCOUNT = 0 ) 
 BEGIN
    SET @LoopStatus_1 = 0 
 END
 ELSE
BEGIN
     EXEC @hr = sp_OAMethod @fso,'GetDrive', @odrive OUT, @drive 
     EXEC @hr =sp_OAGetProperty @odrive,'TotalSize', @TotalSize OUT
 UPDATE #drives SET TotalSizeMB=@TotalSize/@MB 
 WHERE
 drive=@drive 
 UPDATE #drives SET percentageOfFreeSpace=(@FreeSpace/(TotalSizeMB*1.0))*100.0 
 WHERE drive=@drive 
END
 SET @RowId_1 = @RowId_1 + 1 

END


SELECT  @RowId_2=1,@LoopStatus_2=1

------------------------------------------------------
--To prepare insert statement 
------------------------------------------------------
WHILE (@LoopStatus_2 <> 0) BEGIN

SET @DML=''
SELECT
 @drive1=drive, 
 @FreeSpace=FreeSpaceMB,
 @TotalSizeMB=TotalSizeMB,
 @FreeSpaceMB=FreeSpaceMB,
 @percentageOfFreeSpace=percentageOfFreeSpace
 FROM
 #drives 
 WHERE
 ( ID = @RowId_2 ) 

 IF ( @@ROWCOUNT = 0 ) 
 BEGIN
    SET @LoopStatus_2 = 0 
 END
 ELSE
BEGIN
     SET @DML=@DML+ 'insert into TLOG_SpaceUsageDetails(servername,drive,TotalSizeMB,FreeSpaceMB,percentageOfFreeSpace)values('+''''+@@servername+''''+','+''''+@drive1+''''+','+''''+@TotalSizeMB+''''+','+''''+@FreeSpaceMB+''''+','+''''+@percentageOfFreeSpace+''''+')'
END
PRINT @DML
 SET @RowId_2 = @RowId_2 + 1 

END

drop table #drives


Execute SQL

Make sure the SQL file and output path is a shared path. We are going to write a concatenated output to spaceDetails.sql.

The following three parameters are important to loop through all the listed servers.

  • Input server list.
  • Shared path where you can place the query file.
  • Shared output path — the prepared insert statements are written into the file.
MASTER..XP_CMDSHELL 'for /f %j in ( f:\servers.txt) do sqlcmd -S %j -i "\\share\hq\SpaceCheck.sql" -E >> "\\share\hq\SpaceDetails.sql"'
GO
MASTER..XP_CMDSHELL 'sqlcmd -S ABCD -i "\\share\hq\SpaceDetails.sql"'


Output

The output is selected by querying the TLOG table

select * from TLOG_SpaceUsageDetails

Method 2: Querying WMI Objects

We could also query the WMI Win32_volume class to gather volume names, free space, and total size (capacity) into a temporary table the using xp_cmdshell Windows Shell. Using xp_cmdshell, the PowerShell.exe is being invoked to gather the required details, which are stored in a temporary table for manipulation. You can pass the server name, but by default, it will take the current server name.

DECLARE @svrName VARCHAR(255)
DECLARE @sql varchar(400)
--by default it will take the current server name, we can the set the server name as well
SET @svrName = @@SERVERNAME
SET @sql = 'powershell.exe -c "Get-WmiObject -ComputerName ' + QUOTENAME(@svrName,'''') + ' -Class Win32_Volume -Filter ''DriveType = 3'' | select name,capacity,freespace | foreach{$_.name+''|''+$_.capacity/1048576+''%''+$_.freespace/1048576+''*''}"'
--creating a temporary table
CREATE TABLE #output (line varchar(255))
--inserting disk name, total space and free space value in to temporary table
INSERT #output EXEC xp_cmdshell @sql
--script to retrieve the values in GB from PS Script output
SELECT rtrim(ltrim(SUBSTRING(line,1,CHARINDEX('|',line) -1))) as drivename
      ,round(cast(rtrim(ltrim(SUBSTRING(line,CHARINDEX('|',line)+1,(CHARINDEX('%',line) -1)-CHARINDEX('|',line)) ))as Float)/1024,0) as 'capacity(GB)'
      ,round(cast(rtrim(ltrim(SUBSTRING(line,CHARINDEX('%',line)+1,(CHARINDEX('*',line) -1)-CHARINDEX('%',line)) ))as Float) /1024 ,0)as 'freespace(GB)'
      ,cast(round(cast(rtrim(ltrim(SUBSTRING(line,CHARINDEX('|',line)+1,(CHARINDEX('%',line) -1)-CHARINDEX('|',line)) )) as Float)/1024,0) /
      round(cast(rtrim(ltrim(SUBSTRING(line,CHARINDEX('%',line)+1,(CHARINDEX('*',line) -1)-CHARINDEX('%',line)) )) asFloat) /1024 ,0) as decimal(5,2)) as '%Free'
FROM #output
WHERE line like '[A-Z][:]%'
ORDER by drivename
--script to drop the temporary table
DROP TABLE #output


The output of the temp table is then parsed to get the required values using string functions. Using the charindex string function, the index is found for the characters |,* and %. Based on the index, the respective portion of the string is fetched from the main string.

The advantage of this method is that xp_cmdshell is enabled only on the centralized machine. You don’t have to enable it across all the servers. Plus, non-SQL database servers' metrics can be gathered, as we are querying WMI class.

Prerequisites

We can check the disk space by executing a T-SQL script using xp_cmdshell from SSMS. In order to do this, you need to make sure that xp_cmdshell is enabled on the SQL instance. You can execute the below script to check and enable XP_Cmdshell. To enable XP_Cmdshell you must have at least the ALTER SETTINGS server-level permission.

  1. Enable xp_cmdshell on the centralized server.

Data Flow Diagram

This process requires you to enable xp_cmdshell Windows Shell components only on the centralized servers. The servers are traversed one by one via batch scripting along with SQL cmd, and the result is stored in a file. This file has a collection of insert SQL statements. Later, the insert statements are executed on the centralized server. The repository can be queried, used for forecasting and capacity planning, and reporting.

WMI: Capturing Disk Space of Multiple Servers

The section describes the requirements and briefs about every configuration required for successful execution of the code.

Step by Step Details

  1. Enable XP_CMDShell.
  2. List all Servers in c:\Server.txt.
  3. Table Creation [TLOG_SpaceUsageDetails].
  4. Save the T-SQL script in SpaceCheck.sql.
  5. Execute dynamic SQL cmd from SSMS.
  6. Select the output by querying TLOG_SpaceUsageDetails

Enable xp_cmdshell 

The xp_cmdshell option is a SQL Server server configuration option that enables system administrators to control whether the xp_cmdshell extended stored procedure can be executed on a system:

sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
sp_configure 'xp_cmdShell', 1;
GO
RECONFIGURE;
GO


List Servers in a Text File

List all the servers in a text file c:\server.txt and enable the OLE automation across all the servers. The other way to get around this problem is to include the sp_configure commands in the SQL file and take it out after it's been executed across all the servers.

ABC
DEF
EFG


Create SQL Table

Create TLOG_SpaceUsageDetails on the centralized server:

CREATE TABLE [dbo].[TLOG_SpaceUsageDetails](
    [ID] [int] IDENTITY(1,1) NOT NULL,
    [ServerName] [VARCHAR](100) NULL,
    [LogDate] [VARCHAR](10) DEFAULT (CONVERT([varchar](10),getdate(),(112))),
    [Drive] [CHAR](3) NULL,
    [FreeSpaceGB] [INT] NULL,
    [TotalSizeGB] [INT] NULL,
    [percentageOfFreeSpace] DECIMAL(5,2) NULL
) ON [PRIMARY]

GO


Create SQL File

Save the below content to a SQL file. For example, the content is saved under Spacecheck_v1.sql

The SQL file has two input parameters that are fed through SQL cmd.

  • ServerName: The server name is used to query the respective server using the WMI win32_volume computername parameter. Also, ServerName is used to prepare insert statements. The output of the insert statements is written to a SQL file.
  • DBName: DBName used in conjunction with preparing a fully qualified name for the insert statements.
------------------------------------------------------
--variable declaration
------------------------------------------------------
DECLARE           @svrName varchar(255),
        @sql varchar(400),
        @drive varchar(3),
        @TotalSizeGB varchar(10),
        @FreeSpaceGB varchar(10),
        @percentageOfFreeSpace varchar(10),
        @RowId_1 INT, 
        @LoopStatus_1 SMALLINT,
        @DML nvarchar(4000) 
------------------------------------------------------
--To stop the message that shows the count of number of rows affected.
------------------------------------------------------
SET NOCOUNT ON
------------------------------------------------------
--The servername parameter are fed through sqlcmd
------------------------------------------------------
SET @svrName = '$(servername)'
------------------------------------------------------
–Querying WMI class win32_volume and store the result into temporary table
——————————————————
SET @sql = 'powershell.exe -c "Get-WmiObject -ComputerName ' + QUOTENAME(@svrName,'''') + ' -Class Win32_Volume -Filter ''DriveType = 3'' | select name,capacity,freespace | foreach{$_.name+''|''+$_.capacity/1048576+''%''+$_.freespace/1048576+''*''}"'
------------------------------------------------------
--creating a temporary table
------------------------------------------------------
CREATE TABLE #output
(line varchar(255))
------------------------------------------------------
--inserting disk name, total space and free space value in to temporary table
------------------------------------------------------
INSERT #output
EXEC xp_cmdshell @sql
------------------------------------------------------
--Table to Store Drive related information 
------------------------------------------------------
CREATE TABLE #drives 
 ( 
     ID INT IDENTITY(1,1), 
     drive CHAR(5), 
     FreeSpaceGB INT , 
     TotalSizeGB INT NULL, 
     percentageOfFreeSpace decimal(5,2) 
 ) 
------------------------------------------------------
--To Get Drive capacity and percentage of free space 
------------------------------------------------------
select * from #output
INSERT INTO #drives(drive,TotalSizeGB,FreeSpaceGB,percentageOfFreeSpace)
------------------------------------------------------
--script to retrieve the values in GB from PS Script output
--Find the string for |,% and * using string function - CHARINDEX
------------------------------------------------------
SELECT rtrim(ltrim(SUBSTRING(line,1,CHARINDEX('|',line) -1))) as drivename
      ,round(cast(rtrim(ltrim(SUBSTRING(line,CHARINDEX('|',line)+1,(CHARINDEX('%',line) -1)-CHARINDEX('|',line)) )) asFloat)/1024,0) as 'capacity(GB)'
      ,round(cast(rtrim(ltrim(SUBSTRING(line,CHARINDEX('%',line)+1,(CHARINDEX('*',line) -1)-CHARINDEX('%',line)) )) asFloat) /1024 ,0)as 'freespace(GB)'
      ,cast(round(cast(rtrim(ltrim(SUBSTRING(line,CHARINDEX('%',line)+1,(CHARINDEX('*',line) -1)-CHARINDEX('%',line)) )) as Float) /1024 ,0)/round(cast(rtrim(ltrim(SUBSTRING(line,CHARINDEX('|',line)+1,(CHARINDEX('%',line) -1)-CHARINDEX('|',line)) )) as Float)/1024,0)*100 as decimal(5,2)) '%Free'
FROM #output
WHERE line like '[A-Z][:]%'
ORDER BY drivename
------------------------------------------------------
---select the output
------------------------------------------------------
--select * from #drives 
------------------------------------------------------
-- Initialize the counters 
------------------------------------------------------

SELECT  @RowId_1=1,@LoopStatus_1=1
------------------------------------------------------
--To prepare insert statement, Have used a logic to concatenate the string into a @DML variable
------------------------------------------------------
WHILE (@LoopStatus_1 <> 0) BEGIN

SET @DML=''
SELECT
 @drive=drive, 
 @TotalSizeGB=TotalSizeGB,
 @FreeSpaceGB=FreeSpaceGB,
 @percentageOfFreeSpace=percentageOfFreeSpace
 FROM
 #drives 
 WHERE
 ( ID = @RowId_1 ) 

 IF ( @@ROWCOUNT = 0 ) 
 BEGIN
    SET @LoopStatus_1 = 0 
 END
 ELSE
BEGIN
     SET @DML=@DML+ 'INSERT INTO$(dbname).dbo.TLOG_SpaceUsageDetails(servername,drive,TotalSizeGB,FreeSpaceGB,percentageOfFreeSpace)values('+''''+@svrName+''''+','+''''+@drive+''''+','+''''+@TotalSizeGB+''''+','+''''+@FreeSpaceGB+''''+','+''''+@percentageOfFreeSpace+''''+')'
END
PRINT @DML
 SET @RowId_1 = @RowId_1 + 1 

END


------------------------------------------------------
--script to drop the temporary table
------------------------------------------------------
DROP TABLE #output
DROP TABLE #drives


The below SQL generates insert statement and written to file. The @DML concatenates the values into string.  The looping construct use pointer to traverse through record one by one.

SET @DML=@DML+ 'INSERT INTO 
$(dbname).dbo.TLOG_SpaceUsageDetails(servername,drive,TotalSizeGB,FreeSpaceGB,percentageOfFreeSpace)values('+''''+@svr


Execute SQL

The below SQL requires

  1. Inputfile: contains the list of the servers.
  2.  SQL file: contains the SQL code to be executed across listed servers. This doesn't need to be in a shared path.
  3. Output file: The output of the SQL file written into this file.
  4. ServerName: parameter for SQL cmd, which is an input to WMI query
  5. DBName: have used a static value. This depends on where you intend to create the SQL table. This parameter used to prepare SQL insert statements.
MASTER..XP_CMDSHELL 'for /f %j in ( f:\PowerSQL\servers.txt) do sqlcmd -i "\\share\hq\SQL Server\SpaceCheck_v1.sql" -E -v servername=%j dbname="tempdb">> "\\share\hq\SQL Server\SpaceDetails_v1.sql"'
GO
MASTER..XP_CMDSHELL 'sqlcmd -S <CentralServerName>-i "\\share\hq\SQL Server\SpaceDetails_v1.sql"'
GO
SELECT * FROM TLOG_SpaceusedDetails


HTML Reporting

This requires database mail profile to be configured on the central server.

DECLARE @tableHTML  NVARCHAR(MAX) ;

 SET @tableHTML =
  N'<H1>DiskSpace Report</H1>' +
  N'<table border="1">' +
  N'<tr><th>Server Name</th>
  <th>Drive</th>
  <th>TotalSizeGB</th>
  <th>FreeSpaceGB</th>
  <th>[% Free ]</th>
  <th>LogDate</th>
  </tr>' +
  CAST ( (   
  Select
  td=ServerName,' ',
  td=Drive,' ',
  td =TotalSizeGB,' ',
  td=FreeSpaceGB,' ',
  td=percentageOfFreeSpace,' ',
  td=LogDate,' '
FROM  [TLOG_SpaceUsageDetails]
where LogDate=CONVERT(varchar(10),getdate()-2,112)
      FOR XML PATH('tr'), TYPE 
  ) AS NVARCHAR(MAX) ) +
  N'</table>' ;

 EXEC msdb.dbo.sp_send_dbmail @recipients='pjayaram@appvion.com',
  @subject = 'Database Backup',
  @body = @tableHTML,
  @profile_name= '<ProfileName>',
  @body_format = 'HTML' ;


Highlights

  • The workings of sp_OA* OLE automation and xp_* extended stored procedures.
  • The use of xp_cmdshell – Windows SQL shell to execute the WMI query and invoke the extended stored procedure.
  • Invoke PowerShell.exe using Windows shell in SQL.
  • Batch programming with SQL cmd in SQL – the use of a for loop construct to traverse each server.
  • Dynamic SQL to prepare the insert SQL file.
  • Parameter passing for SQL cmd  – server and central database repository for data storage and manipulation.
  • Database mail configuration and HTML reporting.

Conclusion


Method1 v/s Method 2
 1 OLE automation procedure and xp_cmdshell components
should be enabled on all the servers
 Enable xp_cmdshell configuration only on central server
 2 Non-SQL servers can’t be monitored  Non-SQL servers can be monitored
 3 Risk prone  Less risk prone
 4 Common share is required  Share is not mandatory, sql is executed on central server


The OLE automation stored procedures provide access to the Component Object Model (COM), which grants Visual Basic or ASP scripting functionality to T-SQL scripts. It could be used to manipulate documents, utilize other COM-compatible code, or send e-mails etc:

Warning: By default, access to the OLE Automation stored procedures is disabled. If enabled, it allows any SQL script to invoke any OLE Automation object on the computer (such as the Windows Shell). It is a significant security risk and should not be done lightly. For example, you need to be extra careful to protect against SQL injection attacks. It is basically the same as allowing xp_cmdshell.

The xp_cmdshell option is a server configuration option that enables system administrators to control whether the xp_cmdshell extended stored procedure can be executed on a system. Nowadays, there is not much need for this particular command. I prefer doing these kinds of admin tasks using PoSH. The PoSH provides flexibility in many ways to handle such operations. However, there was a time when PoSH did not exist and we had to do a lot of tasks with the help of the command shell.

Note: The intention behind this article is not to expose the server to a security risk. It's up to you to know the implications of using and enabling OLE automation.

Interested in reducing database costs by moving from Oracle Enterprise to open source subscription?  Read the total cost of ownership (TCO) analysis. Brought to you in partnership with MariaDB.

Topics:
sql server ,automation ,database ,ole

Published at DZone with permission of Prashanth Jayaram, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}