Using Xp_cmdshell to Query the Windows File System With VBscript and Transact-SQL

T-SQL has some amazing features. Besides being able to do all the standard SQL stuff with ease and poise, it can also do some heavy lifting by reaching out into the OS with some mighty Stored Procedures. A short while back I had the pleasure to acquaint myself with the xp_CmdShell stored procedure.

In a nutshell the xp_CmdShell provides an interface with the OS Command Shell and allows the user the same possibilities as opening and running commands from a shell window or a batch file. Imagine being able to query different parts of the file structure or a remote computer’s configuration and storing this information in a table for reporting purposes. Of course in order to perform these operations, you need administrative access. You also need to enable the stored procedure and for a production environments your security needs to be tightly controlled so not to allow access to any undesirables.

Configure xp_cmdshell on SQL Server

Using the xpCmdShell Stored Procedure requires enabling it on the SQL Server. You can accomplish this by sp_Configure Stored Procedure followed by the Reconfigure stateemnt to install the new configuration. The general syntax is: sp_Configure OptionName, ConfigValue Reconfigure

To enable the xpCmdShell Stored Procedure

Exec sp_configure ‘xp_cmdshell’, 1 Reconfigure

If you get the following message: “The configuration option ‘xp_cmdshell’ does not exist, or it may be an advanced option.” it is because the Advanced Options aren’t configured and you will to configure these first. To do so, issue the Advanced Options Command followed by the xp_cmdshell command as follows:

EXEC sp_configure ‘show advanced options’, 1; GO Reconfigure; GO

EXEC sp_configure ‘xp_cmdshell’,1 GO Reconfigure GO

Get File System output

Once SQL Server is reconfigured for zp_cmdshell you can ahead writting commands like you would do from any command shell. As an example suppose you would want to view a list of exe files that is on a computer or server on the network for reporting purposes. This could be accomplished with the following command:

xp_cmdshell ‘dir *.exe’


Volume in drive C has no label. Volume Serial Number is 9CBD-D644 NULL Directory of C:WINDOWSsystem32 NULL 01/24/2007 03:28 PM 124,928 accelerometerST.exe 04/14/2008 06:42 AM 184,320 accwiz.exe 04/14/2008 06:42 AM 4,096 actmovie.exe 04/14/2008 06:42 AM 98,304 ahui.exe 04/14/2008 06:42 AM 44,544 alg.exe 04/14/2008 06:42 AM 142,848 bootcfg.exe 08/04/2004 08:00 AM 15,872 expand.exe 04/14/2008 06:42 AM 24,064 extrac32.exe 08/04/2004 08:00 AM 882 fastopen.exe 04/14/2008 06:42 AM 20,992 faxpatch.exe 08/04/2004 08:00 AM 14,848 fc.exe 08/04/2004 08:00 AM 9,216 find.exe 04/14/2008 06:42 AM 27,136 findstr.exe 08/04/2004 08:00 AM 9,216 finger.exe 08/04/2004 08:00 AM 3,072 fixmapi.exe 04/14/2008 06:42 AM 23,040 fltmc.exe 04/14/2008 06:42 AM 20,992 fontview.exe 04/14/2008 06:42 AM 7,680 forcedos.exe 04/14/2008 06:42 AM 14,848 stimon.exe… 04/14/2008 06:42 AM 165,888 wuauclt1.exe 09/28/2006 06:56 PM 146,432 WudfHost.exe 08/04/2004 08:00 AM 32,256 wupdmgr.exe 04/14/2008 06:42 AM 30,720 xcopy.exe 372 File(s) 72,569,014 bytes 0 Dir(s) 22,951,780,352 bytes free

Store Command Shell Output in Temporary Table

If you wanted to store that information in a temp table, you could execute the following command:

create table #cmdTable(outputText varchar(3000)) table #cmdTable(outputText varchar(3000)) insert into #cmdTable exec xp_cmdshell ‘dir *.exe’

into #cmdTable exec xp_cmdshell ‘dir *.exe’

exec xp_cmdshell ‘dir *.exe’

select * from #cmdTable * from #cmdTable drop table #cmdTable table #cmdTable

Store Command Shell Output in Table Variable

Alternatively, you could store that information in a table variable by executing this command instead:

Declare @fileTable table(col1 varchar(4000)) @fileTable table(col1 varchar(4000)) insert into @fileTable exec xp_cmdshell ‘dir *.exe’

into @fileTable exec xp_cmdshell ‘dir *.exe’

exec xp_cmdshell ‘dir *.exe’

select * from @fileTable

Other Options

If you need to capture the return code, you would first declare a variable for the codfe and append the variable assignment in front of the command like this:

declare @ret int exec @ret = xp_cmdshell ‘dir *.exe’, NO_OUTPUT

@ret int exec @ret = xp_cmdshell ‘dir *.exe’, NO_OUTPUT

@ret = xp_cmdshell ‘dir *.exe’, NO_OUTPUT

print @ret

The print @ret would return 0 for success. A failure would have returned a 1. Notice also the No_Output option. This tells the cmd to not direct any output to the screen.


This is only a brief introduction into the endless possibilities at your fingertips and as I said at the beginning you can execute any command that is available from the Command “Cmd” shell and you can combine this output with other output from other commands and store this information neatly in a table.

Source by Kevin Languedoc

We’re happy to share this resource that we found. The content displayed on this page is property of it’s original author and/or their organization.

Leave a Reply

You must be logged in to post a comment.