Shawn Melton (7/29/2014)
Now, xp_cmdshell is not bad and don't let anyone tell you it is. I used to think it was since supporting military as a contractor they frowned upon using it. However, only sysadmin folks can execute it and you can additionally add into your procedure to verify if it is on, if not enable it, and then when done turn it back off (I do this on client machines where I find it not in use).
Well said. I wish that everyone understood that. BTW, turning it off does nothing for security except cause a hacker's attack software a 3ms burp to turn it on once they've broken in with "SA" privs. If they can't break in with "SA" privs, they can't use xp_CmdShell even if it's enabled.
And, I agree... PowerShell and xp_CmdShell sure do make life easy especially when it comes to the likes of WMI.
--Jeff Moden
Change is inevitable... Change for the better is not.