• xp_cmdshell should be disabled from the security risk aspect. When you have xp_cmdshell enabled you're allowing processes outside sql server to do changes to databases.

    I usually do that for fast actions.

    What I practice to do is when I need xp_cmdshell I enable the option, use it, and then disable. Your user must have the sysadmin privileges in order to do changes to sys.sp_configure, though.

    If you need it to have enabled for a longer period, then you'd better use CLR or another alternative.

    Igor Micev,My blog: www.igormicev.com