The best way is also the simplest way. Go ahead and create the proxy user that most people will tell you to create but DO NOT GIVE ANYONE PRIVS TO RUN XP_CMDSHELL DIRECTLY. Instead, give them permission to run a stored procedure that does only what it's supposed to do with XP_CmdShell, add WITH EXECUTE AS OWNER to the proc, and then give folks privs to execute the proc. Make sure that your proc doesn't take any input that will be used by XP_CmdShell or carefully sanitize it to ensure that there is no SQL Injection and no DOS Injection attempts. If there are, then do nothing and return nothing. You don't want to give a hacker any hints.

Please see (attached) the presentation I did just one time where I explain how to do all of this. Most of it is to help dispel some of the FUD around the tool. I do, however, explain how to properly set it up and use it safely near the end.