xp_cmdshell being disabled is a matter of choice and frankly overkill. You can simply enable it, use it and disable it if security folks are that paranoid. I've worked at many many places and only seen it disabled in 1...

And I found this post via google when looking in to the issue of getting information for network shares via SQL. OK