Jeff Moden (10/2/2012)
opc.three (10/1/2012)[hrThe fact remains that enabling xp_cmdshell introduces risk into an environment and there simply is no reason one needs to enable it to manage a database.
That fact remains that you still have an unreasonable fear of it.
Sorry, but that dog won't hunt. All steps taken to prevent the use of xp_cmdshell are well-rooted in reason. It continues to astonish me that you are such an ardent proponent of it. Not only does it introduce risk into an environment but it might be one of the single-worst design choices for application development on the SQL Server platform.
Unless you've made the mistake of enabling a non-SA-prived individual to use it, only SA's can use if.
You're assuming that we as database professionals will be able to foresee and dictate all actions taken by someone with rights to change Active Directory. In a vacuum xp_cmdshell is harmless. In the real world it's a security risk. In a "properly locked down system" xp_cmdshell is disabled.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato