Wow. I started a war.

Do all of you realize that you are saying the same things, but in different contexts?

Security is not something simple, and to do it correctly requires a lot of work and preparation. There are different steps required to secure SQL from internal attacks as opposed to external attacks.

Specifically to xp_cmdshell, I say disable it. The analogy is that locking a door keeps honest people honest. That being said, it's not the only thing that needs to be done to secure your system.

I also said in my original post that T-SQL and batch files are different beasts. By disabling xp_cmdshell, people (developrs!!!) are less inclined to come up with really great ideas.

No, this is not a complete solution. But it at least makes internal people stop and think.

And if DBA's are misled into thinking that disabling this completly secures their systems, then they need a lot more education.