EdVassie (12/18/2007)
sp_configure 'xp_cmdshell' is only available in SQL 2005 and above.In SQL 2000, the best way to disable xp_cmdshell is to modify its permissions in master to prevent use by Public. This will still allow sysadmin users to run xp_cmdshell.
To stop sysadmin users running it, drop the extended proc xp_cmdshell. This will prevent anyone running it. It you do drop the proc, make sure you know how to re-instate it if needed.
Hey, Ed! I know this is an old post but do you know of any sure-fire way to prevent "SA" users from using xp_CmdShell if they decide they want to turn it on?
--Jeff Moden
Change is inevitable... Change for the better is not.