Sigerson (5/23/2013)
Needs no tweaking of permissions or access, other than turning xp_cmdshell ON and OFF.
I'm just curious... why do you turn xp_CmdShell OFF? Since anyone (including an attacker) with "SA" privs can turn it on, there's no non-trivial benefit to turning it off. Since only "SA"s can use it to begin with (unless you've made the horrible mistake of granting someone a proxy), there's also no non-trivial benefit to turning it off.
--Jeff Moden
Change is inevitable... Change for the better is not.