Heh... who on this good green Earth with even an ounce of concern for security would allow that to happen in an uncontrolled manner? Yes, I agree that there are many ways that, as an SA prived DBA, I could allow that to happen (emphasis on uncontrolled manner). That's part of my point. It either takes a person with SA privs to use it, never mind enable it. The exception to the enabling rule is that someone with Control Server privs could also enable it. Any DBA that gives a non-DBA those privs should be fired for reasons of bad security. The exception to direct usage is if some DBA is dumb enough to grant usage privs to a non-DBA user to execute xp_CmdShell directly. The DBA should be fired for that mistake, as well.

In a controlled manner, I see no problem with, for example, giving the user privs to do a DIR on a limited set of directories through a stored procedure that uses xp_CmdShell. I would never, however, give them privs to run xp_CmdShell directly.

And I understand about the backup thing. My question to you was do you know of any xp that can delete text or other files? I do. It's called xp_CmdShell 😉