Ok... this is all going the wrong way. NEVER NEVER NEVER grant privs to any user or application login to execute xp_CmdShell directly! NEVER! If they need to do something that requires the use of xp_CmdShell, then only allow them to use a very well controlled, very well written stored procedure and don't forget that there IS such a thing as DOS INJECTION!
--Jeff Moden
Change is inevitable... Change for the better is not.