Excerpt from http://www.databasejournal.com/features/mssql/article.php/3372131

"Now not just anyone can run this extended stored procedure. If you want to execute this extended stored procedure, you will either need to be a member of the sysadmin role, or have the xp_sqlagent_proxy_account set up on your SQL Server. If a login executing this extended stored procedure is a member of the sysadmin role then the submitted command will run under the security context associated with the SQL Server Service account in which it runs. If the login executing this procedure is not a member of the sysadmin role, then the command uses the xp_sqlagent_proxy_account login security context for determining whether operating system commands can and cannot be run. If there is no xp_sqlagent_proxy_account then using this procedure will fail for all users not in the sysadmin role. "

Assuming that we are in the case when xp_cmdshell is running under security context of the SQL server service account, you also has to make sure that this account INDEED have security rights on the file system where you are trying to copy a file.