Jeff Moden (12/13/2009)
Steve is correct. It's not what you're logged in as... it's what the server is logged in as. Do you know how to find which login SQL Server uses?
It seems (for current builds anyway) that is only true if the client logs in with 'sa' permissions - either as 'sa', or as a member of the sysadmin server role. 'Normal' users will have their own permissions checked, unless a proxy has been defined.
I must say though that using xp_fileexist is a bad choice. It is undocumented and its behaviour has changed at least once that I can remember. Other better choices include a CLR routine, xp_cmdshell, or sp_OA methods.