xp_cmdshell

Enabling xp_cmdshell can be a security risk for SQL Server. The Windows process spawned by xp_cmdshell has the same security rights as the SQL Server service account. It is a very powerful feature and disabled by default.

Suggested Action

Disable xp_cmdshell.

How to Disable xp_cmdshell

EXEC sys.sp_configure @configname = N'show advanced options',
                      @configvalue = N'1';
RECONFIGURE;
GO
EXEC sp_configure 'xp_cmdshell', 0;
RECONFIGURE WITH OVERRIDE;
GO
EXEC sys.sp_configure @configname = N'show advanced options',
                      @configvalue = N'0';
RECONFIGURE;
GO

Installation

Profile Management

Estate

Advisor

Results Explained

Monitor

Compare

Script

xp_cmdshell

Suggested Action

How to Disable xp_cmdshell

Further Reading