Xp_cmdshell is an extended stored procedure which takes a dos command as a string and returns output in table format. It is disabled by default and can be enabled as shown below.

1_enable xp_cmdshell sql server

An example of using xp_cmdshell is shown below

2_enable xp_cmdshell sql server

There are speculations that xp_cmdshell shouldn’t be enabled as it’s a security risk, however it’s not a security risk if DBA knows what he/she is doing. It can be used as and when required.


Ahmad Osama

Like us on FaceBook Join the fastest growing SQL Server group on FaceBook

Follow me on TwitterFollow me on FaceBook