xp_cmdshell (server configuration option)
Applies to: SQL Server
This article describes how to enable the
xp_cmdshell SQL Server configuration option. This option allows system administrators to control whether the xp_cmdshell extended stored procedure can be executed on a system. By default, the
xp_cmdshell option is disabled on new installations.
Before enabling this option, it's important to consider the potential security implications.
- Newly developed code shouldn't use the
xp_cmdshellstored procedure, and generally it should be left disabled.
- Some legacy applications require
xp_cmdshellto be enabled. If they can't be modified to avoid the use of this stored procedure, you can enable it as described below.
xp_cmdshell must be used, as a security best practice it is recommended to only enable it for the duration of the actual task that requires it. Using
xp_cmdshell can trigger security audit tools.
If you need to enable
xp_cmdshell, you can use Policy-Based Management or run the
sp_configure system stored procedure as shown in the following code example:
-- To allow advanced options to be changed. EXECUTE sp_configure 'show advanced options', 1; GO -- To update the currently configured value for advanced options. RECONFIGURE; GO -- To enable the feature. EXECUTE sp_configure 'xp_cmdshell', 1; GO -- To update the currently configured value for this feature. RECONFIGURE; GO -- To set "show advanced options" back to false EXECUTE sp_configure 'show advanced options', 0; GO -- To update the currently configured value for advanced options. RECONFIGURE; GO