Training
Learning path
Implement a secure environment for a database service - Training
Implement a secure environment for a database service
Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: 
SQL Server
This article describes how to enable the xp_cmdshell SQL Server configuration option. This option allows system administrators to control whether the xp_cmdshell extended stored procedure can be executed on a system. By default, the xp_cmdshell option is disabled on new installations.
Before enabling this option, it's important to consider the potential security implications.
- Newly developed code shouldn't use the
xp_cmdshellstored procedure, and generally it should be left disabled. - Some legacy applications require
xp_cmdshellto be enabled. If they can't be modified to avoid the use of this stored procedure, you can enable it as described below.
Note
If xp_cmdshell must be used, as a security best practice it's recommended to only enable it for the duration of the actual task that requires it. Using xp_cmdshell can trigger security audit tools.
If you need to enable xp_cmdshell, you can use Policy-Based Management or run the sp_configure system stored procedure as shown in the following code example:
USE master;
GO
EXECUTE sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
EXECUTE sp_configure 'xp_cmdshell', 1;
GO
RECONFIGURE;
GO
EXECUTE sp_configure 'show advanced options', 0;
GO
RECONFIGURE;
GO
Additional resources
Events
Sep 15, 6 AM - Sep 17, 3 PM
The best SQL community-led learning event. Sept 2025. Save €200 with code FABLEARN.
Get registered