| title | xp_cmdshell (server configuration option) | |
|---|---|---|
| description | Learn about the xp_cmdshell option. See how it controls whether SQL Server can run the xp_cmdshell extended stored procedure. Find out how to turn it on. | |
| author | rwestMSFT | |
| ms.author | randolphwest | |
| ms.date | 05/26/2023 | |
| ms.service | sql | |
| ms.subservice | configuration | |
| ms.topic | conceptual | |
| helpviewer_keywords |
|
[!INCLUDE SQL Server]
This article describes how to enable the xp_cmdshell SQL Server configuration option. This option allows system administrators to control whether the xp_cmdshell extended stored procedure can be executed on a system. By default, the xp_cmdshell option is disabled on new installations.
Before enabling this option, it's important to consider the potential security implications.
- Newly developed code shouldn't use the
xp_cmdshellstored procedure, and generally it should be left disabled. - Some legacy applications require
xp_cmdshellto be enabled. If they can't be modified to avoid the use of this stored procedure, you can enable it as described below.
Note
If xp_cmdshell must be used, as a security best practice it is recommended to only enable it for the duration of the actual task that requires it. Using xp_cmdshell can trigger security audit tools.
If you need to enable xp_cmdshell, you can use Policy-Based Management or run the sp_configure system stored procedure as shown in the following code example:
-- To allow advanced options to be changed.
EXECUTE sp_configure 'show advanced options', 1;
GO
-- To update the currently configured value for advanced options.
RECONFIGURE;
GO
-- To enable the feature.
EXECUTE sp_configure 'xp_cmdshell', 1;
GO
-- To update the currently configured value for this feature.
RECONFIGURE;
GO
-- To set "show advanced options" back to false
EXECUTE sp_configure 'show advanced options', 0;
GO
-- To update the currently configured value for advanced options.
RECONFIGURE;
GO