Skip to content

Ensure 'xp_cmdshell' Server Configuration Option is set to '0'


The xp_cmdshell option controls whether the xp_cmdshell extended stored procedure can be used by an authenticated SQL Server user to execute operating-system command shell commands and return results as rows within the SQL client.


The xp_cmdshell procedure is commonly used by attackers to read or write data to/from the underlying Operating System of a database server.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { checkServerSetting } = module
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'xp_cmdshell' is set to 0
function validate(databaseSettings) {
    const success = checkServerSetting(databaseSettings, 'xp_cmdshell', "0")

    return {