xp_cmdshell – Naming, Shaming and Taming

I think most people dealing with SQL Server understand that xp_cmdshell can be a bit of a security hole if not used correctly. But… how do you know it is being used appropriately? Wouldn’t it be a nice feature to be able to see exactly who is using xp_cmdshell, when and why? You can with…