besides "sa" who can run xp_cmdshell

[nemo latin <nemo_old () yahoo com>]

In our shop we have several SQL 6.5 servers with the
probe account open (null password).  

I have listed and tried all the stored procedures that
it can run.  None of them are really a security
exposure.

However, I have also discovered that the DBA's have
assigned many user accounts with a null passwword. 
This leads to the question ..

Is there a way to determine which accounts (other than
SA) can run the xp_cmdshell  ?  I think that the
ability to run this stored procedure can be assigned
to userids other than SA.

Is there a way to find them ??  Other than logging on
with each userid (that has a NULL pswd - about 30 of
them - a bad practice) and trying the xp_cmdshell.

The other holes - such as SQL injection are all
plugged (we seem to have pretty good asp coders) no
other user defined sp's seems to be vulnerable.  The
databases tables/views are being tightened up so I am
focusing on the SQL/OS interface.

I believe that the ability to run the xp_cmdshell has
been given to other accounts - and I think that I may
have to try each account !!!  

Any short cuts to find out who can run this sp ?? 
:)

nemo_old 

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/