Ansible win_shell Module: Run PowerShell Commands on Windows (Guide) — Video Tutorial

Ansible modules - win_command vs win_shell How to automate the execution of PowerShell or cmd.exe code on windows target hosts using Ansible Playbook with win_command and win_shell modules. What is the difference between win_command vs win_shell Ansible modules? These two Ansible modules are confused one for another but they're fundamentally different. Both modules allow you to execute win_command on a target host but in a slightly different way. I'm Luca Berton and welcome to today's episode of Ansible Pilot. win_command vs win_shell - `win_command` - Executes a command on a remote Windows node - it bypasses the Windows shell - always set changed to True - `win_shell` - Execute shell commands on Windows target hosts - redirections and win_shell's inbuilt functionality - always set changed to True The `win_command` and `win_shell` Ansible modules execute win_commands on the Windows target node. Generally speaking, is always better to use a specialized Ansible module to execute a task. However, sometimes the only way is to execute a Windows PowerShell or cmd.exe via the `win_command` or `win_shell` module. Let me reinforce again, you should avoid as much as possible the usage of `win_command`/`win_shell` instead of a better module. Both modules execute PowerShell or cmd.exe commands on Windows target nodes but in a sensible different way. The `win_command` modules execute win_commands on the target machine without using the target win_shell, it simply executes the win_command. The target `win_shell` is for example sending any PowerShell or cmd.exe. t will not be processed through the shell, so variables like `$env:HOME` and operations like `"<"`, `">"`, `"|"`, and `";"` are not available. On the other side, every command executed using the `win_shell` module has all PowerShell or cmd.exe features so it could be expanded in runtime. From the security point of view`win_command` module is more robust and has a more predictable outcome because it bypasses the shell. Both modules returned **always** changed status because Ansible is not able to predict if the execution has or has not altered the target system. For non-Windows targets, use the `ansible.builtin.command` and `ansible.builtin.shell` modules instead. win_command - Executes a command on a remote Windows node The `win_command` module won't be impacted by local win_shell variables because it bypasses the win_shell. At the same time, it may not be able to run `win_shell` built-in features and redirections. win_shell - Execute shell commands on target hosts The `win_shell` Ansible module is potentially more dangerous than the win_command module and should only be used when you actually really need the PowerShell or cmd.exe functionalities. So if you're not stringing two commands together o variables like `$env:HOME` and operations like `"<"`, `">"`, `"|"`, and `";"` you don't really need the win_shell module. Similarly, expanding shell variables requires the `win_shell` module. If