My reference to "More costly" is because, if you install it on a different box, you have the cost of the different box and licensing changes (IIRC). If you install it on the same box, then the "cost" is contention with the main database. Either way, you have a different "system" to maintain.

As to documentation, there's tons of documentation for xp_CmdShell in the same place that there is for PowerShell... on the internet.

ALL of our conversations have been both subjective and highly preferential. 😉 There's nothing wrong with that.

The most important thing that I want people to know is that, whether you use xp_CmdShell or not, just disabling it will not prevent any attacker from using it nor, in its absence, will it prevent an attacker from getting to the command prompt with elevated privs. Just because the 15 year old hack using OPENROWSET might not work anymore (and I still haven't tested that to be sure, but will), doesn't mean that a dedicated hacker (and they are VERY didicated) can't come up with another method if they can get into the server as "SA". THAT's what must be done... you MUST prevent unauthorized people from getting in as "SA". Anything less is nothing more than a futile effort.

And don't ever send me a foul 4 letter word PM like you recently did. You complained about Sergiy being rude. Try to follow your own advice.