Managing Windows machines with Ansible

An alternative way to configure Windows computers remotelly without an Active Directory

Published in

The Sysadmin

2 min readNov 29, 2016

Starting in version 1.7, Ansible contains support for managing Windows machines. This guide describes the steps you need to follow to set it up.

Ansible makes Windows automating easier (source)

Windows preparation

In order for Ansible to manage your windows machines, you will have to enable and configure PowerShell remoting. Fortunately, there is a quick way to do that.

In your Windows machine, open a command prompt as Administrator and run the following command:

@powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((new-object net.webclient).DownloadString('https://github.com/ansible/ansible/raw/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))"

Note: Kaspersky Endpoint Security 10 uses its own firewall. You might change the configuration manually to allow WinRM incoming connections (TCP/5986)

Ansible control machine

Reminder: you must have a Linux Control Machine. There is no way to do that from a Windows host.

Instructions

You need to create the following directories/files structure:

windows/
├── group_vars/
│   └── windows.yml
└── hosts

hosts file
Add your Windows hosts to the inventory:

# file: hosts
[windows]
192.168.1.10
192.168.1.11

Under the group_vars directory, add the following file named windows.yml, where my_user/my_pass are the credentials you will use to log in the Windows computers:

# file: group_vars/windows.yml

ansible_user: my_user
ansible_password: my_pass
ansible_port: 5986
ansible_connection: winrm
# The following is necessary for Python 2.7.9+ when using default WinRM self-signed certificates:
ansible_winrm_server_cert_validation: ignore

That’s all. Now you can test it using the win_ping module:

$ ansible windows -i hosts -m win_ping
192.168.1.10 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

More examples

Gather facts using setup module:

$ ansible windows -i hosts -m setup
...

Installing Firefox with Chocolatey:

$ ansible-playbook windows -i hosts playbook-install-firefox.yml# file: playbook-install-firefox.yml
---
- name: test chocolatey with ansible
  hosts: all
  tasks:
    - name: Install Firefox
      win_chocolatey:
        name: firefox
        state: present

And finally, a funny one! Speak messages and play sounds using win_say module:

ansible windows -i hosts -m win_say -a "msg='Hi! This is a demo' start_sound_path='C:\\windows\\media\\ding.wav' speech_speed=2"

Do you want more? Check available Windows modules