Step-by-Step Ansible Tutorial for Windows Server 2022: Optimizing WinRM

preview_player
Показать описание
Join us at @LondonIAC in this hands-on (semi-realtime) tutorial where we dive straight into using Ansible with Windows Server 2022 over WinRM.

Please like and let me know it worked for you (or what issues you faced) in the comments!

We start by creating a Windows Server 2022 on AWS. Then, we configure WinRM on the server using a set of efficient commands. Next, we establish an Ansible-to-Windows connection via WinRM.

We verify the setup's success with the win_ping module to confirm connectivity and authentication. Finally, we execute a simple Ansible playbook to create a directory and file that includes an Ansible fact.

This tutorial is a straightforward guide to setting up and running Ansible for Windows Server 2022 via WinRM. Whether you're an experienced IT expert or a beginner, this tutorial provides a clear roadmap to get you started.

------------------------------------------------------------------------
PowerShell commands (AWS specific but you can adjust to your own requirements):

# Enable PowerShell remoting
Enable-PSRemoting -Force

# Set WinRM service startup type to automatic
Set-Service WinRM -StartupType 'Automatic'

# Configure WinRM Service
Set-Item -Path WSMan:\localhost\Service\Auth\Certificate -Value $true
Set-Item -Path 'WSMan:\localhost\Service\AllowUnencrypted' -Value $true
Set-Item -Path 'WSMan:\localhost\Service\Auth\Basic' -Value $true
Set-Item -Path 'WSMan:\localhost\Service\Auth\CredSSP' -Value $true

# Create a self-signed certificate and set up an HTTPS listener

# Create a firewall rule to allow WinRM HTTPS inbound
New-NetFirewallRule -DisplayName "Allow WinRM HTTPS" -Direction Inbound -LocalPort 5986 -Protocol TCP -Action Allow

# Configure TrustedHosts
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force

# Set LocalAccountTokenFilterPolicy
New-ItemProperty -Name LocalAccountTokenFilterPolicy -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -PropertyType DWord -Value 1 -Force

# Set Execution Policy to Unrestricted
Set-ExecutionPolicy Unrestricted -Force

# Restart the WinRM service
Restart-Service WinRM

# List the WinRM listeners
winrm enumerate winrm/config/Listener
------------------------------------------------------------------------

#ansible #windows #winrm
  1. LondonIAC / Dennis McCarthy / Automation Engineer
  2. ansible
  3. devops
  4. winrm
  5. ansible tutorial
  6. ansible playbook
Рекомендации по теме
Step-by-Step Ansible Tutorial 0:09:14

Step-by-Step Ansible Tutorial for Windows Server 2022: Optimizing WinRM

Ansible for Windows 0:13:12

Ansible for Windows - Easy Setup!

Ansible Full Course 0:40:42

Ansible Full Course | Ansible Tutorial For Beginners | Learn Ansible Step By Step | Simplilearn

Ansible in 100 0:02:34

Ansible in 100 Seconds

you need to 0:21:21

you need to learn Ansible RIGHT NOW!! (Linux Automation)

Learn How to 0:13:45

Learn How to Use Ansible to Manage Windows Servers (winrm) - Step by Step Guide

Configure a Windows 0:18:13

Configure a Windows Host for Ansible - ansible WinRM

02. Ansible Playbook 0:18:29

02. Ansible Playbook Execution on Unix and Windows: Step-by-Step Guide

Ansible Tutorial For 0:50:51

Ansible Tutorial For Beginners with practice lab with step by step guide | Beginner Academy

Ansible Tutorial for 0:27:12

Ansible Tutorial for Beginners 2022 | Configuration Management Tool | Ansible Installation

Ansible Tutorial for 0:58:03

Ansible Tutorial for Beginners in 1 hour | Learn Ansible Step By Step

How to configure 0:13:46

How to configure Windows client setup for Ansible

Ansible Tutorial, Ansible 2:33:37

Ansible Tutorial, Ansible Crash Course, Learn Ansible

Learn Ansible automation 0:00:57

Learn Ansible automation in 200+ examples & practical lessons

How to install 0:10:22

How to install an application on Windows by using Ansible playbook

How to configure 0:03:37

How to configure Ansible to run correctly on Windows (with Cygwin)

Automate EVERYTHING with 0:18:31

Automate EVERYTHING with Ansible! (Ansible for Beginners)

Ansible Tutorial for 0:15:01

Ansible Tutorial for Beginners | Learn Ansible Step By Step | K21Academy

Ansible Tutorial for 0:49:06

Ansible Tutorial for Beginners | Learn Ansible Step by Step | Learn Ansible from Scratch

Ansible Windows Automation 0:12:45

Ansible Windows Automation

Creating a New 0:03:36

Creating a New Ansible Collection: A Step-by-Step Guide

Ansible on Windows 0:07:07

Ansible on Windows 10 WSL

Ansible Windows 10 0:06:45

Ansible Windows 10 - Tutorial to install prerequisites

MANAGE WINDOWS SERVER 0:30:17

MANAGE WINDOWS SERVER WITH ANSIBLE

Комментарии
Автор

excelente tutorial! life saver for sure. i just want to share a quick observation: if anyone got errors like: "FAILED! => {"msg": "winrm or requests is not installed: No module named 'winrm'"}" verify if you installed the python module called pywinrm for user ansible:

pip install --user ansible pywinrm

wanderer.
Автор

A huge helpful video for create the HTTPS listener!
The only point to review maybe in the future is the authentication using other method distinct of Basic authentication (maybe kerberos or CredSSP).

Thank you for sharing!

batressc
Автор

Great walk-through. Very clear and concise. Thank you very much.

danielmann
Автор

last 3 days i was stuck in ansible windows installation. this video rescued me. please make series on ansible windows

pankajsuryavanshi
Автор

this isn't tied to ansible in anyway right?
after that I should PSSession into the windows server with powershell correct?
I made a powershell script to restart a server but I guess I missed the Certification part, I could make it work without it.

Shadowmansas
Автор

Is Ansible for Windows really viable for real world use in your opinion? Last time I looked, the official documentation seemed outdated/neglected, Windows modules development was frozen, and trying to do more serious tasks (installing Windows features, various software, etc) often failed. There also wasn’t good guidance for securing thing with SSH access, Kerberos authentication, domain signed certificates, what’s the relationship between Ansible and DSC, or whatever supersedes DSC, etc. What kind of production uses is Ansible good for that you’ve found? Thanks for your thoughts.

jeverett
Автор

hi sir dont we need service account for authentication windows and ansible?

HarishNelapati
Автор

can we use public ip address of win vm instead of private dns name in inventory file?

yhxsgqf
Автор

Thanks for your super useful tutorial, I really appreciate your video. I can't express how much I appreciate your channel.
I just have a question about when we configure Firewall. In production, is it the best practice to do so? It doesn't seem the most secure like you said. If I want to do it the right way, what should I do?

paweenpongsomboon
Автор

I did the setup exactly the same for several servers, seems the "ping" only works on domain controllers not on domain servers, after some searching i found in the eventviewer that the logon attempt happens with the domain set to that of the local machine and not the actual domain which is why it only works on domain controllers apparently. How can i force ansible to authenticate with domain\ansible_usr instead of localserver\ansible_usr?

ARadicalCut
Автор

Waht if whe use a Domain Admin?
I've been trying to set the user connection with Domain admin user, sadly I cannot

carlosrodrigo
Автор

Is there a way to configure wiinrm with ansible raw mode? So that we don't have to rdp to Windows server for running those ConfigureRemoting commands in powershell.

SandhyaJha
Автор

Hi, thanks for the video.
i'm working with monitoring and need a tool to send/receive files and scripts over internet, because the hosts are spread across the country, is that possible with ansible ?

brunomartins
Автор

The ps1 from ansible documentation is now gone and I have been searching for some solution to get this to work. You instructions seems promising but your self signed cert code soesn't work for the IP is specific to your setup. I tried changing it to localhost but with no luck. Can you help with that for I'm really bad with dealing with certs.

coreysmall
Автор

I want to perform oracle db installs and update them when needed. Would any command on the script ran on powershell create any issues or conflicts with the database?
Also it would really be great if you can start a series for Ansible on production servers, using Active directory authentication for performing windows updates etc etc.
And yes, this video really helped me clear my doubts. Thanks a lot :)

someshsinghisfeelingalive
Автор

sorry but this is for AWS windows server, which isnt really what the tittle says...

BigFourHead
Автор

sadly everyone uses script which is created for lab, not body is showing manul configuration for windows WINRM on windows server

abcdxyz
Автор

I ran the ps1 script from ansible, and followed your instructions, but I'm getting this error "msg": "ssl: auth method ssl requires a password"

qphogyq