I will show you several operations which an administrator can perform on a remote windows system using ansible-playbook.

Ansible is one of the most used DevOps tools in the market today. It provides a bunch of windows modules that are used to configure and manage the Windows server. I assume you already have Ansible installed on Windows from where you want to manage the Windows servers.

The following are some of the commonly used tasks performed by Windows administrators on a daily basis. You will be amazed to see how easy it is administered Windows using Ansible.

My Ansible Windows controller machine’s IP address is 192.168.0.106, and my remote Windows system’s IP address is 192.168.0.102. Before you get started, make sure you run a win_ping module to check whether you are able to connect to windows remote server or not.

[email protected] ~
$ ansible win -m win_ping
192.168.0.102 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

My connection to a remote host is successful.

So, let’s get started with Ansible Playbooks…

Copying Files

win_copy is an ansible module that copies a file from the local server to a remote Windows host. I will use this module to copy a single PDF.

Use the below YAML code, give the source and destination paths.

[email protected] ~
$ vi copy.yml
---

- hosts: win

  tasks:

  - name: Copy File

    win_copy:

      src: C:\output.pdf

      dest: C:\ansible_examples\
     
      remote_src: yes

Run the ansible-playbook for win_copy.

[email protected] ~
$ ansible-playbook copy.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Copy File] *****************************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=2 changed=1 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

The file has been copied successfully at the destination location on a remote windows system.

ansible windows copy

Install/UnInstall MSI

To install an application using the MSI file, you need to use win_get_url to mention the path of the MSI file to download and then use the win_package module to install it. The state present means the MSI will be installed on the machine, and the application is in the present state.

Here, I am installing Apache.

YAML code to be used:

[email protected] ~
$ vi msi.yml
---
- name: Installing Apache MSI 
  hosts: win 
 
  tasks:
    - name: Download the Apache installer
      win_get_url:
        url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi
        dest: C:\ansible_examples\httpd-2.2.25-win32-x86-no_ssl.msi

    - name: Install MSI
      win_package: 
        path: C:\ansible_examples\httpd-2.2.25-win32-x86-no_ssl.msi
        state: present

Run the ansible-playbook to install using MSI.

[email protected] ~
$ ansible-playbook msi.yml

PLAY [Installing Apache MSI] *****************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Download the Apache installer] *********************************************************************************************************
changed: [192.168.0.102]

TASK [Install MSI] ***************************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=3 changed=2 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Now, go to the windows system and check if the apache application got installed successfully.

C:\Users\geekflare>cd C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin>httpd -v
Server version: Apache/2.2.25 (Win32)
Server built: Jul 10 2013 01:52:12

You can also install applications using MSI with arguments. Below is the same example as above, but instead of a state, we are using an install argument to install apache.

YAML code to be used:

---

- name: Installing Apache MSI 

  hosts: win 

  tasks:

    - name: Download the Apache installer

      win_get_url:

        url: https://archive.apache.org/dist/httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi

        dest: C:\ansible_examples\httpd-2.2.25-win32-x86-no_ssl.msi


    - name: Install MSI

      win_package: 

        path: C:\ansible_examples\httpd-2.2.25-win32-x86-no_ssl.msi

        arguments:

          - /install

          - /passive

          - /norestart

To uninstall an application using the MSI file, you need to use the win_package module. The state absent means the application will be uninstalled using the MSI file.

Here, I am uninstalling Apache.

[email protected] ~
$ vi uninstall_msi.yml

---

- name: UnInstalling Apache MSI 

  hosts: win 

  tasks:

    - name: UnInstall MSI

      win_package: 

        path: C:\ansible_examples\httpd-2.2.25-win32-x86-no_ssl.msi

        state: absent

Run the ansible-playbook to uninstall using MSI.

[email protected] ~
$ ansible-playbook uninstall_msi.yml

PLAY [UnInstalling Apache MSI] *****************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [UnInstall MSI] *************************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=2 changed=1 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Now, if I check the apache version, I will get the below output as the application got uninstalled.

C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin>httpd -v 'httpd' is not recognized as an internal or external command,
operable program or batch file.

Uninstall Software (.EXE)

You can also uninstall software with .exe file using the product id of that software.

[email protected] ~
$ vi uninstall.yml 
---

- hosts: win 

  tasks:

   - name: Uninstall 7-Zip from the exe

     win_package:

       path: C:\Program Files\7-Zip\Uninstall.exe

       product_id: 7-Zip

       arguments: /S

       state: absent

Run the ansible-playbook to uninstall 7-Zip.

[email protected] ~
$ ansible-playbook uninstall.yml

PLAY [win] *************************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************
ok: [192.168.0.102]

TASK [Uninstall 7-Zip from the exe] ***********************************************************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP *************************************************************************************************************************************************************************************
192.168.0.102              : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Stop/Start/Restart Windows Services

win_service ansible module is used to start, stop, or restart a service. Here, I will show you how to stop the tomcat service.

ansible windows tomcat

You need to mention the service name in the YAML file and set the state to stop.

[email protected] ~
$ vi service.yml
---
- hosts: win 

  tasks: 

   - name: Stop service Tomcat

     win_service:

       name: Tomcat8

       state: stopped

Run the ansible-playbook to stop the tomcat service.

[email protected] ~
$ ansible-playbook service.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Stop service Tomcat] ****************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=2 changed=1 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

If you check the tomcat service on the windows system, it is now in stopped status.

ansible windows tomcat stop

You can define state to started or restarted or paused to change the status of the service.

Gathering Facts

Using win_disk_facts ansible module, you can retrieve all the disk information of the target host.

[email protected] ~
$ vi disk.yml
---
- hosts: win 
  tasks: 
  - name: Get disk facts
    win_disk_facts:

  - name: Output first disk size
    debug:
      var: ansible_facts.disks[0].size

  - name: Convert first system disk into various formats
    debug:
      msg: '{{ disksize_gib }} vs {{ disksize_gib_human }}'
    vars:
      # Get first system disk
      disk: '{{ ansible_facts.disks|selectattr("system_disk")|first }}'

      # Show disk size in Gibibytes
      disksize_gib_human: '{{ disk.size|filesizeformat(true) }}' 
      disksize_gib: '{{ (disk.size/1024|pow(3))|round|int }} GiB'

Run the ansible-playbook to get the disk information.

[email protected] ~
$ ansible-playbook disk.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Get disk facts] ************************************************************************************************************************
ok: [192.168.0.102]

TASK [Output first disk size] ****************************************************************************************************************
ok: [192.168.0.102] => {

"ansible_facts.disks[0].size": "1000204886016"
}

TASK [Convert first system disk into various formats] ****************************************************************************************
ok: [192.168.0.102] => {
"msg": "932 GiB vs 931.5 GiB"
}

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=4 changed=0 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Using win_command ansible module, you can execute commands on the remote host and get CPU information, device details, and much more.

[email protected] ~
$ vi check.yml
---
- hosts: win 
  tasks:
   - name: Get disk facts
     win_command: wmic cpu get caption, deviceid, name, numberofcores, maxclockspeed, status
     register: usage

   - debug: msg="{{ usage.stdout }}"

Run the ansible-playbook to get remote system information.

[email protected] ~
$ ansible-playbook check.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Get facts] ************************************************************************************************************************
changed: [192.168.0.102]

TASK [debug] *********************************************************************************************************************************
ok: [192.168.0.102] => {
"msg": "Caption DeviceID MaxClockSpeed
Name
NumberOfCores Status \r\r\nIntel64 Family 6 Model 142 Stepping 9 CPU0 2712 Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz 2 OK \r\r\n\r\r\n"
}

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=3 changed=1 unreachable=0 failed=0
skipped=0 rescued=0
ignored=0

Running Commands

Whatever commands you run on a window, they can be run through the ansible win_command module. You just need to specify the command in your YAML file. Here, I am just creating a directory.

[email protected] ~
$ vi commands.yml
---

- hosts: win 

  tasks:

   - name: run an executable using win_command

     win_command: whoami.exe


   - name: run a cmd command

      win_command: cmd.exe /c mkdir C:\test

Run the ansible-playbook to perform win_command operation.

[email protected] ~
$ ansible-playbook commands.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [run an executable using win_command] ***************************************************************************************************
changed: [192.168.0.102]

TASK [run a cmd command] *********************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=3 changed=2 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Environment Variables

A windows system has multiple environment variables, for example, JAVA_HOME. Using the win_environment ansible module, you can add or modify environment variables on a windows system. In this example, I am adding a new variable to the windows environment variables list.

[email protected] ~
$ vi env.yml
---
- hosts: win 
  tasks:
   - name: Set an environment variable for all users
     win_environment:
       state: present
       name: NewVariable
       value: New Value
       level: machine

Run the ansible-playbook to add the environment variable on a remote windows machine.

[email protected] ~
$ ansible-playbook env.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Set an environment variable for all users] *********************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=2 changed=1 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Go to the environment variables window; you will see the new variable you just added is present here.

ansible windows variables

Add/Edit Registry

win_regedit ansible module is used to add or edit registry details on a remote windows machine. You need to give the path of the registry and content to be added/updated. Here I am creating a new registry entry GeekFlare inside HKLM:\SOFTWARE path and then adding name and data to this registry.

[email protected] ~
$ vi registry.yml
---

- hosts: win 

  tasks:

   - name: Creating a registry

     win_regedit:

      path: HKLM:\SOFTWARE\GeekFlare

   - name: Modifying a registry, adding name and data

     win_regedit:

      path: HKLM:\SOFTWARE\GeekFlare

      name: Geek

      data: Flare

Run the ansible-playbook to add the registry.

[email protected] ~
$ ansible-playbook registry.yml

PLAY [win] ***********************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************
ok: [192.168.0.102]

TASK [Creating a registry] *******************************************************************************************************************
changed: [192.168.0.102]

TASK [Modifying a registry, adding name and data] ********************************************************************************************
changed: [192.168.0.102]

PLAY RECAP ***********************************************************************************************************************************
192.168.0.102
: ok=3 changed=2 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

If you go to Registry Editor on the remote system, you can see this registry has been added successfully with Name and Data parameters.

ansible windows registry

Delete Log

win_eventlog ansible module is used to add, clear, or remove windows event logs from the windows system.

Go to Windows Powershell, and list the EventLogs present on the remote windows machine.

PS C:\Users\Geekflare> Get-EventLog -List                                                                                 
  Max(K) Retain OverflowAction        Entries Log
  ------ ------ --------------        ------- ---
  20,480      0 OverwriteAsNeeded      33,549 Application
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder             20 Internet Explorer
  20,480      0 OverwriteAsNeeded           0 Key Management Service
     128      0 OverwriteAsNeeded         190 OAlerts
                                              Security
  20,480      0 OverwriteAsNeeded      44,828 System
  15,360      0 OverwriteAsNeeded       3,662 Windows PowerShell

Now, I will show how to remove logs from all sources for Internet Explorer.

[email protected] ~
$ vi log.yml
---
- hosts: win 
  tasks:
   - name: Remove Internet Explorer Logs
     win_eventlog:
      name: Internet Explorer
      state: absent

Run the ansible-playbook to remove the Internet Explorer form the remote windows machine.

[email protected] ~
$ ansible-playbook log.yml

PLAY [win] *************************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************
ok: [192.168.0.102]

TASK [Remove Internet Explorer Logs] **********************************************************************************************************************************************
changed: [192.168.0.102]

PLAY RECAP *************************************************************************************************************************************************************************************
192.168.0.102              : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Now, if you list the EventLogs again, you will see Internet Explorer logs have been removed.

PS C:\Users\Geekflare> Get-EventLog -List

  Max(K) Retain OverflowAction        Entries Log
  ------ ------ --------------        ------- ---
  20,480      0 OverwriteAsNeeded      33,549 Application
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
  20,480      0 OverwriteAsNeeded           0 Key Management Service
     128      0 OverwriteAsNeeded         190 OAlerts
                                              Security
  20,480      0 OverwriteAsNeeded      44,835 System
  15,360      0 OverwriteAsNeeded          56 Windows PowerShell

So, that was all about Ansible playbooks, which can be used for remote windows administration. Go ahead and try out these playbooks. You can also try other Ansible Windows modules available.