The Wayback Machine - https://web.archive.org/web/20201115113916/https://github.com/pirenga/ansible
Skip to content

/ ansible

forked from crombeen/ansible

Ansible playbooks for managing an elementary school IT infrastructure (mostly Windows desktops)

0 stars 78 forks
Star
Watch
master
1 branch 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

This branch is 15 commits behind crombeen:master.
Pull request Compare

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
files/icons
 
 
group_vars/all
 
 
library
 
 
.gitignore
 
 
README.adoc
 
 
ansible.cfg
 
 
cleanup.yml
 
 
collect.yml
 
 
config.yml
 
 
defrag.yml
 
 
desktop.yml
 
 
hosts.ini.example
 
 
onedrive.yml
 
 
poweroff.yml
 
 
printer.yml
 
 
provision.yml
 
 
rdesktop.sh
 
 
rdesktop.yml
 
 
site.yml
 
 
software.yml
 
 
tigervnc.yml
 
 
update.yml
 
 
users.yml
 
 
vncviewer.sh
 
 
wakeonlan.yml
 
 

README.adoc

Using Ansible to manage Windows desktops

As part of this project the following modules have been implemented: - wakeonlan - wait_for_connection - win_defrag - win_shortcut

Configuring the system for Powershell Remoting

The following actions have to be taken to enable WinRM Powershell remoting.

Enable WinRM

Start Powershell (Run as Administrator) and run the following command:

WinRM qc

Answer yes on each question asked.

Allow Powershell script execution

Start Powershell (Run as Administrator) and run the following command:

Set-ExecutionPolicy

Enter the policy to be used: Bypass

Answer yes when asked to change the policy.

(Or use proper client certificates, which we plan to do)

Allow Powershell remoting for Ansible

Start Powershell (Run as Administrator) and run the following command:

ConfigureRemotingForAnsible.ps1 -CertValidityDays 3650 -EnableCredSSP

Enable Wake-on-LAN (WoL)

In order to automatically turn on systems when doing maintenance, we configured the systems to support Wake-on-LAN. Most systems are configured this way automatically, however in some cases they need specific changes to make them work as we like.

BIOS settings

Boot the system using the F1 key pressed to enter the BIOS.

Inside the (Lenovo) BIOS go to Startup > Automatic Boot Sequence and move the Network entries down using the minus key (-). Ensure that the first entry is the local boot disk.

Save the configuration using the F10 key and select Yes.

Windows settings

No specific configuration is needed to make Wake-on-LAN work on the Lenovo systems in Windows 10.

Using Ansible

More information is available from: http://docs.ansible.com/ansible/intro_windows.html

Capabilities

The following things we can manage using Ansible today:

  • Turn on systems (using Wake-On-Lan)

  • Collect information from the system (e.g. Name, MAC address, IP addres, hardware) into a CSV

  • Manage energy settings

  • Apply system updates

  • Installing and removing software (incl. everything from Ninite)

  • Enable/disable system services

  • Apply/merge registry settings

  • Customize desktop icons

  • Defragment filesystem(s)

Still need to be implement:

  • Missing automation

    • Customize start menu

    • Customize task bar

    • Customize system tray

  • Missing facts

    • Disk information (size, free-space)

Instructions

Existing Ansible playbooks are available from: https://github.com/crombeen/ansible

Turning on desktops using WoL

$ ansible-playbook -k wakeonlan.yml

Collect information (creates inventory in CSV format)

$ ansible-playbook -k collect.yml

Manage software

$ ansible-playbook -k provision.yml
$ ansible-playbook -k software.yml
$ ansible-playbook -k cleanup.yml

Manage system configuration

$ ansible-playbook -k config.yml

Manage local users

$ ansible-playbook -k users.yml

Manage desktop

$ ansible-playbook -k desktop.yml

Manage RDP and OneDrive

$ ansible-playbook -k rdesktop.yml
$ ansible-playbook -k onedrive.yml

Run everything

$ ansible-playbook -k site.yml

Problems

Here is a list of problems today:

  • Often command line desktop management was an afterthought in Windows, not designed with it in mind.

  • A lot of (desktop) manipulations require registry edits because out-of-the-box cmdlets do not exist.

  • Hard to predict how registry modifications will survive Windows 10 updates.

  • Powershell is a big improvement over cmd.exe, however it feels like Perl 4 (1993) more than anything modern (encountered various inconsistencies and design issues).

  • Since we have Windows 10 Home OEM licenses, Microsoft’s solution (Active Directory and Group Policies) is not an option, and we prefer open tooling and manageable actions.

Resources

More resources related to Powershell and Ansible-integration below:

Ansible

About

Ansible playbooks for managing an elementary school IT infrastructure (mostly Windows desktops)

Resources

Readme

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.