The following actions have to be taken to enable WinRM Powershell remoting.
Start Powershell (Run as Administrator) and run the following command: WinRM qc
Answer yes on each question asked.
Start Powershell (Run as Administrator) and run the following command: Set-ExecutionPolicy
Enter the policy to be used: Bypass
Answer yes when asked to change the policy.
Start Powershell (Run as Administrator) and run the following command: ConfigureRemotingForAnsible.ps1 -CertValidityDays 3650
Enable Wake-on-LAN (WoL)
In order to automatically turn on systems when doing maintenance, we configured the systems to support Wake-on-LAN. Most systems are configured this way automatically, however in some cases they need specific changes to make them work as we like.
Boot the system using the F1 key pressed to enter the BIOS.
Inside the (Lenovo) BIOS go to Startup > Automatic Boot Sequence and move the Network entries down using the minus key (-). Ensure that the first entry is the local boot disk.
Save the configuration using the F10 key and select Yes.
More information is available from: http://docs.ansible.com/ansible/intro_windows.html
The following things we can manage using Ansible today:
-
Turning on systems (using Wake-On-Lan)
-
Collect information from the system (e.g. Name, MAC address, IP addres, hardware) into a CSV
-
Applying system updates
-
Installing and removing software (incl. everything from Ninite)
-
Enable/disable services
-
Apply/merge registry settings
-
Setting up International(ization) and Keyboard Layout
Still need to be implement:
-
Missing automation
-
Customize start menu
-
Customize desktop
-
Customize task bar
-
Customize system tray
-
Customize startup tasks (like autoruns)
-
Customize services (like autoruns)
-
-
Missing facts
-
DMI information (e.g. Model, Serial number, …)
-
MAC address
-
Disk information
-
CPU type
-
Memory
-
Instructions
-
Existing Ansible playbooks are available from: https://github.com/crombeen/ansible
Here is a list of problems today:
-
Often command line systems management was an afterthought in Windows, not designed with it in mind.
-
A lot of (desktop) manipulations require registry edits because out-of-the-box cmdlets do not exist
-
Hard to predict how registry modifications will survive Windows 10 updates
-
Powershell is a big improvement over cmd.exe, however it feels like Perl 4 (1993) more than anything modern
-
Microsoft’s solution is to use Active Directory and Group Policies, rather than foster community development and open tooling
More resources related to Powershell and Ansible-integration below:
-
Powershell DSC modules - DSC community auto-generated modules