Can Ansible Automate Windows?

Learn how Ansible can automate Windows systems, its requirements, supported modules, and use cases for streamlining Windows administration tasks.

Can Ansible Automate Windows?

January 27, 2025
Posted by Luca Berton
ansible, windows, automation, devops, infrastructure as code, iac, windows automation

Ansible is well-known for its ability to automate Linux systems, but it is equally capable of managing and automating Windows systems. Its agentless architecture and extensive module library make Ansible a powerful tool for streamlining Windows administration tasks. This article explores how Ansible can automate Windows systems, its requirements, and use cases.

Can Ansible Automate Windows?

Yes, Ansible can automate Windows systems by leveraging Windows Remote Management (WinRM) or SSH. With support for Windows-specific modules, Ansible can perform tasks such as software deployment, configuration management, and service orchestration on Windows environments.

Key Features:

Agentless Architecture: No need for additional agents; uses WinRM or SSH.
Windows Modules: A rich library of modules tailored for Windows automation.
Cross-Platform Management: Manage Windows alongside Linux and other platforms.

Prerequisites for Automating Windows with Ansible

1. Enable WinRM

WinRM is the default communication protocol for Ansible to interact with Windows systems. To enable WinRM:

Open PowerShell as Administrator.

Run the following commands:

winrm quickconfig
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
Set-Item wsman:\localhost\Client\TrustedHosts -Value "<Ansible_Control_Node_IP>"

2. Install pywinrm

The pywinrm Python library is required for Ansible to communicate with Windows systems over WinRM:

pip install pywinrm

3. Configure the Inventory File

Add your Windows systems to the inventory file with appropriate credentials:

[windows]
windows_host ansible_host=192.168.1.10 ansible_user=Administrator ansible_password=your_password ansible_connection=winrm

Common Ansible Modules for Windows Automation

Ansible provides a range of modules specifically designed for Windows automation:

1. win_service:

Manage Windows services.

- name: Ensure IIS is running
  win_service:
    name: W3SVC
    state: started

2. win_package:

Install or uninstall software.

- name: Install Google Chrome
  win_package:
    path: "https://dl.google.com/chrome/install/GoogleChromeStandaloneEnterprise.msi"

3. win_user:

Manage user accounts.

- name: Add a new user
  win_user:
    name: admin_user
    password: StrongPassword123!
    state: present

4. win_file:

Manage files and directories.

- name: Create a directory
  win_file:
    path: C:\Temp
    state: directory

5. win_shell:

Execute PowerShell or command-line commands.

- name: Run PowerShell command
  win_shell: Get-Process

Use Cases for Automating Windows with Ansible

Application Deployment: Install and configure software across multiple Windows servers.
System Configuration: Automate the setup of Windows features, services, and settings.
Patch Management: Schedule and deploy updates to Windows systems.
Service Orchestration: Manage Windows services such as IIS, SQL Server, or Active Directory.
File and Directory Management: Create, modify, or delete files and directories on Windows hosts.
Security Hardening: Apply security policies and configurations consistently across systems.

Example Ansible Playbook for Automating Windows

Configuring IIS on Windows

- name: Configure IIS on Windows
  hosts: windows
  tasks:
    - name: Install IIS
      win_feature:
        name: Web-Server
        state: present

    - name: Start IIS service
      win_service:
        name: W3SVC
        state: started

Best Practices for Automating Windows with Ansible

Secure Credentials: Use Ansible Vault to encrypt sensitive information like passwords.
Use Variables: Parameterize configurations for different environments:
```
vars:
  app_version: "1.0.0"
```

Organize Playbooks: Use roles to structure complex playbooks:

roles/
├── windows_config/
│   ├── tasks/
│   │   └── main.yml
│   └── vars/
│       └── main.yml

Test Configurations: Validate playbooks in a staging environment before applying them to production.
Monitor Automation: Use callback plugins or external monitoring tools to track execution success.

Conclusion

Ansible is a powerful tool for automating Windows systems, from software deployment to system configuration. By leveraging its Windows-specific modules and adhering to best practices, you can streamline workflows, reduce manual intervention, and ensure consistency across your Windows infrastructure.

Learn More About Ansible and Windows Automation

Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Explore more examples of Windows automation in Ansible by Examples.

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Donate

Support this project by contributing today.

Patreon Buy me a Pizza