Client Setup and First Playbook
In order for Ansible to communicate with a windows device, the device must have some settings changed. The easiest way is to run a powershell script. This script has options you can set during execution, for this example I will run the script as is on my test machine.
Run the following command on the client to verify if client is setup for winrm correctly
winrm get winrm/config
Under the /etc/ansible/ directory create a windows_playbook folder
mkdir /etc/ansible/windows_playbook
Create a file called updatecheck.yml in the /etc/ansible/windows_playbook
vim /etc/ansible/windows_playbook/updatecheck.yml
For this playbook we are going to check if windows updates are available. I cannot take credit for the whole whole playbook. I did a ton of searching for the information that is included. This playbook will prompt for what hosts group you want. What you type should match the host group name and also the same group_vars file that was created.
---
- vars_prompt:
- name: "host"
prompt: "Which Host"
private: no
hosts: "{{ host }}"
gather_facts: false
tasks:
- name: Check for missing updates
win_updates:
category_names:
- Updates
- SecurityUpdates
- CriticalUpdates
- UpdateRollups
- DefinitionUpdates
- WindowsDefender
- Drivers
- Tools
state: searched
register: found_updates
- name: List missing updates
debug: var=found_updates
Run the playbook via the following command
ansible-playbook /etc/ansible/windows_playbook/updatecheck.yml
Once you run the playbook you should see the following output indicating if the group has updates or not needed for install. With this information you can create more playbooks to either install specific KB’s or install all pending windows updates.
That’s it, easy right!
Ed_Tech_Jeff 