Don't miss out on new posts! Sign up for the Newsletter here:

Basic Windows Server Automation with Ansible

We have already looked at installing Ansible Tower for GUI administration of Ansible which we will go back to. I want to back up a little bit and cover working with Ansible from the command line, showing how easy it is to automate Windows configuration without much effort. Ansible is a great platform to learn for automation and has much adoption among enterprise and datacenter environments throughout. In 2018, one of my goals is to learn more automation and working with the various platforms that are available out there is a great way to get started. Let’s see some Basic Windows Server Automation with Ansible and how easy this is to accomplish with our Ansible control server.

Basic Windows Server Automation with Ansible

For my Ansible control server, I am simply using a standard Ubuntu 16.04 server.  The control server is where we will run our modules, playbooks, tasks, etc from using Ansible.  For home lab purposes, it is the same server that I have Ansible Tower installed on.  We simply need to install a few little tools to get up and running with Ansible.  Since I am using my Tower server, I didn’t have to install ansible as this is part of the Tower install, however, I will walk through the easy step of getting Ansible installed.


  • First things first, get your Ubuntu server updated with the latest and greatest patches.
  • Install pip
  • Install pywinrm
  • Install ansible

Installing PIP in Ubuntu

What is PIP?  It is an alternate installer for python packages that many use in managing python related package activities.  Installing PIP in Ubuntu:

sudo apt-get install python-pip python-dev build-essential 
sudo pip install --upgrade pip

Installing Pywinrm in Ubuntu

The Pywinrm module is what allows ansible to interact with WinRM in Windows.  To get the Pywinrm module installed after you have installed pip, run the following:

sudo pip install pywinrm

Installing Ansible in Ubuntu

After you have the above two packages installed, let’s install ansible itself.  This is another easy install that takes just a few seconds:

sudo pip install ansible

You can check the version of ansible installed by the following:

ansible --version

After ansible is installed on our control box, we are ready to start interacting with a Windows server.

Windows WinRM configuration

WinRM connectivity can get tricky, especially if you are not on the same domain, etc.  There are several handy WinRM commands that can help get WinRM connectivity established from your Ansible server or any other server you are looking to make connections to/from.

See the current WinRM configuration

From PowerShell, run the following commands

cd WSMan:localhostclient

This will show your current WinRM configuration, trusted hosts, encryption settings, etc.  For my lab Ansible box, I am setting AllowUnencrypted to true and also have set the TrustedHosts value to * which allows all hosts.

To allow unencrypted traffic:

set-item .allowunencrypted $true

To add a TrustedHost to the configuration:

set-item WSMan:localhostClientTrustedHosts -Value "*"

Above, you can specify specific hosts if you choose.

Viewing the WinRM settings on a Windows server

Ansible PowerShell Configuration Script for Configuring WinRM Connectivity

There is a great PowerShell configuration script out on Github that automatically sets up the WinRM configuration, firewall, PowerShell remoting, etc for Ansible connectivity.  Check it out here:

Testing Ansible Win_Ping Connectivity

To test basic connectivity from Ansible, you can use the win_ping command with Ansible that utilzes the WinRM connectivity to make connections to the server.  This verifies whether or not everything is working as expected with WinRM connectivity.

Create an inventory.yml file that will contain the hosts you want to test connectivity to.  The inventory.yml file that I created, only has a single host contained therein for testing, however, looks like this:



We can then run our test against the host(s) contained in the inventory file using the below command to test WinRM connectivity.

ansible test -i inventory.yml -m win_ping

We should see the SUCCESS message listed with the return in green.

Testing WinRM connectivity from Ansible

We can now start working with our Windows server with Ansible automation.

Basic Ansible Commands to get Started

There are a few basic commands we can use to get started.  We can interact with our server just like we were on the console.  Below returns the IP configuration from our Windows Server

ansible test -i inventory.yml -m raw -a "ipconfig"

We can stop, start, restart services as well:

ansible test -m win_service -a "name=Spooler state=stopped"


Getting started with Basic Windows Server Automation with Ansible is not difficult at all.  We can quickly get a control server setup, establish WinRM connectivity and then start running commands against our server.  Next, we will look at playbooks for further automation and getting deeper into automating our Windows Server with Ansible.  Stay tuned….

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.