Windows Deployment with Ansible Manual and Automated Install

In the world of IT infrastructure management, efficiency and consistency are key. When deploying multiple Windows systems, creating and maintaining a Windows template or image can save a lot of time and ensure uniformity. However, the real magic happens when you combine a well-prepared image with automation tools like Ansible. This guide walks you through the process of preparing a Windows template, manually installing essential software, and automating the rest with Ansible for a streamlined deployment.

Preparing your Windows Template/Image
 

Setting up the Base Windows Image

The foundation of a good deployment strategy is a solid base image. Here’s how to get yours ready:

• Install Windows: Start by installing Windows on a virtual or physical machine. This will be your base template.
• Update the OS: Make sure your Windows installation is up-to-date with the latest patches and updates. This step is crucial for security and stability.
• Configure Settings: Adjust system settings to match your organization's standards. This might include network configurations, user settings, and security policies.

Generalizing the Image

Once your base image is configured, you need to generalize it to make it suitable for deployment. This is done using the Sysprep tool.

Run Sysprep: Open Command Prompt as an administrator and execute.

sysprep /oobe /generalize /shutdown

This command prepares the image by removing system-specific data, making it ready for capture and deployment.

Capturing the Image

After generalizing, you need to capture the Windows image. Tools like Microsoft Deployment Toolkit (MDT) or other imaging solutions can help with this. Save the image to a repository so it can be used for deployment across your organization.

Automating Software Installation with Ansible

Now that you have your base image, it’s time to automate the installation of mandatory software using Ansible. This powerful tool simplifies configuration management and application deployment.

Setting Up Ansible

• Install Ansible: On your Linux-based control machine or Windows Subsystem for Linux (WSL), install Ansible.

  sudo apt update
  sudo apt install ansible
  

• Install Required Collections: To manage Windows hosts, install the community. windows collection.

  ansible-galaxy collection install community.windows
  

Configuring Windows Hosts

• To allow Ansible to manage your Windows machines, follow these steps.
• Enable PowerShell Remoting: Run PowerShell as an administrator on each Windows machine and enter.

  Enable-PSRemoting -Force
  

• Configure WinRM: Set up WinRM to enable remote management.

  Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force
  

• Create an Administrative User: Set up a user account with administrative privileges that Ansible will use to connect to the Windows machines.

Creating the Ansible Inventory File

• Create an inventory file (e.g., hosts.ini) to list your Windows machines.

  [windows]
  windows1 ansible_host=192.168.1.10
  windows2 ansible_host=192.168.1.11
  [windows:vars]
  ansible_user=your_username
  ansible_password=your_password
  ansible_connection=winrm
  ansible_winrm_transport=ntlm
  ansible_winrm_server_cert_validation=ignore
  

• Replace your username and your password with the credentials of your administrative user. Adjust IP addresses as needed.

Writing the Ansible Playbook

Create an Ansible playbook (e.g., install_software.yml) to automate the installation of mandatory software.

---
- name: Install mandatory software on Windows hosts
  hosts: windows
  tasks:
    - name: Install 7-Zip
      win_chocolatey:
        name: 7zip
        state: present
    - name: Install Google Chrome
      win_chocolatey:
        name: googlechrome
        state: present
    - name: Install Microsoft Edge
      win_chocolatey:
        name: microsoft-edge
        state: present
    - name: Install Notepad++
      win_chocolatey:
        name: notepadplusplus
        state: present
    - name: Ensure Windows updates are installed
      win_service:
        name: wuauserv
        start_mode: auto
        state: started
    - name: Install a custom application from an executable
      win_package:
        path: C:\path\to\your\installer.exe
        state: present

This playbook uses the win_chocolatey module for Chocolatey-based software installations and win_package for custom applications.

Running the Ansible Playbook

Execute the playbook from your Ansible control machine.

ansible-playbook -i hosts.ini install_software.yml

Ansible will connect to each Windows host listed in the inventory file and apply the specified software installations and configurations.

Finalizing and Deploying the Image

1. Testing the Image: Before you deploy your updated image, make sure to test it thoroughly. Verify that all software is installed correctly and working as expected.
2. Re-capturing the Updated Image: If you made changes to the image after capturing it, re-capture the updated image using your imaging tool to ensure it reflects all the latest configurations and software.
3. Deploying the Image: Deploy the finalized image to new systems. These systems will start with the base configuration and the pre-installed mandatory software, ensuring consistency across your organization.

Conclusion

Combining manual setup with automation via Ansible creates a powerful and efficient deployment strategy. By preparing a base Windows image, automating software installations, and ensuring thorough testing, you streamline the process and maintain consistency across all deployed systems. This integrated approach not only saves time but also provides a reliable, standardized experience for users throughout your organization.