You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
1.3 KiB
57 lines
1.3 KiB
2 years ago
|
- block:
|
||
|
|
- wait_for_connection:
|
||
|
|
timeout: 10
|
||
|
|
|
||
|
|
rescue:
|
||
|
|
- name: set bootstrap password if connection fails
|
||
|
|
set_fact:
|
||
|
|
winrm_old_password: "{{ ansible_password }}"
|
||
|
|
ansible_password: "{{ winrm_bootstrap_password }}"
|
||
|
|
|
||
|
|
|
||
|
|
- name: gather facts
|
||
|
|
setup:
|
||
|
|
gather_facts:
|
||
|
|
- min
|
||
|
|
|
||
|
|
|
||
|
|
- name: fail if Windows version is not 10
|
||
|
|
fail:
|
||
|
|
msg: "only Windows 10 is supported"
|
||
|
|
when: (ansible_os_family != 'Windows') or (ansible_distribution_major_version|int < 10)
|
||
|
|
|
||
|
|
|
||
|
|
- name: setup service account for remote control
|
||
|
|
win_user:
|
||
|
|
name: "{{ winrm_remote_user }}"
|
||
|
|
account_disabled: no
|
||
|
|
account_locked: no
|
||
|
|
password: "{{ winrm_old_password | d(ansible_password) }}"
|
||
|
|
password_expired: no
|
||
|
|
password_never_expires: yes
|
||
|
|
groups:
|
||
|
|
- S-1-5-32-544
|
||
|
|
- S-1-5-32-580
|
||
|
|
groups_action: add
|
||
|
|
|
||
|
|
|
||
|
|
- name: set correct password if it was changed earlier
|
||
|
|
set_fact:
|
||
|
|
ansible_password: "{{ winrm_old_password }}"
|
||
|
|
when: winrm_old_password is defined
|
||
|
|
|
||
|
|
|
||
|
|
- name: ensure LocalAccountTokenFilterPolicy is set to 1
|
||
|
|
win_regedit:
|
||
|
|
path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
||
|
|
name: LocalAccountTokenFilterPolicy
|
||
|
|
data: 1
|
||
|
|
type: dword
|
||
|
|
|
||
|
|
|
||
|
|
- name: setup winrm service
|
||
|
|
win_service:
|
||
|
|
name: WinRM
|
||
|
|
start_mode: auto
|
||
|
|
state: started
|