How to deploy ansibleconfigure powershell script on windows

Okay fun stuff, so I tried this a number of ways which I will describe in this blog post.

If your windows server is joined to the domain and you have a machine that can reach all the virtual machines, WinRM is configured, and you have powershell 3.0 or higher setup.

Ansibleconfigure.ps1

Then you could try the following powershell for loop from SYSVOL share

  1. You copy the ansibleconfigurescript.ps1 to SYSVOL on so all the joined machines can reach it or you can have it run locally from the joined machine.
  2. Next you can use the following for loop in powershell that will basically loop through a text file with a list of all the hosts and run the powershell script
  • csv – is servers name, 1 line each as such
    • server1.com,
    • server2.com,
    • Etc
  • The script will also ask for admin credentials which you will need.

=====================================

Powershell For Loop Deploy
$serverfiles=import-CSV ‘d:\scripts\hosts.csv’
$cred = get-credential
Foreach ($server in $serverfiles) {
write-output $server.names
invoke-command -computername $server.names -filepath d:\scripts\ansibleconfigure.ps1 -credential $cred
}
=========================================

  1. Now you can open up powershell console as administrator save the above into a file and run it.
    1. ./deployloop – Watch the output for error

Note: This method sucked and failed for me due to WinRM not being there and other restrictions as indicated below.  It also would of helped if i was better at powershell 😛

  • set-executionpolicy -ExecutionPolicy restricted
  • set-executionpolicy -ExecutionPolicy unrestricted
  1. So this brings us to how to deploying the script via GPO(group policy object) from the DC.

What you want to do here is copy the configure script to SYSVOL so all the joined machines can reach the script.

In the search bar type: (replace domain to match)

  • \\home.nickatilor.com\SYSVOL
  • Copy ansibleconfigure.ps1 inside here.
  1. Next you will setup the GPO to deploy on startup as this is the only way the script will work, logon did not appear to work for me.
  2. To do this, I decided to create a new Group Policy object (GPO) and link it to my home.nicktailor.com domain in my forest. In the Group Policy Management Editor, I right-click the domain, and then click Create a GPO in this domain. This is shown in the following image.

 

  1. Right-clicking the newly created GPO in the Group Policy Management Console and clicking Editopens the Group Policy Management Editor, which is shown in the following image. Because I am interested in tracking not only processes that start after the user logs onto the computer but also processes that start before the logon screen, I configure a logon script for the user. There are startup and shutdown scripts that can be configured in Group Policy that are assigned at the computer configuration level, but they would not be the best place to obtain the information I’m looking for. To set a user logon script, open the User Configuration node of the Group Policy Editor, click Windows Settings and then click Scripts (Logon/Logoff).

  1. I double-click Logonin the right side of the pane, and click the PowerShell Scripts tab as shown in the following image.

 

  1. Make sure you edit the script path so that it reads the SYSVOL path where its says

script name

  • \\home.nicktailor.com\SysVol\home.nicktailor.com\scripts\ansibleconfigure.ps1

  1. Next when the servers reboot you should be able to check the windows application logs for id=1 to see if the script ran in the event viewer or use
    gpresult /r (should show the objects applied)

Leave a Reply

Your email address will not be published. Required fields are marked *