ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update role dependencies

Browse Source
This commit is contained in:
Patrick Toal
2024-02-08 15:55:01 -05:00
parent e09a7f7d45
commit bb21e8d5c6
507 changed files with 1270 additions and 28219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
roles/oatakan.windows_template_build/tasks/clean-up-components.yml
View File

@@ -1,14 +0,0 @@
---
- name: clean up components and update files
win_shell: Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase
when: "'Windows Server 2008' not in ansible_distribution"
ignore_errors: yes
- include_tasks: clean-up-with-cleanmgr.yml
when: "'Windows Server 2008' in ansible_distribution"
- name: clean up components and update files
win_shell: Dism.exe /online /Cleanup-Image /SpSuperseded
when: "'Windows Server 2008' in ansible_distribution"
ignore_errors: yes

64
roles/oatakan.windows_template_build/tasks/clean-up-with-cleanmgr.yml
View File

@@ -1,64 +0,0 @@
---
- block:
- name: check for cleanmgr executable
win_stat:
path: '{{ ansible_env.windir }}\System32\cleanmgr.exe'
register: check_cleanmgr_file
- include_tasks: copy_cleanmgr.yml
vars:
os_short_name: 2008r2
when:
- not check_cleanmgr_file.stat.exists
- ('Windows Server 2008 R2' in ansible_distribution)
- include_tasks: copy_cleanmgr.yml
vars:
os_short_name: 2012
when:
- not check_cleanmgr_file.stat.exists
- ('Windows Server 2012' in ansible_distribution)
- (not 'Windows Server 2012 R2' in ansible_distribution)
- name: get free space
win_shell: Get-PSDrive C | Select-Object Free | ConvertTo-Json
register: free_space_before_cleanup
- name: ensure cleanup registry paths exist
win_regedit:
path: HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\{{ item }}
loop: "{{ cleanup_registry_keys }}"
- name: set cleanup registry keys
win_regedit:
path: HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\{{ item }}
name: StateFlags0012
data: 2
type: dword
loop: "{{ cleanup_registry_keys }}"
- name: run cleanmgr
win_shell: cleanmgr /sagerun:12
- name: wait for cleanmgr to finish
win_shell: (get-wmiobject win32_process | where-object {$_.processname -eq 'cleanmgr.exe'} | measure).count
register: check_cleanmgr_process
until: check_cleanmgr_process.stdout is defined and check_cleanmgr_process.stdout|int == 0
delay: 5
retries: 300
- name: get free space
win_shell: Get-PSDrive C | Select-Object Free | ConvertTo-Json
register: free_space_after_cleanup
- debug:
msg:
- "Free space before cleanup: {{ ((free_space_before_cleanup.stdout | from_json)['Free']|int / (1024*1024*1024)) | round(2, 'floor') }} GB"
- "Free space after cleanup: {{ ((free_space_after_cleanup.stdout | from_json)['Free']|int / (1024*1024*1024)) | round(2, 'floor') }} GB"
rescue:
- name: ignore any errors
debug:
msg: "ignoring any error with clean up with cleanmgr"

41
roles/oatakan.windows_template_build/tasks/clean-up.yml
View File

@@ -1,41 +0,0 @@
---
- name: remove page file
win_regedit:
path: HKLM:\System\CurrentControlSet\Control\Session Manager\Memory Management
name: PagingFiles
data: ""
state: present
register: cleanup_pagefile_removal
- name: reboot server after clearing page file
win_reboot:
when: cleanup_pagefile_removal is changed
- name: cleanup the temp folders
win_file:
path: '{{ item }}'
state: absent
ignore_errors: yes
loop:
- C:\Temp
- C:\Windows\Panther
- C:\Windows\Temp
- name: cleanup the C:\Recovery folder
win_shell: Remove-Item -Path C:\Recovery -Force -Recurse
ignore_errors: yes
- name: check to see if WinSXS ManifestCache folder exist
win_stat:
path: '{{ ansible_env.windir }}\winsxs\ManifestCache'
register: winsxs_dir
- name: clear out the WinSXS ManifestCache folder
win_shell: |
&cmd.exe /c Takeown /f %windir%\winsxs\ManifestCache\*
&cmd.exe /c Icacls %windir%\winsxs\ManifestCache\* /GRANT administrators:F
&cmd.exe /c Del /q %windir%\winsxs\ManifestCache\*
when:
- winsxs_dir.stat is defined
- winsxs_dir.stat.exists

4
roles/oatakan.windows_template_build/tasks/cloudbase-init.yml
View File

@@ -7,3 +7,7 @@
arguments:
- /qn
state: present
register: install_cloudbase_init
until: install_cloudbase_init is success
delay: 3
retries: 5

47
roles/oatakan.windows_template_build/tasks/compact.yml
View File

@@ -33,17 +33,11 @@
retries: 60
when: "'Windows Server 2008' in ansible_distribution"
- name: stop windows update service
win_service:
name: wuauserv
state: stopped
ignore_errors: yes
- name: delete update directory
win_file:
path: C:\Windows\SoftwareDistribution\Download
state: absent
ignore_errors: yes
ignore_errors: true
- name: remove windows update settings
win_regedit:
@@ -55,21 +49,15 @@
- PingID
- AccountDomainSid
- name: start windows update service
win_service:
name: wuauserv
state: started
ignore_errors: yes
- name: create update directory
win_file:
path: C:\Windows\SoftwareDistribution\Download
state: directory
ignore_errors: yes
ignore_errors: true
- name: reset windows update
win_shell: wuauclt /resetauthorization /detectnow
ignore_errors: yes
ignore_errors: true
- name: clean with bleachbit
win_shell: >
@@ -85,7 +73,7 @@
when:
- bleachbit_clean|bool
- download_bleachbit is success
ignore_errors: yes
ignore_errors: true
- name: create temp directory
win_file:
@@ -101,20 +89,23 @@
until: download_ultradefrag is success
delay: 3
retries: 5
ignore_errors: true
- name: unzip ultradefrag
win_unzip:
src: '{{ temp_directory }}\win_build\ultradefrag.zip'
dest: '{{ temp_directory }}\win_build'
- block:
- name: unzip ultradefrag
win_unzip:
src: '{{ temp_directory }}\win_build\ultradefrag.zip'
dest: '{{ temp_directory }}\win_build'
- name: set udefrag extract directory
set_fact:
udefrag_dir: '{{ temp_directory }}\win_build\ultradefrag-portable-7.1.4.amd64'
- name: set udefrag extract directory
set_fact:
udefrag_dir: '{{ temp_directory }}\win_build\ultradefrag-portable-7.1.4.amd64'
- name: defrag with ultradefrag
win_shell: '{{ udefrag_dir }}\udefrag.exe --optimize --repeat C:'
args:
executable: cmd
- name: defrag with ultradefrag
win_shell: '{{ udefrag_dir }}\udefrag.exe --optimize --repeat C:'
args:
executable: cmd
when: download_ultradefrag is success
- name: download sdelete
win_get_url:
@@ -161,7 +152,7 @@
when:
- bleachbit_free_disk_space|bool
- download_bleachbit is success
ignore_errors: yes
ignore_errors: true
- name: remove bleachbit files
win_file:

4
roles/oatakan.windows_template_build/tasks/copy_cleanmgr.yml
View File

@@ -14,7 +14,7 @@
win_copy:
src: "{{ winsxs_cleanmgr_file[os_short_name] }}"
dest: '{{ ansible_env.windir }}\System32\cleanmgr.exe'
remote_src: yes
remote_src: true
when:
- check_winsxs_cleanmgr_file.stat.exists
- check_winsxs_cleanmgr_mui_file.stat.exists
@@ -23,7 +23,7 @@
win_copy:
src: "{{ winsxs_cleanmgr_mui_file[os_short_name] }}"
dest: '{{ ansible_env.windir }}\System32\en-US\cleanmgr.exe.mui'
remote_src: yes
remote_src: true
when:
- check_winsxs_cleanmgr_file.stat.exists
- check_winsxs_cleanmgr_mui_file.stat.exists

8
roles/oatakan.windows_template_build/tasks/disable-auto-logon.yml
View File

@@ -1,8 +0,0 @@
---
- name: disable auto login
win_regedit:
path: HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
name: "{{ item.name }}"
state: absent
loop: "{{ autologin_registry }}"

18
roles/oatakan.windows_template_build/tasks/enable-rdp.yml
View File

@@ -1,18 +0,0 @@
---
- name: enable RDP port
win_firewall_rule:
name: Remote Desktop
localport: 3389
action: allow
direction: in
protocol: tcp
state: present
enabled: yes
- name: enable RDP
win_regedit:
path: HKLM:\System\CurrentControlSet\Control\Terminal Server
name: fDenyTSConnections
data: 0
type: dword

43
roles/oatakan.windows_template_build/tasks/enable-tlsv12.yml
View File

@@ -1,43 +0,0 @@
---
- block:
- name: test SSL connection
win_shell: "[System.Net.WebRequest]::Create('https://github.com').GetResponse()"
rescue:
- name: enable TLSv1.2 support
win_regedit:
path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\{{ item.type }}
name: '{{ item.property }}'
data: '{{ item.value }}'
type: dword
state: present
register: enable_tls12
loop:
- type: Server
property: Enabled
value: 1
- type: Server
property: DisabledByDefault
value: 0
- type: Client
property: Enabled
value: 1
- type: Client
property: DisabledByDefault
value: 0
- name: enable strong crypto
win_regedit:
path: HKLM:\{{ item }}
name: SchUseStrongCrypto
data: 1
type: dword
state: present
loop:
- 'SOFTWARE\Microsoft\.NETFramework\v4.0.30319'
- 'SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'
- name: reboot if TLS config was applied
win_reboot:
when: enable_tls12 is changed

53
roles/oatakan.windows_template_build/tasks/hotfix-tlsv12.yml
View File

@@ -1,53 +0,0 @@
---
- name: ensure Windows ADK with DISM is installed
win_chocolatey:
name: windows-adk-deploy
state: present
version: 10.0.17134.0
register: install_windows_adk_deploy
notify: ensure Windows ADK with DISM is removed
- name: ensure PATH contains Windows ADK
win_path:
scope: machine
state: present
elements: "C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\amd64\\DISM"
- pause:
seconds: 10
- name: download hotfix
win_get_url:
url: '{{ enable_tlsv12_hotfix.url }}'
dest: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
register: download_hotfix
until: download_hotfix is success
delay: 3
retries: 5
- block:
- name: install hotfix (PS >= 4)
win_hotfix:
source: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
state: present
register: hotfix_install
when: ansible_powershell_version is version('4', '>=')
rescue:
- name: install hotfix using shell
win_shell: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }} /quiet /norestart'
register: hotfix_install
- name: install hotfix (PS == 3)
win_shell: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }} /quiet /norestart'
register: hotfix_install
when: ansible_powershell_version is version('3', '==')
- name: ensure hotfix file is removed
win_file:
path: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
state: absent
- name: reboot if needed
win_reboot:
when: hotfix_install.reboot_required | default(False)

104
roles/oatakan.windows_template_build/tasks/main.yml
View File

@@ -7,38 +7,91 @@
- name: run setup module
setup:
- include_tasks: hotfix-tlsv12.yml
- block:
# This is needed where many tasks and polls run against the windows target where it reaches the limit
# Default value is 1500
- name: increase MaxConcurrentOperationsPerUser
ansible.windows.win_shell: |
winrm set winrm/config/service @{MaxConcurrentOperationsPerUser="20000"}
args:
executable: cmd
# first we need to fix SSL connections with the hotfix
- include_role:
name: "{{ windows_hotfix_role }}"
vars:
hotfix: "{{ win2008_hotfixes[0] }}"
- include_tasks: install_dism.yml
# enable TLS 1.2 with an hotfix
- include_role:
name: "{{ windows_hotfix_role }}"
vars:
hotfix: "{{ win2008_hotfixes[1] }}"
when: "'Windows Server 2008' in ansible_distribution or 'Windows 7' in ansible_distribution"
- include_tasks: enable-tlsv12.yml
- include_tasks: enable_tlsv12.yml
- include_tasks: update-agent-win2008.yml
- include_tasks: update_agent_win2008.yml
when: "'Windows Server 2008' in ansible_distribution or 'Windows 7' in ansible_distribution"
- include_tasks: security-update-win2012.yml
when: "'Windows Server 2012' in ansible_distribution or 'Windows 8' in ansible_distribution"
- include_tasks: disable-auto-logon.yml
- include_role:
name: "{{ windows_update_role }}"
name: "{{ windows_hotfix_role }}"
loop: "{{ win2012_hotfixes[os_version_name | default('os_6_3')] }}"
loop_control:
loop_var: hotfix
when: "'Windows Server 2012' in ansible_distribution or 'Windows 8' in ansible_distribution"
- include_tasks: disable_auto_logon.yml
- block:
- include_role:
name: "{{ windows_configure_update_role }}"
vars:
role_action: register
wsus_server: "{{ win_update_server }}"
register_with_wsus: true
when: win_update_server | length > 0
- include_role:
name: "{{ windows_update_role }}"
vars:
win_update_server_selection: "{{ 'managed_server' if (win_update_server | length > 0) else 'default' }}"
always:
- include_role:
name: "{{ windows_configure_update_role }}"
vars:
role_action: unregister
when: win_update_server | length > 0
when: install_updates | bool
- name: ensure windows update service stopped and disabled
ansible.windows.win_service:
name: wuauserv
state: stopped
start_mode: disabled
ignore_errors: true
- include_role:
name: "{{ ovirt_guest_agent_role }}"
when: target_ovirt | bool and not target_qemu | bool
- include_role:
name: "{{ virtio_role }}"
when: target_qemu | bool or ('KubeVirt' in ansible_system_vendor | default(''))
when: target_qemu | bool or ('KubeVirt' in (ansible_system_vendor | default('', true)))
- include_role:
name: "{{ virtualbox_guest_additions_role }}"
when: "'VirtualBox' in ansible_product_name"
when: ('VirtualBox' in (ansible_product_name | default('', true)))
- include_role:
name: "{{ vmware_tools_role }}"
when: "'VMware' in ansible_product_name"
when: ('VMware' in (ansible_product_name | default('', true)))
- include_role:
name: "{{ parallels_tools_role }}"
when: ('Parallels' in (ansible_product_name | default('', true))) or (ansible_product_name == None and 'Parallels' in ansible_interfaces[0].interface_name)
- include_tasks: startup.yml
@@ -47,21 +100,21 @@
- include_tasks: power.yml
when: (ansible_os_product_type == 'workstation') | default(False)
- include_tasks: enable-rdp.yml
- include_tasks: enable_rdp.yml
- include_tasks: cloudbase-init.yml
when:
- "'VMware' not in ansible_product_name"
- "'VirtualBox' not in ansible_product_name"
- ('KubeVirt' not in ansible_system_vendor | default(False))
- ('Red Hat' not in ansible_system_vendor | default(False))
- ('VMware' not in (ansible_product_name | default('', true)))
- ('VirtualBox' not in (ansible_product_name | default('', true)))
- ('KubeVirt' not in (ansible_system_vendor | default('', true)))
- ('Red Hat' not in (ansible_system_vendor | default('', true))) or target_openstack | bool
- not target_ovirt | bool
- not target_vagrant | bool
- block:
- include_tasks: remove-apps-alt-2.yml
- include_tasks: remove_apps-alt-2.yml
- include_tasks: remove-onedrive.yml
- include_tasks: remove_onedrive.yml
when:
- remove_apps | bool
- (ansible_os_product_type == 'workstation') | default(False)
@@ -73,14 +126,21 @@
- name: run all handlers here
meta: flush_handlers
- include_tasks: clean-up-components.yml
- include_tasks: clean_up_components.yml
when: clean_up_components | bool
- include_tasks: clean-up.yml
- include_tasks: clean_up.yml
- include_tasks: sysprep.yml
- include_tasks: compact.yml
- name: ensure windows update service is enabled
ansible.windows.win_service:
name: wuauserv
state: stopped
start_mode: auto
ignore_errors: true
- include_tasks: shutdown.yml
when: shutdown_instance | bool
when: shutdown_instance | bool

57
roles/oatakan.windows_template_build/tasks/policy.yml
View File

@@ -9,17 +9,68 @@
type: dword
when: policy.allow_unauthenticated_guest_access|bool
# webdav support policy
- block:
- block:
- name: enable WebDAV-Redirector feature on Server (2016+)
win_feature:
name: WebDAV-Redirector
state: present
register: enable_webdav_redirector
when:
- ('Windows Server 2008' not in ansible_distribution)
- ('Windows Server 2012' not in ansible_distribution)
- name: enable Desktop-Experience feature on Server (2008-2012)
win_feature:
name: Desktop-Experience
state: present
register: enable_desktop_experience
when: ('Windows Server 2008' in ansible_distribution or 'Windows Server 2012' in ansible_distribution)
- name: reboot if needed
win_reboot:
when: (enable_webdav_redirector is changed and enable_webdav_redirector.reboot_required) or (enable_desktop_experience is changed and enable_desktop_experience.reboot_required)
when: (ansible_os_product_type | default('server')) == 'server'
- name: set webclient maximum file size
win_regedit:
path: HKLM:\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
name: FileSizeLimitinBytes
data: "{{ webclient_maximum_file_size }}"
type: dword
- name: ensure webclient service is started in auto mode
win_service:
name: webclient
start_mode: auto
state: started
when:
- policy.install_webclient_service|bool
- ansible_os_installation_type | default('server') | lower != 'server core'
- name: set connection profile to private (Windows 10)
win_shell: Set-NetConnectionProfile -NetworkCategory Private
when:
- "'Windows 10' in ansible_distribution"
- name: set connection profile to private (Windows 7)
win_shell: '{{ set_network_to_private }}'
win_shell: "{{ set_network_to_private }}"
when: "'Windows 7' in ansible_distribution"
- name: disable end of support notification (Windows 7,8)
win_regedit:
path: HKCU:\Software\Microsoft\Windows\CurrentVersion\EOSNotify
name: DiscontinueEOS
data: 1
type: dword
when:
- "'Windows 7' in ansible_distribution"
- (policy.disable_eos_reminder | default(true))|bool
- ('Windows 7' in ansible_distribution) or ('Windows 8' in ansible_distribution)
- name: Ensure local account password doesn't expire
win_user:
name: "{{ ansible_user }}"
password_never_expires: yes
password_never_expires: true

18
roles/oatakan.windows_template_build/tasks/power.yml
View File

@@ -1,6 +1,16 @@
---
- name: change power plan to high performance
win_power_plan:
name: high performance
ignore_errors: yes
- block:
- name: change power plan to high performance
win_power_plan:
name: high performance
rescue:
- name: use powershell to change plan to high performance
win_shell: |
powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
#powercfg /change monitor-timeout-ac 0
powercfg /change disk-timeout-ac 0
powercfg /change standby-timeout-ac 0
powercfg /change hibernate-timeout-ac 0
ignore_errors: true

96
roles/oatakan.windows_template_build/tasks/remove-apps-alt-2.yml
View File

@@ -1,96 +0,0 @@
---
- name: remove default apps
win_shell: |
$ErrorActionPreference = "Stop"
$apps = @(
"Microsoft.3DBuilder",
"Microsoft.Appconnector",
"Microsoft.BingFinance",
"Microsoft.BingNews",
"Microsoft.BingSports",
"Microsoft.BingWeather",
"Microsoft.FreshPaint",
"Microsoft.Getstarted",
"Microsoft.MicrosoftOfficeHub",
"Microsoft.MicrosoftSolitaireCollection",
"Microsoft.MicrosoftStickyNotes",
"Microsoft.Office.OneNote",
"Microsoft.OneConnect",
"Microsoft.People",
"Microsoft.SkypeApp",
"Microsoft.Windows.Photos",
"Microsoft.WindowsAlarms",
"Microsoft.WindowsCalculator",
"Microsoft.WindowsCamera",
"Microsoft.WindowsMaps",
"Microsoft.WindowsPhone",
"Microsoft.WindowsSoundRecorder",
"Microsoft.XboxApp",
"Microsoft.ZuneMusic",
"Microsoft.ZuneVideo",
"Microsoft.WindowsCommunicationsApps",
"Microsoft.MinecraftUWP",
"Microsoft.MicrosoftPowerBIForWindows",
"Microsoft.NetworkSpeedTest",
"Microsoft.CommsPhone",
"Microsoft.ConnectivityStore",
"Microsoft.Messaging",
"Microsoft.Office.Sway",
"Microsoft.OneConnect",
"Microsoft.WindowsFeedbackHub",
"Microsoft.BingFoodAndDrink",
"Microsoft.BingTravel",
"Microsoft.BingHealthAndFitness",
"Microsoft.WindowsReadingList",
"Microsoft.MSPaint",
"Microsoft.Microsoft3DViewer",
"Microsoft.Print3D",
"9E2F88E3.Twitter",
"PandoraMediaInc.29680B314EFC2",
"Flipboard.Flipboard",
"ShazamEntertainmentLtd.Shazam",
"king.com.CandyCrushSaga",
"king.com.CandyCrushSodaSaga",
"king.com.*",
"ClearChannelRadioDigital.iHeartRadio",
"4DF9E0F8.Netflix",
"6Wunderkinder.Wunderlist",
"Drawboard.DrawboardPDF",
"2FE3CB00.PicsArt-PhotoStudio",
"D52A8D61.FarmVille2CountryEscape",
"TuneIn.TuneInRadio",
"GAMELOFTSA.Asphalt8Airborne",
"TheNewYorkTimes.NYTCrossword",
"DB6EA5DB.CyberLinkMediaSuiteEssentials",
"Facebook.Facebook",
"flaregamesGmbH.RoyalRevolt2",
"Playtika.CaesarsSlotsFreeCasino",
"A278AB0D.MarchofEmpires",
"KeeperSecurityInc.Keeper",
"ThumbmunkeysLtd.PhototasticCollage",
"XINGAG.XING",
"89006A2E.AutodeskSketchBook",
"D5EA27B7.Duolingo-LearnLanguagesforFree",
"46928bounde.EclipseManager",
"ActiproSoftwareLLC.562882FEEB491"
)
foreach ($app in $apps) {
Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage -AllUsers
Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -like $app } | Remove-AppxProvisionedPackage -Online
}
register: cleanup_win10_remove
until: cleanup_win10_remove is successful
retries: 5
delay: 1
ignore_errors: yes
- name: prevent suggested applications from returning
win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content
name: DisableWindowsConsumerFeatures
data: 1
datatype: dword
- name: reboot to effect pending changes
win_reboot:

30
roles/oatakan.windows_template_build/tasks/remove-apps-alt.yml
View File

@@ -1,30 +0,0 @@
---
- name: remove user apps
script: RemoveUserApps.ps1
register: cleanup_win10_remove
until: cleanup_win10_remove is successful
retries: 3
delay: 1
ignore_errors: yes
#- name: disable windows store
# win_regedit:
# path: HKLM:\Software\Policies\Microsoft\WindowsStore
# name: AutoDownload
# data: 00000002
# type: dword
#
#- name: disable content delivery manager
# win_regedit:
# path: HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
# name: SilentInstalledAppsEnabled
# data: 00000000
# type: dword
#
#- name: disable windows store
# win_regedit:
# path: HKLM:\Software\Policies\Microsoft\Windows\CloudContent
# name: DisableWindowsConsumerFeatures
# data: 00000001
# type: dword

97
roles/oatakan.windows_template_build/tasks/remove-apps.yml
View File

@@ -1,97 +0,0 @@
---
- name: Setup the xWebAdministration module
win_psmodule:
name: DSCR_AppxPackage
state: present
- name: remove packages
win_dsc:
resource_name: cAppxProvisionedPackageSet
Ensure: Absent
PackageName:
- Microsoft.3DBuilder
- Microsoft.Appconnector
- Microsoft.BingFinance
- Microsoft.BingNews
- Microsoft.BingSports
- Microsoft.BingWeather
- Microsoft.FreshPaint
- Microsoft.Getstarted
- Microsoft.MicrosoftOfficeHub
- Microsoft.MicrosoftSolitaireCollection
- Microsoft.MicrosoftStickyNotes
- Microsoft.Office.OneNote
- Microsoft.OneConnect
- Microsoft.People
- Microsoft.SkypeApp
- Microsoft.Windows.Photos
- Microsoft.WindowsAlarms
- Microsoft.WindowsCalculator
- Microsoft.WindowsCamera
- Microsoft.WindowsMaps
- Microsoft.WindowsPhone
- Microsoft.WindowsSoundRecorder
- Microsoft.XboxApp
- Microsoft.ZuneMusic
- Microsoft.ZuneVideo
- Microsoft.WindowsCommunicationsApps
- Microsoft.MinecraftUWP
- Microsoft.MicrosoftPowerBIForWindows
- Microsoft.NetworkSpeedTest
- Microsoft.CommsPhone
- Microsoft.ConnectivityStore
- Microsoft.Messaging
- Microsoft.Office.Sway
- Microsoft.OneConnect
- Microsoft.WindowsFeedbackHub
- Microsoft.BingFoodAndDrink
- Microsoft.BingTravel
- Microsoft.BingHealthAndFitness
- Microsoft.WindowsReadingList
- Microsoft.MSPaint
- Microsoft.Microsoft3DViewer
- Microsoft.Print3D
- 9E2F88E3.Twitter
- PandoraMediaInc.29680B314EFC2
- Flipboard.Flipboard
- ShazamEntertainmentLtd.Shazam
- king.com.CandyCrushSaga
- king.com.CandyCrushSodaSaga
- king.com.*
- ClearChannelRadioDigital.iHeartRadio
- 4DF9E0F8.Netflix
- 6Wunderkinder.Wunderlist
- Drawboard.DrawboardPDF
- 2FE3CB00.PicsArt-PhotoStudio
- D52A8D61.FarmVille2CountryEscape
- TuneIn.TuneInRadio
- GAMELOFTSA.Asphalt8Airborne
- TheNewYorkTimes.NYTCrossword
- DB6EA5DB.CyberLinkMediaSuiteEssentials
- Facebook.Facebook
- flaregamesGmbH.RoyalRevolt2
- Playtika.CaesarsSlotsFreeCasino
- A278AB0D.MarchofEmpires
- KeeperSecurityInc.Keeper
- ThumbmunkeysLtd.PhototasticCollage
- XINGAG.XING
- 89006A2E.AutodeskSketchBook
- D5EA27B7.Duolingo-LearnLanguagesforFree
- 46928bounde.EclipseManager
- ActiproSoftwareLLC.562882FEEB491-
register: cleanup_win10_remove
until: cleanup_win10_remove is successful
retries: 3
delay: 1
ignore_errors: yes
- name: prevent suggested applications from returning
win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content
name: DisableWindowsConsumerFeatures
data: 1
datatype: dword
- name: reboot to effect pending changes
win_reboot:

33
roles/oatakan.windows_template_build/tasks/remove-onedrive.yml
View File

@@ -1,33 +0,0 @@
---
- name: kill onedrive process
win_shell: Stop-Process -Name OneDrive
ignore_errors: yes
- name: uninstall onedrive
win_shell: '{{ ansible_env.SystemRoot }}\SysWOW64\OneDriveSetup.exe /uninstall'
ignore_errors: yes
- name: remove onedrivesync package
win_shell: get-appxpackage *Microsoft.OneDriveSync* | remove-appxpackage -AllUsers
ignore_errors: yes
- name: remove onedrive directories
win_file:
path: '{{ item }}'
state: absent
ignore_errors: yes
loop:
- '{{ ansible_env.USERPROFILE }}\OneDrive'
- '{{ ansible_env.LOCALAPPDATA }}\Microsoft\OneDrive'
- '{{ ansible_env.ProgramData }}\Microsoft OneDrive'
- C:\OneDriveTemp
- name: delete registry keys
win_regedit:
path: '{{ item }}'
state: absent
delete_key: yes
loop:
- HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}
- HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}

38
roles/oatakan.windows_template_build/tasks/security-update-win2012.yml
View File

@@ -1,38 +0,0 @@
---
# this update is needed to enable .NET clients to use https (tslv12) on Windows 8.1 and Windows Server 2012 R2
# see https://www.microsoft.com/en-us/download/confirmation.aspx?id=42883
- name: download hotfix
win_get_url:
url: '{{ dot_net_security_hotfix.url }}'
dest: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }}'
register: download_hotfix
until: download_hotfix is success
delay: 3
retries: 5
- block:
- name: install hotfix (PS >= 4)
win_hotfix:
source: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }}'
state: present
register: hotfix_install
when: ansible_powershell_version is version('4', '>=')
rescue:
- name: install hotfix using shell
win_shell: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }} /quiet /norestart'
register: hotfix_install
- name: install hotfix (PS == 3)
win_shell: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }} /quiet /norestart'
register: hotfix_install
when: ansible_powershell_version is version('3', '==')
- name: ensure hotfix file is removed
win_file:
path: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }}'
state: absent
- name: reboot if needed
win_reboot:
when: hotfix_install.reboot_required | default(False)

2
roles/oatakan.windows_template_build/tasks/shutdown.yml
View File

@@ -2,4 +2,4 @@
- name: run sysprep-shutdown scheduled task
win_shell: schtasks.exe /Run /TN "sysprep-shutdown"
ignore_errors: yes
ignore_errors: true

22
roles/oatakan.windows_template_build/tasks/sysprep.yml
View File

@@ -16,8 +16,8 @@
state: directory
- name: enable winrm
win_shell: '& $([scriptblock]::Create((New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"))) -ForceNewSSLCert -EnableCredSSP'
ignore_errors: yes
win_shell: '{{ enable_winrm_command }}'
ignore_errors: true
when: "'Windows Server 2008' in ansible_distribution or 'Windows 7' in ansible_distribution"
- name: copy unattend.xml
@@ -25,9 +25,9 @@
src: unattend.xml.j2
dest: C:\Windows\system32\sysprep\unattend.xml
when:
- ('VMware' not in ansible_product_name) or ('VMware' in ansible_product_name and target_vagrant | bool)
- ('VMware' not in (ansible_product_name | default('', true))) or ('VMware' in (ansible_product_name | default('', true)) and target_vagrant | bool)
- not target_ovirt | bool
- not ('KubeVirt' in ansible_system_vendor | default(''))
- not ('KubeVirt' in ansible_system_vendor | default('', true))
#- name: run sysprep
# win_shell: C:\Windows\system32\sysprep\sysprep.exe /generalize /shutdown /oobe /quiet
@@ -40,32 +40,32 @@
win_scheduled_task:
name: sysprep-shutdown
username: SYSTEM
disallow_start_if_on_batteries: no
stop_if_going_on_batteries: no
disallow_start_if_on_batteries: false
stop_if_going_on_batteries: false
actions:
- path: powershell.exe
arguments: Remove-Item -Path WSMan:\localhost\Listener\* -Recurse -Force
- path: C:\windows\system32\sysprep\sysprep.exe
arguments: /generalize /oobe /quiet /shutdown
when:
- ('VMware' not in ansible_product_name) or ('VMware' in ansible_product_name and target_vagrant | bool) or (target_ovirt | bool) or ('KubeVirt' in ansible_system_vendor | default(''))
- ('VMware' not in (ansible_product_name | default('', true))) or ('VMware' in (ansible_product_name | default('', true)) and target_vagrant | bool) or (target_ovirt | bool) or ('KubeVirt' in ansible_system_vendor | default(''))
- name: create scheduled task to delete WinRM listeners and shutdown
win_scheduled_task:
name: sysprep-shutdown
username: SYSTEM
disallow_start_if_on_batteries: no
stop_if_going_on_batteries: no
disallow_start_if_on_batteries: false
stop_if_going_on_batteries: false
actions:
- path: powershell.exe
arguments: Remove-Item -Path WSMan:\localhost\Listener\* -Recurse -Force
- path: shutdown.exe
arguments: /s /t 10 /f /d p:4:1 /c "Ansible Shutdown"
when:
- "'VMware' in ansible_product_name"
- ('VMware' in (ansible_product_name | default('', true)))
- not target_vagrant | bool
- not target_ovirt | bool
- not ('KubeVirt' in ansible_system_vendor | default(''))
- not ('KubeVirt' in (ansible_system_vendor | default('', true)))
- name: set flag to recreate pagefile after next sysprep
win_shell: |

13
roles/oatakan.windows_template_build/tasks/update-agent-win2008.yml
View File

@@ -1,13 +0,0 @@
---
# this updates windows update which is needed to install further updates
# see https://docs.microsoft.com/en-US/troubleshoot/windows-client/deployment/update-windows-update-agent
- name: ensure Windows Update Agent on 2008 is installed
win_package:
path: "{{ windows_update_agent_url }}"
arguments:
- /quiet
- /norestart
- /wuforce
creates_path: C:\Windows\System32\wuaueng.dll
creates_version: 7.6.7600.320