AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Windows: Complete Guide to Windows Automation (2026)

By Luca Berton · Published 2024-01-01 · Category: installation

Complete guide to using Ansible with Windows. Configure WinRM, run PowerShell, manage Windows services, registry, and users with Ansible modules and examples.

Ansible is a versatile automation tool that works seamlessly across Linux, macOS, and Windows systems. This article explores how Ansible can automate tasks on Windows, its requirements, and common use cases.

Can Ansible Work on Windows?

Yes, Ansible can manage and automate Windows systems. While Ansible traditionally targets Linux systems, its support for Windows has grown significantly. Using WinRM (Windows Remote Management) or SSH, Ansible communicates with Windows machines to perform various administrative tasks.

See also: Can Ansible Manage Windows? Complete Windows Automation Guide

Setting Up Ansible for Windows

To manage Windows with Ansible, follow these steps:

1. Configure the Windows Host

Enable WinRM on the Windows machine. This allows Ansible to communicate with the system.

Steps to Enable WinRM:

• Open PowerShell as Administrator. • Run the following command to enable basic authentication: 
winrm quickconfig
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
• Add the Ansible control node's IP to the trusted hosts: 
Set-Item wsman:\localhost\Client\TrustedHosts -Value "<Ansible_Control_Node_IP>"

2. Install Required Modules

Ensure the pywinrm Python library is installed on the Ansible control node: 
pip install pywinrm

3. Update the Inventory

Define the Windows host in the Ansible inventory file: 
[windows]
windows_host ansible_host=192.168.1.10 ansible_user=Administrator ansible_password=your_password ansible_connection=winrm

Ansible Modules for Windows

Ansible provides a rich set of modules specifically for Windows automation:

Common Windows Modules

win_service: Manage Windows services. 
   - name: Ensure IIS service is running
     win_service:
       name: W3SVC
       state: started
win_package: Install or uninstall Windows packages. 
   - name: Install Google Chrome
     win_package:
       path: "https://dl.google.com/chrome/install/GoogleChromeStandaloneEnterprise.msi"
win_user: Manage Windows user accounts. 
   - name: Create a new user
     win_user:
       name: ansible_user
       password: StrongPassword123!
       state: present
win_file: Manage file and directory properties. 
   - name: Ensure a directory exists
     win_file:
       path: C:\Temp
       state: directory
win_shell: Run shell commands on Windows. 
   - name: Run a PowerShell command
     win_shell: Get-Service

See also: Can Ansible Automate Windows? Complete WinRM + SSH Setup Guide (2026)

Use Cases for Ansible on Windows

Software Installation and Updates: Automate the deployment of applications, patches, and updates. Service Management: Ensure critical services are running and properly configured. User and Group Management: Create, update, or delete user accounts and groups. File and Directory Management: Copy, delete, or manage file permissions. Security and Compliance: Enforce policies, configure firewalls, and apply security baselines.

Best Practices for Windows Automation with Ansible

Secure Credentials: Use Ansible Vault to encrypt passwords and sensitive data. • Use Roles: Organize tasks into reusable roles for better maintainability. • Test on Non-Production Systems: Validate playbooks in a test environment before applying to production.

See also: Can Ansible Be Used to Manage Windows Systems?

Conclusion

Ansible's support for Windows makes it a powerful tool for cross-platform automation. By leveraging Ansible's modules and playbooks, you can automate Windows systems just as easily as Linux, simplifying infrastructure management.

Learn More About Managing Windows with Ansible

How Ansible Manages Windows

Ansible connects to Windows via WinRM (Windows Remote Management) or SSH (OpenSSH on Windows):

# inventory.yml
windows:
  hosts:
    win-server1:
      ansible_host: 192.168.1.50
      ansible_user: Administrator
      ansible_password: "{{ vault_win_password }}"
      ansible_connection: winrm
      ansible_winrm_transport: ntlm
      ansible_winrm_server_cert_validation: ignore

Enable WinRM on Windows

# Run on Windows host (as Administrator)
winrm quickconfig
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'

# Or use the Ansible setup script
Invoke-WebRequest -Uri https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile configure.ps1
.\configure.ps1

Windows Modules

# Install software
- ansible.windows.win_package:
    path: https://example.com/installer.msi
    product_id: '{12345-ABCDE}'
    state: present

# Manage services
- ansible.windows.win_service:
    name: W3SVC
    state: started
    start_mode: auto


# Copy files
- ansible.windows.win_copy:
    src: files/config.xml
    dest: C:\MyApp\config.xml


# Run PowerShell
- ansible.windows.win_shell: |
    Get-Process | Where-Object { $_.CPU -gt 100 }
  register: procs


# Manage registry
- ansible.windows.win_regedit:
    path: HKLM:\SOFTWARE\MyApp
    name: InstallPath
    data: C:\MyApp
    type: string


# Windows features
- ansible.windows.win_feature:
    name: Web-Server
    state: present
    include_management_tools: true

Key Windows Collections

| Collection | Modules | |-----------|---------| | ansible.windows | Core Windows modules | | community.windows | Extended Windows modules | | microsoft.ad | Active Directory | | chocolatey.chocolatey | Package management |

Windows vs Linux Module Mapping

| Linux | Windows | |-------|---------| | copy | win_copy | | file | win_file | | command | win_command | | shell | win_shell | | service | win_service | | user | win_user | | stat | win_stat | | package | win_package | | template | win_template |

FAQ

Can I run Ansible FROM Windows?

Ansible controller must run on Linux/macOS. On Windows, use WSL2 (Windows Subsystem for Linux).

WinRM vs SSH — which should I use?

WinRM is the standard and supports all Windows modules. SSH (via OpenSSH) works but has limitations. Use WinRM for production.

Does Ansible need an agent on Windows?

No — Ansible is agentless. It connects over WinRM/SSH and runs PowerShell remotely.

How Ansible Connects to Windows

Ansible uses WinRM (Windows Remote Management) instead of SSH to manage Windows hosts.

# inventory.yml
windows:
  hosts:
    win1:
      ansible_host: 192.168.1.20
  vars:
    ansible_connection: winrm
    ansible_user: Administrator
    ansible_password: "{{ vault_win_password }}"
    ansible_winrm_transport: ntlm
    ansible_port: 5986
    ansible_winrm_server_cert_validation: ignore

Enable WinRM on Windows

# Run as Administrator on Windows host
Enable-PSRemoting -Force
winrm quickconfig -q
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'

# For HTTPS (recommended for production)
$cert = New-SelfSignedCertificate -DnsName "hostname" -CertStoreLocation "cert:\LocalMachine\My"
winrm create winrm/config/Listener?Address=*+Transport=HTTPS "@{Hostname=`"hostname`";CertificateThumbprint=`"$($cert.Thumbprint)`"}"

Install pywinrm on Controller

pip install pywinrm
# Verify
ansible win1 -m win_ping

Common Windows Modules

# Install software
- ansible.windows.win_package:
    path: https://example.com/installer.msi
    state: present

# Manage services
- ansible.windows.win_service:
    name: nginx
    state: started
    start_mode: auto


# Registry
- ansible.windows.win_regedit:
    path: HKLM:\SOFTWARE\MyApp
    name: Version
    data: "2.0"
    type: string


# Copy files
- ansible.windows.win_copy:
    src: files/config.xml
    dest: C:\MyApp\config.xml


# Run PowerShell
- ansible.windows.win_powershell:
    script: |
      Get-Process | Where-Object { $_.CPU -gt 100 }
  register: ps_result


# Manage users
- ansible.windows.win_user:
    name: deploy
    password: "{{ vault_deploy_pass }}"
    groups: Administrators
    state: present


# Windows features
- ansible.windows.win_feature:
    name: Web-Server
    state: present
    include_sub_features: true

Chocolatey Packages

- ansible.windows.win_chocolatey:
    name:
      - git
      - vscode
      - python3
    state: present

Windows Update

- ansible.windows.win_updates:
    category_names:
      - SecurityUpdates
      - CriticalUpdates
    reboot: true
  register: update_result

File Management

# Create directory
- ansible.windows.win_file:
    path: C:\MyApp\logs
    state: directory

# Template
- ansible.windows.win_template:
    src: web.config.j2
    dest: C:\MyApp\web.config


# Permissions
- ansible.windows.win_acl:
    path: C:\MyApp
    user: deploy
    rights: FullControl
    type: allow

Key Windows Collections

| Collection | Purpose | |-----------|---------| | ansible.windows | Core Windows modules | | community.windows | Extended Windows modules | | chocolatey.chocolatey | Chocolatey package management | | microsoft.ad | Active Directory |

Ansible on Windows as Controller?

Ansible control node does not run natively on Windows. Options: • WSL2 (Windows Subsystem for Linux) — recommended • Docker container • Linux VM

FAQ

Can I use SSH instead of WinRM?

Yes — Windows 10+ has OpenSSH. Set ansible_connection: ssh and ansible_shell_type: powershell. WinRM is still more mature for Windows automation.

Does Ansible support Active Directory?

Yes — the microsoft.ad collection manages AD users, groups, OUs, GPOs, and domain joins.

Can I manage IIS with Ansible?

Yes — use win_feature to install IIS and win_iis_* modules from community.windows to manage sites and app pools.

Related Articles

the Ansible Vault walkthroughhow Ansible inventory worksthe Ansible roles overviewthe Ansible Windows reference

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home