# 2.6.2 ansible windows安装

windows系统安装wazuh代理端是使用windows2008系统，但是它默认没有.NET 4.5的版本，因为使用ansible与windows2008系统进行通信，需要安装一些软件服务、启动一些脚本，所以前提是需要安装微软.NET 4.5。

下载地址：

```
http://download.microsoft.com/download/B/A/4/BA4A7E71-2906-4B2D-A0E1-80CF16844F5F/dotNetFx45_Full_x86_x64.exe
```

![](/files/-Md6mPTecDSPelbI2PID)

查看Powershell版本

```
PS C:\Users\Administrator> get-host

Name             : ConsoleHost
Version          : 2.0
InstanceId       : a664faa2-3825-46c4-8869-312eb849add7
UI               : System.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture   : zh-CN
CurrentUICulture : zh-CN
PrivateData      : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
IsRunspacePushed : False
Runspace         : System.Management.Automation.Runspaces.LocalRunspace
```

开启执行powershell脚本权限

```
PS C:\Users\Administrator> set-executionpolicy remotesigned

执行策略更改
执行策略可以防止您执行不信任的脚本。更改执行策略可能会使您面临 about_Execution_Policies
帮助主题中所述的安全风险。是否要更改执行策略?
[Y] 是(Y)  [N] 否(N)  [S] 挂起(S)  [?] 帮助 (默认值为“Y”): Y
```

需要将powershell版本更新为V3，更新脚本下载地址：

```
https://raw.githubusercontent.com/cchurch/ansible/devel/examples/scripts/upgrade_to_ps3.ps1
```

执行powershell更新脚本，执行完成之后就会自动重启系统。

![](/files/-Md73aBIRlUXKSDUibRw)

查看powershell脚本，发现版本已经更新V3.0。

```
PS D:\> get-host


Name             : ConsoleHost
Version          : 3.0
InstanceId       : 4bd1de40-3406-459d-bb06-4aa62e8e13be
UI               : System.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture   : zh-CN
CurrentUICulture : zh-CN
PrivateData      : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
IsRunspacePushed : False
Runspace         : System.Management.Automation.Runspaces.LocalRunspace
```

下载ansible windows远程配置powershell脚本，下载地址：

```
https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
```

运行脚本：ConfigureRemotingForAnsible.ps1

![](/files/-Md7CDttsDu-XKFdyA41)

开启win远程管理服务和配置服务

```
PS D:\> winrm qc
已在此计算机上运行 WinRM 服务。
在此计算机上设置了 WinRM 以进行远程管理。

PS D:\> winrm set winrm/config/service '@{AllowUnencrypted="true"}'  #配置验证
Service
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
    MaxConcurrentOperations = 4294967295
    MaxConcurrentOperationsPerUser = 1500
    EnumerationTimeoutms = 240000
    MaxConnections = 300
    MaxPacketRetrievalTimeSeconds = 120
    AllowUnencrypted = true
    Auth
        Basic = true
        Kerberos = true
        Negotiate = true
        Certificate = false
        CredSSP = false
        CbtHardeningLevel = Relaxed
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    IPv4Filter = *
    IPv6Filter = *
    EnableCompatibilityHttpListener = false
    EnableCompatibilityHttpsListener = false
    CertificateThumbprint
    AllowRemoteAccess = true

PS D:\> winrm set winrm/config/service/auth '@{Basic="true"}'  #配置加密方式为允许非加密
Auth
    Basic = true
    Kerberos = true
    Negotiate = true
    Certificate = false
    CredSSP = false
    CbtHardeningLevel = Relaxed
```

在PowerShell v3.0上运行时，WinRM服务存在一个错误，它限制了WinRM可用的内存量。如果未安装此修补程序，Ansible将无法在Windows主机上执行某些命令。

```
https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Install-WMF3Hotfix.ps1
```

安装脚本，完成之后就会自动重启系统。

![](/files/-Md6vo7w1q4sKmWjhs_p)

在自动部署服务器安装pywinrm库

```
[root@autodeploy playbooks]# pip install pywinrm
```

设置ansible Windows hosts记录

```
[root@autodeploy playbooks]# cat /etc/ansible/hosts 
[windows]
192.168.1.102

[windows:vars]
ansible_user='Administrator'
ansible_password="abcABC123"
ansible_ssh_port=5985
ansible_connection='winrm'
ansible_winrm_server_cert_validation=ignore

```

验证ansible是否可以连接到Windows服务器

```
[root@autodeploy playbooks]# ansible windows -m win_ping
192.168.1.102 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
```

使用ansible安装wazuh代理端

![](/files/-Md7E4KFbFO9BXjHlcpt)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://icybersec.gitbook.io/soc/2-wazuh-an-zhuang-pei-zhi/2.6-ansible-pi-liang-bu-shu/2.6.2-ansible-windows-an-zhuang.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.