> For the complete documentation index, see [llms.txt](https://icybersec.gitbook.io/soc/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://icybersec.gitbook.io/soc/2-wazuh-an-zhuang-pei-zhi/2.6-ansible-pi-liang-bu-shu/2.6.2-ansible-windows-an-zhuang.md).

# 2.6.2 ansible windows安装

windows系统安装wazuh代理端是使用windows2008系统，但是它默认没有.NET 4.5的版本，因为使用ansible与windows2008系统进行通信，需要安装一些软件服务、启动一些脚本，所以前提是需要安装微软.NET 4.5。

下载地址：

```
http://download.microsoft.com/download/B/A/4/BA4A7E71-2906-4B2D-A0E1-80CF16844F5F/dotNetFx45_Full_x86_x64.exe
```

![](/files/-Md6mPTecDSPelbI2PID)

查看Powershell版本

```
PS C:\Users\Administrator> get-host

Name             : ConsoleHost
Version          : 2.0
InstanceId       : a664faa2-3825-46c4-8869-312eb849add7
UI               : System.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture   : zh-CN
CurrentUICulture : zh-CN
PrivateData      : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
IsRunspacePushed : False
Runspace         : System.Management.Automation.Runspaces.LocalRunspace
```

开启执行powershell脚本权限

```
PS C:\Users\Administrator> set-executionpolicy remotesigned

执行策略更改
执行策略可以防止您执行不信任的脚本。更改执行策略可能会使您面临 about_Execution_Policies
帮助主题中所述的安全风险。是否要更改执行策略?
[Y] 是(Y)  [N] 否(N)  [S] 挂起(S)  [?] 帮助 (默认值为“Y”): Y
```

需要将powershell版本更新为V3，更新脚本下载地址：

```
https://raw.githubusercontent.com/cchurch/ansible/devel/examples/scripts/upgrade_to_ps3.ps1
```

执行powershell更新脚本，执行完成之后就会自动重启系统。

![](/files/-Md73aBIRlUXKSDUibRw)

查看powershell脚本，发现版本已经更新V3.0。

```
PS D:\> get-host


Name             : ConsoleHost
Version          : 3.0
InstanceId       : 4bd1de40-3406-459d-bb06-4aa62e8e13be
UI               : System.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture   : zh-CN
CurrentUICulture : zh-CN
PrivateData      : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
IsRunspacePushed : False
Runspace         : System.Management.Automation.Runspaces.LocalRunspace
```

下载ansible windows远程配置powershell脚本，下载地址：

```
https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
```

运行脚本：ConfigureRemotingForAnsible.ps1

![](/files/-Md7CDttsDu-XKFdyA41)

开启win远程管理服务和配置服务

```
PS D:\> winrm qc
已在此计算机上运行 WinRM 服务。
在此计算机上设置了 WinRM 以进行远程管理。

PS D:\> winrm set winrm/config/service '@{AllowUnencrypted="true"}'  #配置验证
Service
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
    MaxConcurrentOperations = 4294967295
    MaxConcurrentOperationsPerUser = 1500
    EnumerationTimeoutms = 240000
    MaxConnections = 300
    MaxPacketRetrievalTimeSeconds = 120
    AllowUnencrypted = true
    Auth
        Basic = true
        Kerberos = true
        Negotiate = true
        Certificate = false
        CredSSP = false
        CbtHardeningLevel = Relaxed
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    IPv4Filter = *
    IPv6Filter = *
    EnableCompatibilityHttpListener = false
    EnableCompatibilityHttpsListener = false
    CertificateThumbprint
    AllowRemoteAccess = true

PS D:\> winrm set winrm/config/service/auth '@{Basic="true"}'  #配置加密方式为允许非加密
Auth
    Basic = true
    Kerberos = true
    Negotiate = true
    Certificate = false
    CredSSP = false
    CbtHardeningLevel = Relaxed
```

在PowerShell v3.0上运行时，WinRM服务存在一个错误，它限制了WinRM可用的内存量。如果未安装此修补程序，Ansible将无法在Windows主机上执行某些命令。

```
https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Install-WMF3Hotfix.ps1
```

安装脚本，完成之后就会自动重启系统。

![](/files/-Md6vo7w1q4sKmWjhs_p)

在自动部署服务器安装pywinrm库

```
[root@autodeploy playbooks]# pip install pywinrm
```

设置ansible Windows hosts记录

```
[root@autodeploy playbooks]# cat /etc/ansible/hosts 
[windows]
192.168.1.102

[windows:vars]
ansible_user='Administrator'
ansible_password="abcABC123"
ansible_ssh_port=5985
ansible_connection='winrm'
ansible_winrm_server_cert_validation=ignore

```

验证ansible是否可以连接到Windows服务器

```
[root@autodeploy playbooks]# ansible windows -m win_ping
192.168.1.102 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
```

使用ansible安装wazuh代理端

![](/files/-Md7E4KFbFO9BXjHlcpt)
